exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2009-11-03

PunBB Extension Attachment 1.0.2 SQL Injection
Posted Nov 3, 2009
Authored by puret_t

PunBB Extension Attachment versions 1.0.2 and below remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | b7c237448c8b803bb5bbc27f2eefe2060171440d5d65de2508d18f0735c24d85
Mandriva Linux Security Advisory 2009-293
Posted Nov 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-293 - Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities.

tags | advisory, remote, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3700, CVE-2009-3826
SHA-256 | 739b835d96c30bcffa913c64349d4b16321822040ca8acb6f0e82a29ca742ce8
Mandriva Linux Security Advisory 2009-292
Posted Nov 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-292 - Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file. The wireshark package has been updated to fix these vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3550, CVE-2009-3829
SHA-256 | e0edf17f818ff70e0e8c8d9c50b96df80e90d9cb2f2ea708bc3ab4dbdc5e8fe5
Xion Audio Player Local Buffer Overflow
Posted Nov 3, 2009
Authored by corelanc0d3r

Xion Audio Player version 1.0 build 121 local buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | 9fe8f6658b4b6b8a229b0f92ef86e601a9421567effd4ad2b338d0beed4c076b
Zero Day Initiative Advisory 09-075
Posted Nov 3, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-075 - This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to port 389/TCP for handling LDAP requests. When the service processes a search request with an undefined BaseDN, it will become unresponsive resulting in an inability to query or authenticate to that server.

tags | advisory, tcp
SHA-256 | 57153f026696d18067c3cb651c937e1389d2fa3ef961008254ff7ca0840f7504
QuahogCon 2010 Call For Papers
Posted Nov 3, 2009
Site quahogcon.org

QuahogCon is a new regional conference for the hacker culture in all forms. Hardware, Software, Security, Social, Eco Hacking, Zero Impact Living. Like most hacker cons, it will run Friday to Sunday. It will be held from April 23rd through the 25th, 2010 at Hotel Providence in Providence, Rhode Island.

tags | paper, conference
SHA-256 | 98263cceccad8fe336529eed5a51b81472a12933e8248fdffdba360970406eef
Secunia Security Advisory 37196
Posted Nov 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | e78f944fbaf144e3dca6e2669b263153ce633873f43a396b76fcfced452b97ed
Secunia Security Advisory 37191
Posted Nov 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Documentum eRoom, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | fd49048657faa19212b5f85da3e7a86bc80c38545533c903abb04deb0e45a893
Kmotion Video Surveillance Front-End
Posted Nov 3, 2009
Authored by David Selby | Site kmotion.eu

kmotion is a Web based video surveillance front end to the "motion" program.

tags | web
systems | linux
SHA-256 | 2554bcffa0dba61b497fa7af02110cd18de984c1502ceb362c4265e193d23e28
Dradis Information Sharing Tool 2.4.1
Posted Nov 3, 2009
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: This release fixes several bugs in the client and server components.
tags | web
SHA-256 | 303b1f5e9a3f6d4e4a2dc0c2be86ade9e859fe5050f268725ed11ecbd17e261d
GRAudit Grep Auditing Tool 1.3
Posted Nov 3, 2009
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Some signatures have been added to existing databases. There are signature improvements to existing databases. JSP and ASP rulesets have been added. Testing has been improved.
systems | unix
SHA-256 | b5b1e4d5cc7f188f06ffae425b33102c9461e28b698cf121ce6edc4854372d48
Ubuntu Security Notice 850-3
Posted Nov 3, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 850-3 - USN-850-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for Ubuntu 9.10. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3603, CVE-2009-3604, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609
SHA-256 | 63c3ccfbae71b61e42605e0cd81a7cff6e1cf05926b86d413a70fe812affcec3
Obeseus Distributed Denial Of Service Detector
Posted Nov 3, 2009
Authored by Mark Osborne, Simon Ratcliffe | Site loud-fat-bloke.co.uk

Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. Firmware Routines on the card ensure that the attack is identified right down to host/port with zero load on the PCI bus. This is the pre-port to FPGA beta version written in "c" with PCAP and BPF.

tags | tool
systems | unix
SHA-256 | b67e244ec592a0c5a1242966f36937d8dfd7d5e17d6725951479d2a05fc108b9
Symantec ConsoleUtilities ActiveX Control Metasploit Exploit
Posted Nov 3, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

This Metasploit module exploits a stack overflow in Symantec ConsoleUtilities. By sending an overly long string to the "BrowseAndSaveFile()" method located in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-3031
SHA-256 | 7c2677559b384201501422a3ddf86666515f1b169805b0d9200c4c0e134447b3
Symantec ConsoleUtilities ActiveX Control Buffer Overflow
Posted Nov 3, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

The Symantec ConsoleUtilities Active-X control suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2009-3031
SHA-256 | 5f09948f29db082ce2353ab83f2d2593b1645423033ffb0e75a67bbc53c8101f
ACROS Security Problem Report 2009-10-30.1
Posted Nov 3, 2009
Authored by ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2009-10-30-1 - There is an HTML Injection vulnerability in the WebLogic server version 10.3 administration console that allows the attacker to gain administrative access to the server.

tags | advisory
SHA-256 | afb874f67261c2f5e3869658a0249ee9cea2ebb6a0e437486664f71a9744d1c9
Whois Server 2.0 Cross Site Scripting
Posted Nov 3, 2009
Authored by ViRuS_HiMa

Whois Server version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9e6ef5321120293c1597396313fe2aed40c38728e59ce37d6349ece7f9a2d08f
Serv-U 9.0.0.5 WebClient Buffer Overflow
Posted Nov 3, 2009
Authored by Nikolaos Rangos

Rhinosoft.com Serv-U web client version 9.0.0.5 suffers from a remote buffer overflow vulnerability. Proof of concept code included.

tags | exploit, remote, web, overflow, proof of concept
SHA-256 | c8498ca90838fe61c74043cbaf8479e8f9e2c3db44ef86f7f5686195db8f4055
Joomla 1.5.12 Code Execution Via TinyMCE
Posted Nov 3, 2009
Authored by Luca De Fulgentis

Remote code execution exploit for Joomla 1.5.12 using a file upload vulnerability in TinyMCE.

tags | exploit, remote, code execution, file upload
SHA-256 | 18c8fa558ef85b78307bb24e45108f134150fed7e68dfca7c1a3ac7859e32926
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.3.5
Posted Nov 3, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv1 pluto daemon can attach SQL-based address pools to deal out virtual IP addresses as a Mode Config server in either Pull or Push mode. In addition to time based rekeying, the IKEv2 charon daemon supports IPsec SA lifetimes based on processed volume measured in bytes or number of packets.
tags | kernel, encryption
systems | linux
SHA-256 | cc502afbcbc3cebc94c18855db4e5f7718b08646de52b97e6f973d99467392d0
MapSweeper 1.0 Ping Sweeper
Posted Nov 3, 2009
Authored by 0x90

MapSweeper version 1.0 ping sweeping script.

tags | tool, scanner
systems | unix
SHA-256 | 78c58f4e6a6537b3dfef8851eccfd453b7b677c8f62d6b7760cde32ccbb49583
Lynis Auditing Tool 1.2.7
Posted Nov 3, 2009
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds AIX support and several new tests related to SSH, logging, databases, and SMTP. Many minor issues are solved or improved.
tags | tool, scanner
systems | unix
SHA-256 | dc734ad1f8bdce30d7604c3eb4176dbaf92cf0e5c54d3ea12ec6cd3128e402ac
Tinc Virtual Private Network Daemon 1.0.11
Posted Nov 3, 2009
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release fixes a potential crash when the HUP signal is sent, fixes unnecessary broadcasts in switch mode, uses UDP in some cases where 1.0.10 fell back to TCP unnecessarily, and allows fast roaming of hosts between nodes in a switched VPN.
tags | encryption
SHA-256 | add18b68710a08dd1d209f177154f9d8c7614031050abf16139dd9c3fc56be84
Packet Storm New Exploits For October, 2009
Posted Nov 3, 2009
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 209 exploits added to Packet Storm in October, 2009.

tags | exploit
SHA-256 | 5697ab5dcc7ffeecbcba58d5b84254e484f579a3d6f2dfed3d07259c461ae668
Backconnect Script For NetBSD
Posted Nov 3, 2009

This is a back-connect script written for NetBSD and was made as a result of playing with /dev/tcp.

tags | tool, tcp, rootkit
systems | netbsd, unix
SHA-256 | b1e1f945ff91749198f69e35483773726b0afeb19cd8fbdb424ce3d6698f1376
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close