what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2009-10-23

/proc Filesystem Directory Permission Bypass
Posted Oct 23, 2009
Authored by Pavel Machek

It appears that manipulation of file descriptors via /proc can circumvent permissions on parent directories of the file.

tags | exploit
SHA-256 | 1154b08bf5a16a661c449cdcc6299271c9f319623fdee15cd66341aec640f300
HP Security Bulletin HPSBUX02466 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
SHA-256 | 62cfcd445dd3a0cdbbbf4799a5537b3b34fd9cac42db9999e84fe88b1fb68bac
HP Security Bulletin HPSBUX02465 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624
SHA-256 | 917f5771b1ecaed534503ff6b3384773b7597e104b42f7ed74b05115d49f2b09
Pegasus Mail Client Buffer Overflow
Posted Oct 23, 2009
Authored by Francis Provencher

Pegasus Mail Client version 4.51 suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.

tags | exploit, remote, denial of service, overflow, proof of concept
SHA-256 | 1dbf648aa73fbc29abc9c44b1c7a86bd17ea343df12397c7dad7c627890324ae
Eureka Mail Client Buffer Overflow
Posted Oct 23, 2009
Authored by Francis Provencher

Eureka Mail Client version 2.2q suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.

tags | exploit, remote, denial of service, overflow, proof of concept
SHA-256 | a02d6270bac17874219ce98888b43ed15519fc06b9faa37202420af469d20643
Ubuntu Security Notice 850-2
Posted Oct 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 850-2 - USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. This update fixes the problem. It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3605
SHA-256 | 2cf3d8acd59c9223beedc1f2cefbcb79dea982230a631fe717af3cb4e1cb518f
Gentoo Linux Security Advisory 200910-2
Posted Oct 23, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-3026
SHA-256 | e779f111b1348b505f287d3b122922b47e53deed021d9b1d7f32a5e7bd682180
Facebook Open Redirector
Posted Oct 23, 2009
Authored by 599eme Man

Facebook has an open redirector. It may be by design and the debate goes on about the use of these, but it is there nonetheless.

tags | exploit
SHA-256 | db51d70b54bb5d278b5727dbf8ae1a555bb2b9fcdf42a7a83c9160f9c40f7993
Avast! Denial Of Service / Privilege Escalation
Posted Oct 23, 2009
Authored by ShineShadow

Avast! Professional and Home Editions suffer from local privilege escalation and denial of service vulnerabilities.

tags | advisory, denial of service, local, vulnerability
advisories | CVE-2009-3524
SHA-256 | 145e8181194fe1f5d54f9f1c10b449dbfebded667d0c2c0ee5c02c0b5ceed552
Mandriva Linux Security Advisory 2009-287
Posted Oct 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-287 - Integer overflows and memory allocation issues that could result in a denial of service or code execution via xpdf have been resolved.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609
SHA-256 | 80c75bcffe938ef51c3cc7bd64b8ca3f8e8d9e264e1804fcd8c23a453cc6e0ff
nginx NULL Pointer Dereference
Posted Oct 23, 2009
Authored by zeus penguin

nginx versions 0.7.0 through 0.7.61, 0.6.0 through 0.6.38, 0.5.0 through 0.5.37, and 0.4.0 through 0.4.14 suffer from a remote null pointer dereferencing vulnerability. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
SHA-256 | 23e0b19545c8a86cffa3f0faeb5311be3b43dc3c60a2228899c989f955e3ede4
Joomla Photo Blog SQL Injection
Posted Oct 23, 2009
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla Photo Blog component versions Alpha 3 and Alpha 3a suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 31e1831e0ef10ba30ab61f94350b6dc3c14bd9b36e30f41d8b77e7852b156cc6
Joomla JShop SQL Injection
Posted Oct 23, 2009
Authored by Don Tukulesto | Site indonesiancoder.com

The Joomla JShop component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1e1df95f53974d9f0638bd22917f5b3bce1f7e2efa6defecbbb975c845e68f93
GNU Privacy Assistant Crash
Posted Oct 23, 2009
Authored by Dr_IDE

GPG4Win GNU Privacy Assistant proof of concept crash exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | f45b73a43afd05c08a9cdd42903ee4e5aeef56c90200b4f4a4cff7479f86bd21
Mongoose Web Server 2.8.0 Source Disclosure
Posted Oct 23, 2009
Authored by Dr_IDE

Mongoose Web Server versions 2.8.0 and below suffer from a remote source disclosure vulnerability.

tags | exploit, remote, web, info disclosure
SHA-256 | de42bbe8b5418e0b3955394314e14cebeac3228c3c1732eff9a9fa188d93929a
Mandos Encrypted File System Unattended Reboot Utility 1.0.13
Posted Oct 23, 2009
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This release has a client security bugfix.
tags | remote, root
systems | linux
SHA-256 | 671fc9e9e240bd4431760c018fdb3a0dae96313e552ddfd51b265831013cefdd
Debian Linux Security Advisory 1915-1
Posted Oct 23, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1915-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | linux, debian
advisories | CVE-2009-2695, CVE-2009-2903, CVE-2009-2908, CVE-2009-2909, CVE-2009-2910, CVE-2009-3001, CVE-2009-3002, CVE-2009-3286, CVE-2009-3290, CVE-2009-3613
SHA-256 | 72ec2c6b93f4e6a3b1581e7dbde77e9bad2bee376ee815891a5a2fbab78e59a1
Debian Linux Security Advisory 1914-1
Posted Oct 23, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1914-1 - Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications.

tags | advisory, web, cgi, vulnerability
systems | linux, debian
advisories | CVE-2009-0843, CVE-2009-0842, CVE-2009-0841, CVE-2009-0840, CVE-2009-0839, CVE-2009-2281
SHA-256 | ded0d4e6ff1bc532cdc4d2b26825c355c570bc6d5135f5147f13122b5de0f0d5
Snort 2.8.5 IPv6 Remote Denial Of Service
Posted Oct 23, 2009
Authored by laurent gaffie

Snort versions 2.8.5 and below suffer from an IPv6 related remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | fd81c9b1d14a60efa89b76dcfcfe0341d942a1d56a015464c5556527962cc83a
Call For Papers - Conference On Cyber Conflict
Posted Oct 23, 2009
Site ccdcoe.org

The Call For Papers for the Conference on Cyber Conflict has been announced. It will take place June 15th through the 18th, 2010 in Tallin, Estonia.

tags | paper, conference
SHA-256 | 6bec42bab599fc4a789960015b0911b0743ff7fb1375e83afecc9eb53195380b
Ubuntu Security Notice 852-1
Posted Oct 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 852-1 - A large amount of vulnerabilities in the Linux 2.6.15 kernel have been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1883, CVE-2009-2584, CVE-2009-2695, CVE-2009-2698, CVE-2009-2767, CVE-2009-2846, CVE-2009-2847, CVE-2009-2848, CVE-2009-2849, CVE-2009-2903, CVE-2009-2908, CVE-2009-3001, CVE-2009-3002, CVE-2009-3238, CVE-2009-3286, CVE-2009-3288, CVE-2009-3290
SHA-256 | e49b64e7e735abea730fc3d8d2eb17713aaa33fcc5c172954e43bb3b8e41aa33
Attacking Magstripe Gift Cards
Posted Oct 23, 2009
Authored by Adrian Pastor

This whitepaper is called Attacking Magstripe Gift Cards. It is based on research conducted on a large number of UK gift cards. The paper also provides a series of guidelines and tips for developers and systems architects who are involved in the process of implementing their own gift card technology.

tags | paper
SHA-256 | e1042460007fc647cda1299c7fadd72f83df07ca8b4a49cf309e5009f1a5993b
Open Source CERT Security Advisory 2009.16
Posted Oct 23, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Both the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an application using this code is multi-threaded (or uses a crash signal handler), it may be possible to execute arbitrary code. Poppler versions below 0.12.1 are affected. Xpdf versions below 3.02p14 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3608
SHA-256 | aafbc29fb69700ddfede45739b89f53ecdd9feddad2b8b638abff600d022e08b
TwonkyMedia Server Cross Site Scripting
Posted Oct 23, 2009
Authored by Davide Canali

TwonkyMedia Server versions 4.4.17 and below and 5.0.65 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b29607bfdc755fb015da169165ecd5370a7778e308e248f7ed2a9897ca7a2cf6
Secunia Security Advisory 37130
Posted Oct 23, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the FileField module for Drupal. This can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | ee07bd23f643396b869cb55f92ffdada11ed108776553a1490c13f6c94d51868
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close