what you don't know can hurt you
Showing 1 - 25 of 61 RSS Feed

Files Date: 2009-10-12

Redcat Media SQL Injection
Posted Oct 12, 2009
Authored by s4va | Site s4vaworld.uni.cc

Redcat Media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 34da6a28e1d79e51cefbc18a31602273
ProFTPd 1.3.0 mod_ctrls Local Root Exploit
Posted Oct 12, 2009
Authored by Michael Domberg | Site devtarget.org

ProFTPd version 1.3.0 mod_ctrls local stack overflow root exploit that binds a shell to port 19091.

tags | exploit, overflow, shell, local, root
MD5 | 7ae33616bc34fe84beb8bf9728dd2540
Community Translate Remote File Inclusion
Posted Oct 12, 2009
Authored by NoGe

Community Translate suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 04a576e2167e9a0bd8ff2503d9f43517
Dazzle Blast Remote File Inclusion
Posted Oct 12, 2009
Authored by NoGe

Dazzle Blast suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 233f8b8d9b59e7e83ec1c17658496aa3
Femitter HTTP Server 1.03 Source Disclosure
Posted Oct 12, 2009
Authored by Dr_IDE

Femitter HTTP Server version 1.03 suffers from a remote source disclosure vulnerability.

tags | exploit, remote, web, info disclosure
MD5 | 58995d4bdfc75490df8c92fb56f7bf42
httpdx 1.4.4 Source Disclosure
Posted Oct 12, 2009
Authored by Dr_IDE

httpdx versions 1.4.4 and below suffer from a remote source disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 385ccfa570f00b7c9bf73ea59f9a9d9a
Debian Linux Security Advisory 1906-1
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1906-1 - Security support for clamav, an anti-virus utility for Unix, has been discontinued for the stable distribution (lenny) and the oldstable distribution (etch). Clamav Upstream has stopped supporting the releases in etch and lenny. Also, it is not easily possible to receive signature updates for the virus scanner with our released versions anymore. We recommend that all clamav users consider switching to the version in debian-volatile, which receives regular updates and security support on a best effort basis.

tags | advisory, virus
systems | linux, unix, debian
MD5 | 7a97788b46042a16e5295bd1aa93e8bd
Debian Linux Security Advisory 1905-1
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1905-1 - The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library.

tags | advisory, web, denial of service, python
systems | linux, debian
MD5 | 4c38a44737a4a238a59b2ba974aa59bc
Debian Linux Security Advisory 1895-2
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1895-2 - In DSA-1895-1, the xmltooling package was updated to address several security issues. It turns out that the change related to SAML metadata processing for key constraints caused problems when applied without the matching changes in the opensaml2 and shibboleth-sp2 packages.

tags | advisory
systems | linux, debian
MD5 | 40a6ea5fbf796548c10a21aa6eb9b110
Simple Directory Listing Cross Site Scripting
Posted Oct 12, 2009
Authored by Amol Naik

Simple Directory Listing version 2.1_beta1 suffers a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c9e7416815ed2bfa1e44488fdf9b256a
Mandriva Linux Security Advisory 2009-272
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-272 - libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. This update fixes these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2007-6720, CVE-2009-0179
MD5 | a12892a137de0976aecb5d35a02de1aa
Mandriva Linux Security Advisory 2009-271
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-271 - nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. This update fixes this vulnerability.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2009-0125
MD5 | 098d157c2c195dc0241f4fa3ba51d3b8
Mandriva Linux Security Advisory 2009-270
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-270 - Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. This update fixes this vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3241
MD5 | 3dc1151335403edf02ef22215441693d
Mandriva Linux Security Advisory 2009-269
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-269 - The XML HMAC signature system in mono did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0217
MD5 | 1c8eb18c0fed98fd72c9b1dd9f7785ed
Mandriva Linux Security Advisory 2009-268
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-268 - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes these vulnerabilities.

tags | advisory, remote, web, arbitrary, vulnerability, xss, asp
systems | linux, mandriva
advisories | CVE-2008-3422, CVE-2009-0217
MD5 | f6d6fc58ffc5156a313ffdc48af0d51a
Mandriva Linux Security Advisory 2009-267
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-267 - A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. This update fixes this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0217
MD5 | 0d5ebbfebf23304c5b884b5d2cd6f615
Mandriva Linux Security Advisory 2009-266
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-266 - awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site this issue exists because of an incomplete fix for CVE-2008-3714. This update fixes this vulnerability.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2008-5080
MD5 | 26a9c93dc7d919274e3bb64821ec9191
Mandriva Linux Security Advisory 2009-265
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-265 - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. This update fixes this vulnerability.

tags | advisory, remote, php, protocol, xss
systems | linux, mandriva
advisories | CVE-2008-1502
MD5 | d68091a6014f6f7d818f14718af61d9e
Mandriva Linux Security Advisory 2009-264
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-264 - Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. The updated packages have been patched to prevent this.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2007-3996
MD5 | c697636d503db19a1545086fa52188c0
Mandriva Linux Security Advisory 2009-263
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-263 - sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. This update fixes this vulnerability.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-4476
MD5 | dcfd2f590fe40bab185377cb057f49aa
Ubuntu Security Notice 847-2
Posted Oct 12, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 847-2 - USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-2946
MD5 | 08e13577613e76e1bd25c703f33f151f
Security Notice For CA Anti-Virus Engine
Posted Oct 12, 2009
Authored by Ken Williams | Site www3.ca.com

CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, virus
advisories | CVE-2009-3587, CVE-2009-3588
MD5 | 6a53d55147b5fa77f13b592d7e5773c7
Netifera Tool Creation Platform 1.0 - Mac OS X
Posted Oct 12, 2009
Site netifera.com

Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. This is the Mac OS X release.

tags | tool
systems | unix, apple, osx
MD5 | 9cf6b48899621671ecc24136d29419cc
Netifera Tool Creation Platform 1.0 - Linux
Posted Oct 12, 2009
Site netifera.com

Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. This is the Linux release.

tags | tool
systems | linux, unix
MD5 | 1ae04313a904d71f73c3f407f5f1cfd7
EZsneezyCal CMS Remote File Inclusion
Posted Oct 12, 2009
Authored by kaMtiEz | Site indonesiancoder.com

EZsneezyCal CMS version 95.1 through 95.2 remote file inclusion exploit.

tags | exploit, remote, code execution, file inclusion
MD5 | 9356774662575bc6e3651174d7c20c6e
Page 1 of 3
Back123Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close