exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

Files Date: 2009-11-05

Renegotiating TLS Man-In-The-Middle
Posted Nov 5, 2009
Authored by Steve Dispensa, Marsh Ray | Site extendedsubset.com

Paper called Renegotiating TLS. Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well.

tags | advisory, web, arbitrary, protocol
SHA-256 | ad318f67f8665ad770bc1cf6e8f7832ad97aa4d2cdd2ebe8247c7503e4a60cdb
Core Security Technologies Advisory 2009.0912
Posted Nov 5, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.

tags | exploit, arbitrary, python
advisories | CVE-2009-3850
SHA-256 | 1fef8cb8fcac60f760b13718f93b477b71bdd1c6562c217b66231efa118f8715
HP Security Bulletin HPSBMA02474 SSRT090107
Posted Nov 5, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Power Manager. The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2009-2685
SHA-256 | 53080e1e2988e928bf4696c49f0cd570649bd4259d541307bb5c18f3d7d7a8c9
eoCMS 0.9.01 SQL Injection
Posted Nov 5, 2009
Authored by SVRT | Site security.bkis.vn

eoCMS versions 0.9.01 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 26af20d0d7bd017809cc9c50b39a28b33b797dab5aeac3d3f85c464b6b73d780
Serv-U Web Client 9.0.0.5 Buffer Overflow
Posted Nov 5, 2009
Authored by Megumi Yanagishita

Remote buffer overflow exploit for the Serv-U web client version 9.0.0.5.

tags | exploit, remote, web, overflow
SHA-256 | 8dc1389fcf83400effd619fdd1bb11bcf250e1f0e262650d97d8a4dad508d509
Zero Day Initiative Advisory 09-080
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, overflow, arbitrary
SHA-256 | 47ee5830c4dbdaefff07781e1bcdec30a4377a14962a51048810a3b53d3c3619
Zero Day Initiative Advisory 09-079
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-079 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setBytePixels AWT library function. Due to the lack of bounds checking on the parameters to the function a user controllable memcpy can result in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, overflow, arbitrary
SHA-256 | 4d1d6b0a4c0183614c191896497e022d9098104c6686228a4c19fbeaccd7c12b
Zero Day Initiative Advisory 09-078
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-078 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setDiffICM AWT library function. Due to the lack of bounds checking on one of the parameters to the function a stack overflow can occur. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, overflow, arbitrary
SHA-256 | d8ff737490bfd7484e57e6ae6d4b8ee4689639c478e82e1f7773a587a9f837d9
Zero Day Initiative Advisory 09-077
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java WebStart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the implementation of security model permissions during the removal of installer extensions. By modifying an existing installer extension JNLP file, a condition occurs that allows for code supplied by a different URL than the original installer extension URL to run as a secure applet. This condition can result in arbitrary command injection under the privileges of the currently logged in user.

tags | advisory, java, remote, arbitrary
SHA-256 | bafb05241862f71746a218ff5cd08fc620db8c8ed1f7effba706e14c73e0b0de
Zero Day Initiative Advisory 09-076
Posted Nov 5, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists in the parsing of long file:// URL arguments to the getSoundbank() function. Due to a lack of bounds checking on user supplied data a stack overflow can occur leading to remote code execution. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.

tags | advisory, java, remote, web, overflow, arbitrary, code execution
SHA-256 | 12b41a5dda9749bf93b9caa26fd1edf3c05e21b07772f9d680db8794d90a688c
Windows XP Pro SP2 English Wordpad Shellcode
Posted Nov 5, 2009
Authored by Aodrulez | Site aodrulez.blogspot.com

12 bytes small Windows XP Pro SP2 English Wordpad shellcode.

tags | shellcode
systems | windows
SHA-256 | c6adf5d5f8b9ce048d4fe598acb2ae75a7fb1112ed7f3ed07c144830f22a5fa7
Mac OS X 10.5.6/10.5.7 ptrace() Mutex Handling Denial Of Service
Posted Nov 5, 2009
Authored by prdelka | Site prdelka.blackart.org.uk

Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.

tags | exploit, denial of service, kernel
systems | apple, osx
SHA-256 | 280d49ab7dc2a6f1d65feb29ee1a9c5ba38aedb401fb0e81e12ef3860ea1d82f
Secunia Security Advisory 37283
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the User Protect module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | f6705f802261d5823a8dbe3b828dd3681bfb7ebf861e34a64d2171b41c294e9c
Secunia Security Advisory 37268
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | solaris
SHA-256 | 322756def7252d2b248f8043a8801bf4ab07ca82dbc9a7aedb15476213c81bf5
Secunia Security Advisory 37261
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for typo3-src. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks, and by malicious users to bypass certain security restrictions, conduct script insertion attacks, manipulate certain data, conduct SQL injection attacks, or compromise a vulnerable system.

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
SHA-256 | 73fc0e4ecaf451e210f56becb62acc33f06dc8c686a09e25575903a8287e6ec2
Secunia Security Advisory 37276
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 4856a5684cb3811ac5a36d53642940485910abaa8f1ed0988a86c2d5e482beef
Secunia Security Advisory 37253
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for rt3. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
systems | linux, fedora
SHA-256 | 1631a10aeb2e7f3567dd4bcca462deb1200ad95094e289c996c0279dd3ca9c9d
Secunia Security Advisory 37265
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Asterisk, which can be exploited by malicious people to determine valid usernames.

tags | advisory
SHA-256 | 99157ec6fc7a3b82b525ecbabf39acfbf1045b7536dc1de7a14ab0ec1bed70d9
Secunia Security Advisory 37286
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Temporary Invitation module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 14b7526afe223e86893b2a72391d597ada5fc00870b1e7f43c4b8005151f5b17
Secunia Security Advisory 37285
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the S5 Presentation Player module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | f47af9d980da9afec776a2c2eebbb5704c67437afbcd9a28d25a6ecef6e5844d
Secunia Security Advisory 37211
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for python-4Suite-XML. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, python
systems | linux, fedora
SHA-256 | 5e45527d837b5eeb960129b9beeeed22fc6d7d46f9bb0385f927492097cb72f8
Secunia Security Advisory 37267
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to manipulate certain data.

tags | advisory
systems | aix
SHA-256 | 5a922b94dbe98d37457631f6725af4bad4cf4adeced79dacd195097b5448a6cf
Secunia Security Advisory 37288
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Smartqueue OG module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | d75319bcc8f298a2379bf0242f4f6fd1fd0af2f7556d17f9ef9b9633b98d2870
Secunia Security Advisory 37284
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Node Hierarchy module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 01096cb34a5b02a455ab6a5a8c4c9cae8e6137b7ec7daaa8a50cfaa4b22244f6
Secunia Security Advisory 37272
Posted Nov 5, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Cao Xuan Sang has reported a vulnerability in eoCMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 2b54ec73ed481aeb21723a92eefa58e7846557f017dbf6c82c985cd1a55c2d23
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close