all things security
Showing 1 - 25 of 40 RSS Feed

Files Date: 2009-10-15

Ubuntu Security Notice 849-1
Posted Oct 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 849-1 - Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a user or automated system processed a crafted VOC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Erik de Castro Lopo discovered a similar heap-based buffer overflow when processing AIFF files. If a user or automated system processed a crafted AIFF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1788, CVE-2009-1791
MD5 | 2eb4f036b698e2647dd545a94a3a6874
Spider Solitaire Local Crash
Posted Oct 15, 2009
Authored by SirGod

Spider Solitaire local crash proof of concept exploit for Windows XP SP2.

tags | exploit, local, proof of concept
systems | windows, xp
MD5 | cd0e6c2fb6d427fee9e324cda7c58cdb
Mandriva Linux Security Advisory 2009-279
Posted Oct 15, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-279 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. This update fixes this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-2942
MD5 | c09ef0ea7fb584ad2b40cd0d168b514f
Snitz Forums 2000 3.4.07 Cross Site Scripting
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 723dc377285c76b63c7e551c10519663
Millenium MP3 Studio 2.0 Stack Overflow
Posted Oct 15, 2009
Authored by dellnull

Millenium MP3 Studio version 2.0 local stack overflow universal exploit that creates a malicious .m3u file.

tags | exploit, overflow, local
MD5 | 71857812ae29ca4ac79e965f043926ed
Mongoose Web Server 2.8.0 Source Disclosure
Posted Oct 15, 2009
Authored by Dr_IDE

Mongoose Web Server versions 2.8.0 and below suffer from a remote source disclosure vulnerability.

tags | exploit, remote, web, info disclosure
MD5 | e45c1d7995171e847da6c87374403d09
Eclipse BIRT 2.2.1 Cross Site Scripting
Posted Oct 15, 2009
Authored by euronymous

Eclipse BIRT versions 2.2.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 81d8a19633ed901c8d14f8ccc2ffc970
Pentaho 1.7.0.1062 XSS / Disclosure
Posted Oct 15, 2009
Authored by euronymous

Pentaho version 1.7.0.1062 and below suffer from cross site scripting and disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7657af02b25405d624bc4c3b68b2d6a7
iDEFENSE Security Advisory 2009-10-13.4
Posted Oct 15, 2009
Authored by iDefense Labs, Marsu | Site idefense.com

iDefense Security Advisory 10.13.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer. iDefense has confirmed the existence of this vulnerability in Office XP SP3.

tags | advisory, remote, arbitrary
advisories | CVE-2009-2528
MD5 | 8ea7e312c9afa8c79588a783d3993de0
iDEFENSE Security Advisory 2009-10-13.3
Posted Oct 15, 2009
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 10.13.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Windows GDI+ could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing a malformed TIFF file. By supplying incorrect values in a BitsPerSample tag, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Windows XP Service Pack 2. Please see the Microsoft bulletin for additional details on affected software.

tags | advisory, remote, overflow, arbitrary
systems | windows, xp
advisories | CVE-2009-2502
MD5 | 037a2ae7e6363cd67887b56ed4afdfbf
Debian Linux Security Advisory 1911-1
Posted Oct 15, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1911-1 - It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string(), which takes the database connection as a first argument. The old function escape_string() has been preserved as well for backwards compatibility.

tags | advisory, python
systems | linux, debian
advisories | CVE-2009-2940
MD5 | e01d58703736dd87e1d90d81fb2fb0ea
Debian Linux Security Advisory 1910-1
Posted Oct 15, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1910-1 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2942
MD5 | 9ae17bf694711a61bc7afa2eb04c65c0
Debian Linux Security Advisory 1909-1
Posted Oct 15, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1909-1 - It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2943
MD5 | 4f09f7a21b542f9b12bcaa442f1ca6e6
MSIE Content-Encoding: Deflate Memory Corruption
Posted Oct 15, 2009
Authored by SkyLined

Microsoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability.

tags | exploit
advisories | CVE-2009-1547
MD5 | e2a3f882080bbfa378aec3962dbf2701
Adobe Objects Memory Corruption
Posted Oct 15, 2009
Authored by SkyLined

Various reproduction code that demonstrates memory corruption when loading/unloading Adobe objects through an EMBED tag in Firefox.

tags | exploit
advisories | CVE-2009-2983
MD5 | e46dbb863f26ab68d37f398a2bc2de61
Secunia Security Advisory 37023
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
MD5 | 13c9fd38c23106429b7c310a9f2e1c9a
Secunia Security Advisory 37034
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
MD5 | 12160df3f77b0853e532933f42d508ff
Secunia Security Advisory 37047
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mysql-ocaml. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
systems | linux, debian
MD5 | 70c992a7d8832db3592145ef0faa372c
Secunia Security Advisory 37048
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for postgresql-ocaml. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
systems | linux, debian
MD5 | 4d58152435d731bf85c6102eb5fd4b1a
Secunia Security Advisory 37046
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for pygresql. This fixes a weakness, which can potentially cause SQL injection vulnerabilities

tags | advisory, vulnerability, sql injection
systems | linux, debian
MD5 | ec9b45db28cd8689ac2e57b41000f020
Secunia Security Advisory 37060
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Organic Groups Vocabulary module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 16dacff11653287576278b31c9d25045
Secunia Security Advisory 37021
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Webform module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | 773c736ff49298be5654553adaa77efb
Secunia Security Advisory 37020
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in bloofoxCMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 602a4a6e33d61aef8a5ddb93f9af522a
Secunia Security Advisory 37058
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the RealName module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 599de9be4b6fad80c3bc935b18261743
Secunia Security Advisory 37014
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Dr_IDE has discovered a vulnerability in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
MD5 | 71d8d76f84527f6902842cada4b11d66
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    23 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close