what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

Files Date: 2009-11-05

Renegotiating TLS Man-In-The-Middle
Posted Nov 5, 2009
Authored by Steve Dispensa, Marsh Ray | Site extendedsubset.com

Paper called Renegotiating TLS. Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well.

tags | advisory, web, arbitrary, protocol
SHA-256 | ad318f67f8665ad770bc1cf6e8f7832ad97aa4d2cdd2ebe8247c7503e4a60cdb
Core Security Technologies Advisory 2009.0912
Posted Nov 5, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.

tags | exploit, arbitrary, python
advisories | CVE-2009-3850
SHA-256 | 1fef8cb8fcac60f760b13718f93b477b71bdd1c6562c217b66231efa118f8715
HP Security Bulletin HPSBMA02474 SSRT090107
Posted Nov 5, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Power Manager. The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2009-2685
SHA-256 | 53080e1e2988e928bf4696c49f0cd570649bd4259d541307bb5c18f3d7d7a8c9
eoCMS 0.9.01 SQL Injection
Posted Nov 5, 2009
Authored by SVRT | Site security.bkis.vn

eoCMS versions 0.9.01 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 26af20d0d7bd017809cc9c50b39a28b33b797dab5aeac3d3f85c464b6b73d780
Serv-U Web Client 9.0.0.5 Buffer Overflow
Posted Nov 5, 2009
Authored by Megumi Yanagishita

Remote buffer overflow exploit for the Serv-U web client version 9.0.0.5.

tags | exploit, remote, web, overflow
SHA-256 | 8dc1389fcf83400effd619fdd1bb11bcf250e1f0e262650d97d8a4dad508d509
Zero Day Initiative Advisory 09-080
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, overflow, arbitrary
SHA-256 | 47ee5830c4dbdaefff07781e1bcdec30a4377a14962a51048810a3b53d3c3619
Zero Day Initiative Advisory 09-079
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-079 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setBytePixels AWT library function. Due to the lack of bounds checking on the parameters to the function a user controllable memcpy can result in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, overflow, arbitrary
SHA-256 | 4d1d6b0a4c0183614c191896497e022d9098104c6686228a4c19fbeaccd7c12b
Zero Day Initiative Advisory 09-078
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-078 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setDiffICM AWT library function. Due to the lack of bounds checking on one of the parameters to the function a stack overflow can occur. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, overflow, arbitrary
SHA-256 | d8ff737490bfd7484e57e6ae6d4b8ee4689639c478e82e1f7773a587a9f837d9
Zero Day Initiative Advisory 09-077
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java WebStart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the implementation of security model permissions during the removal of installer extensions. By modifying an existing installer extension JNLP file, a condition occurs that allows for code supplied by a different URL than the original installer extension URL to run as a secure applet. This condition can result in arbitrary command injection under the privileges of the currently logged in user.

tags | advisory, java, remote, arbitrary
SHA-256 | bafb05241862f71746a218ff5cd08fc620db8c8ed1f7effba706e14c73e0b0de
Zero Day Initiative Advisory 09-076
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists in the parsing of long file:// URL arguments to the getSoundbank() function. Due to a lack of bounds checking on user supplied data a stack overflow can occur leading to remote code execution. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, web, overflow, arbitrary, code execution
SHA-256 | 12b41a5dda9749bf93b9caa26fd1edf3c05e21b07772f9d680db8794d90a688c
Windows XP Pro SP2 English Wordpad Shellcode
Posted Nov 5, 2009
Authored by Aodrulez | Site aodrulez.blogspot.com

12 bytes small Windows XP Pro SP2 English Wordpad shellcode.

tags | shellcode
systems | windows
SHA-256 | c6adf5d5f8b9ce048d4fe598acb2ae75a7fb1112ed7f3ed07c144830f22a5fa7
Mac OS X 10.5.6/10.5.7 ptrace() Mutex Handling Denial Of Service
Posted Nov 5, 2009
Authored by prdelka | Site prdelka.blackart.org.uk

Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.

tags | exploit, denial of service, kernel
systems | apple, osx
SHA-256 | 280d49ab7dc2a6f1d65feb29ee1a9c5ba38aedb401fb0e81e12ef3860ea1d82f
Secunia Security Advisory 37283
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the User Protect module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | f6705f802261d5823a8dbe3b828dd3681bfb7ebf861e34a64d2171b41c294e9c
Secunia Security Advisory 37268
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | solaris
SHA-256 | 322756def7252d2b248f8043a8801bf4ab07ca82dbc9a7aedb15476213c81bf5
Secunia Security Advisory 37261
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for typo3-src. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks, and by malicious users to bypass certain security restrictions, conduct script insertion attacks, manipulate certain data, conduct SQL injection attacks, or compromise a vulnerable system.

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
SHA-256 | 73fc0e4ecaf451e210f56becb62acc33f06dc8c686a09e25575903a8287e6ec2
Secunia Security Advisory 37276
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 4856a5684cb3811ac5a36d53642940485910abaa8f1ed0988a86c2d5e482beef
Secunia Security Advisory 37253
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for rt3. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
systems | linux, fedora
SHA-256 | 1631a10aeb2e7f3567dd4bcca462deb1200ad95094e289c996c0279dd3ca9c9d
Secunia Security Advisory 37265
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Asterisk, which can be exploited by malicious people to determine valid usernames.

tags | advisory
SHA-256 | 99157ec6fc7a3b82b525ecbabf39acfbf1045b7536dc1de7a14ab0ec1bed70d9
Secunia Security Advisory 37286
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Temporary Invitation module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 14b7526afe223e86893b2a72391d597ada5fc00870b1e7f43c4b8005151f5b17
Secunia Security Advisory 37285
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the S5 Presentation Player module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | f47af9d980da9afec776a2c2eebbb5704c67437afbcd9a28d25a6ecef6e5844d
Secunia Security Advisory 37211
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for python-4Suite-XML. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, python
systems | linux, fedora
SHA-256 | 5e45527d837b5eeb960129b9beeeed22fc6d7d46f9bb0385f927492097cb72f8
Secunia Security Advisory 37267
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to manipulate certain data.

tags | advisory
systems | aix
SHA-256 | 5a922b94dbe98d37457631f6725af4bad4cf4adeced79dacd195097b5448a6cf
Secunia Security Advisory 37288
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Smartqueue OG module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | d75319bcc8f298a2379bf0242f4f6fd1fd0af2f7556d17f9ef9b9633b98d2870
Secunia Security Advisory 37284
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Node Hierarchy module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 01096cb34a5b02a455ab6a5a8c4c9cae8e6137b7ec7daaa8a50cfaa4b22244f6
Secunia Security Advisory 37272
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Cao Xuan Sang has reported a vulnerability in eoCMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 2b54ec73ed481aeb21723a92eefa58e7846557f017dbf6c82c985cd1a55c2d23
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close