what you don't know can hurt you
Showing 1 - 25 of 53 RSS Feed

Files Date: 2009-10-23

/proc Filesystem Directory Permission Bypass
Posted Oct 23, 2009
Authored by Pavel Machek

It appears that manipulation of file descriptors via /proc can circumvent permissions on parent directories of the file.

tags | exploit
MD5 | 43ddfec3b4e663a94f8e7c784aeb31a8
HP Security Bulletin HPSBUX02466 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
MD5 | 7712102cc4871d06359e668b9b35fd26
HP Security Bulletin HPSBUX02465 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624
MD5 | 542dd2645cfbb001f79ef70d92474c78
Pegasus Mail Client Buffer Overflow
Posted Oct 23, 2009
Authored by Francis Provencher

Pegasus Mail Client version 4.51 suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.

tags | exploit, remote, denial of service, overflow, proof of concept
MD5 | 6b9040c53e0c1197f0131e4112e3e806
Eureka Mail Client Buffer Overflow
Posted Oct 23, 2009
Authored by Francis Provencher

Eureka Mail Client version 2.2q suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.

tags | exploit, remote, denial of service, overflow, proof of concept
MD5 | beb4542e9762edd2816a9576dae31553
Ubuntu Security Notice 850-2
Posted Oct 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 850-2 - USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. This update fixes the problem. It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3605
MD5 | ef786d0533ebd065d56dc994fbd9ee2a
Gentoo Linux Security Advisory 200910-2
Posted Oct 23, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-3026
MD5 | f95b0cceac8b6a1952e1d478ee365438
Facebook Open Redirector
Posted Oct 23, 2009
Authored by 599eme Man

Facebook has an open redirector. It may be by design and the debate goes on about the use of these, but it is there nonetheless.

tags | exploit
MD5 | 01758e24d271f794579e501ded632b44
Avast! Denial Of Service / Privilege Escalation
Posted Oct 23, 2009
Authored by ShineShadow

Avast! Professional and Home Editions suffer from local privilege escalation and denial of service vulnerabilities.

tags | advisory, denial of service, local, vulnerability
advisories | CVE-2009-3524
MD5 | 6155abc07aa90511339fe78600188f54
Mandriva Linux Security Advisory 2009-287
Posted Oct 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-287 - Integer overflows and memory allocation issues that could result in a denial of service or code execution via xpdf have been resolved.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609
MD5 | 21f66bb582b30095ef1ed027d2104cc6
nginx NULL Pointer Dereference
Posted Oct 23, 2009
Authored by zeus penguin

nginx versions 0.7.0 through 0.7.61, 0.6.0 through 0.6.38, 0.5.0 through 0.5.37, and 0.4.0 through 0.4.14 suffer from a remote null pointer dereferencing vulnerability. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
MD5 | 14adedcf029f6a34749e1f0d7b331821
Joomla Photo Blog SQL Injection
Posted Oct 23, 2009
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla Photo Blog component versions Alpha 3 and Alpha 3a suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 175bd358f08718e8358ededa5678e01d
Joomla JShop SQL Injection
Posted Oct 23, 2009
Authored by Don Tukulesto | Site indonesiancoder.com

The Joomla JShop component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 70ea3c1b3ac59a2a05d4e19f0856b6e6
GNU Privacy Assistant Crash
Posted Oct 23, 2009
Authored by Dr_IDE

GPG4Win GNU Privacy Assistant proof of concept crash exploit.

tags | exploit, denial of service, proof of concept
MD5 | c0040a6bd64597ff98fb48ee354d95e5
Mongoose Web Server 2.8.0 Source Disclosure
Posted Oct 23, 2009
Authored by Dr_IDE

Mongoose Web Server versions 2.8.0 and below suffer from a remote source disclosure vulnerability.

tags | exploit, remote, web, info disclosure
MD5 | 57c4ddacd4d567188c15081908ef7f87
Mandos Encrypted File System Unattended Reboot Utility 1.0.13
Posted Oct 23, 2009
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This release has a client security bugfix.
tags | remote, root
systems | linux
MD5 | d29aab43926d3bade3a4b3273e2be96c
Debian Linux Security Advisory 1915-1
Posted Oct 23, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1915-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | linux, debian
advisories | CVE-2009-2695, CVE-2009-2903, CVE-2009-2908, CVE-2009-2909, CVE-2009-2910, CVE-2009-3001, CVE-2009-3002, CVE-2009-3286, CVE-2009-3290, CVE-2009-3613
MD5 | fad043ca1367cfb0c262b98c9a7eab13
Debian Linux Security Advisory 1914-1
Posted Oct 23, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1914-1 - Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications.

tags | advisory, web, cgi, vulnerability
systems | linux, debian
advisories | CVE-2009-0843, CVE-2009-0842, CVE-2009-0841, CVE-2009-0840, CVE-2009-0839, CVE-2009-2281
MD5 | a5897272693b99e5abadbaec5cfa5af1
Snort 2.8.5 IPv6 Remote Denial Of Service
Posted Oct 23, 2009
Authored by laurent gaffie

Snort versions 2.8.5 and below suffer from an IPv6 related remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 3c22f17e6a527be646ae04024532eba1
Call For Papers - Conference On Cyber Conflict
Posted Oct 23, 2009
Site ccdcoe.org

The Call For Papers for the Conference on Cyber Conflict has been announced. It will take place June 15th through the 18th, 2010 in Tallin, Estonia.

tags | paper, conference
MD5 | f39b806f00bcd8b70d4bdf36c48243fb
Ubuntu Security Notice 852-1
Posted Oct 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 852-1 - A large amount of vulnerabilities in the Linux 2.6.15 kernel have been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1883, CVE-2009-2584, CVE-2009-2695, CVE-2009-2698, CVE-2009-2767, CVE-2009-2846, CVE-2009-2847, CVE-2009-2848, CVE-2009-2849, CVE-2009-2903, CVE-2009-2908, CVE-2009-3001, CVE-2009-3002, CVE-2009-3238, CVE-2009-3286, CVE-2009-3288, CVE-2009-3290
MD5 | f1273f57187fb0a43c5251ca1d063a82
Attacking Magstripe Gift Cards
Posted Oct 23, 2009
Authored by Adrian Pastor

This whitepaper is called Attacking Magstripe Gift Cards. It is based on research conducted on a large number of UK gift cards. The paper also provides a series of guidelines and tips for developers and systems architects who are involved in the process of implementing their own gift card technology.

tags | paper
MD5 | 7a46627d717397b46a6c52a07563fe79
Open Source CERT Security Advisory 2009.16
Posted Oct 23, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Both the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an application using this code is multi-threaded (or uses a crash signal handler), it may be possible to execute arbitrary code. Poppler versions below 0.12.1 are affected. Xpdf versions below 3.02p14 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3608
MD5 | 17ed35fa020f70c293c01bdefa9277fd
TwonkyMedia Server Cross Site Scripting
Posted Oct 23, 2009
Authored by Davide Canali

TwonkyMedia Server versions 4.4.17 and below and 5.0.65 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 784142affb4a1ea0c01fb26aa68c7d4e
Secunia Security Advisory 37130
Posted Oct 23, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the FileField module for Drupal. This can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 9678f493a7bf238a7c919e77aa78c4e6
Page 1 of 3
Back123Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close