exploit the possibilities
Showing 1 - 25 of 84 RSS Feed

Files Date: 2009-11-18

RhinoSoft Serv-U TEA Decoding Buffer Overflow
Posted Nov 18, 2009
Site secunia.com

Secunia Research has discovered a vulnerability in Serv-U, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in a function when processing a hexadecimal representation of a string using a TEA decoding algorithm. This can be exploited to cause a stack-based buffer overflow by passing an overly long string. Successful exploitation may allow execution of arbitrary code. Version 9.0.0.5 is affected.

tags | advisory, overflow, arbitrary
MD5 | 945e72d16bc405d2c767c2a26dadd42e
HP Security Bulletin HPSBMI02473 SSRT080138
Posted Nov 18, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with the Cisco Catalyst Blade Switch 3020/3021. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service
systems | cisco
advisories | CVE-2008-4609
MD5 | ec80b8c2942285eb3781715758c4a1b6
TLS / SSLv3 Vulnerability Explained
Posted Nov 18, 2009
Authored by Thierry Zoller

This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.

tags | paper, protocol
MD5 | 8c7187ef4886ebc3a72ea1e852e95794
SUSE Security Announcement SUSE-SA:2009:057
Posted Nov 18, 2009
Site suse.com

SUSE Security Announcement - The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.

tags | advisory, web, protocol
systems | linux, suse
advisories | CVE-2009-3555
MD5 | 33c56aa10967629ea48ee5c7a540123b
Torrent Swarm Poisoning
Posted Nov 18, 2009
Authored by Burningmace

Paper on poisoning a torrent's peer swarm with large numbers of fake peers, including proof of concept code. Works on most trackers. Could possibly be adapted to perform a reflected denial of service (DRDoS) on a target.

tags | exploit, denial of service, proof of concept
MD5 | 8afc01728654ca2731acc6e2d0166e9b
Gentoo Linux Security Advisory 200911-2
Posted Nov 18, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200911-2 - Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Versions less than 1.6.0.17 are affected.

tags | advisory, java, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-2086, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342
MD5 | 334efd812882f2cfabc1acb771e2a585
Core Security Technologies Advisory 2009.0814
Posted Nov 18, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - HP Openview Network Node Manager is one of the most widely-deployed network monitoring and management platforms used throughout enterprise organizations today. The platform includes many server and client-side core components with a long list of previously disclosed security bugs. In this case, a remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service. HP Openview NNM version 7.53 is affected.

tags | exploit, denial of service
advisories | CVE-2009-3840
MD5 | 478db223a44f2e0af69ed0e378911abb
Debian Linux Security Advisory 1936-1
Posted Nov 18, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1936-1 - Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-0455, CVE-2009-3546
MD5 | 5e176fdb2d5cbb68b2e4cc446c56b44a
Kaspersky Anti-Virus 2010 9.0.0.463 Denial Of Service
Posted Nov 18, 2009
Authored by Stefan Le Berre

Kaspersky Anti-Virus 2010 version 9.0.0.463 suffers from a denial of service vulnerability.

tags | exploit, denial of service, virus
MD5 | 1203aa877261b2f38f0567349b90c982
HP Security Bulletin HPSBMA02456 SSRT090188
Posted Nov 18, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely by an authorized user to execute arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2009-3841
MD5 | cc79016bccd4bfbf0fcb0f5657ef1398
Gimp PSD Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-3909
MD5 | 386e572c3ff9889366d1e2085c1d0e06
Home FTP Server 1.10.1.139 Traversal
Posted Nov 18, 2009
Authored by zhangmc

Home FTP Server version 1.10.1.139 suffers from a remote directory traversal vulnerability.

tags | exploit, remote, file inclusion
MD5 | e6e598ba6e356872520260188444e14e
Novell eDirectory 8.8 SP5 HTTPSTK Stack Overflow
Posted Nov 18, 2009
Authored by karak0rsan, murderkey | Site tcc.hellcode.net

Novell eDirectory version 8.8 SP5 HTTPSTK login stack overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 33cd6eebd0dad0717570b48b8ab86a01
Adobe AcroPDF.dll Denial Of Service
Posted Nov 18, 2009
Authored by Beenu Arora | Site beenuarora.com

Adobe's AcroPDF.dll Active-X controller version 7.0.5 suffers from a denial of service vulnerability. Proof of concept code included.

tags | exploit, denial of service, activex, proof of concept
MD5 | 046b2471ce8bcfaf472d8907d01c201e
Mandriva Linux Security Advisory 2009-158
Posted Nov 18, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-158 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS3 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-1194
MD5 | 3446abe1c84421dd06c6c641d85aa42b
Joomla Extion IF Portfolio Nexus SQL Injection
Posted Nov 18, 2009
Authored by 599eme Man

Joomla Extion iF Portfolio Nexus suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1983c0b8ed3e3202ddb6ff7a9324ec29
Joomla / Mambo Ezine Remote File Inclusion
Posted Nov 18, 2009
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla / Mambo Ezine component version 2.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 9f22a9da5863a09bef099aa1cc67a7fe
Linux x86 ip6tables -F Polymorphic Shellcode
Posted Nov 18, 2009
Authored by Jonathan Salwan | Site shell-storm.org

71 bytes small ip6tables -F polymorphic shellcode for Linux x86.

tags | x86, shellcode
systems | linux
MD5 | a56e486a0ddb6d3dcb5ffb6a0354bd32
Linux x86 ip6tables -F Shellcode
Posted Nov 18, 2009
Authored by Jonathan Salwan | Site shell-storm.org

47 bytes small ip6tables -F shellcode for Linux x86.

tags | x86, shellcode
systems | linux
MD5 | e14fc05ae6140b60cc1e6df586cdc5af
Home FTP Server Denial Of Service
Posted Nov 18, 2009
Authored by zhangmc

Home FTP Server suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 9e677e8d73659c8ca43a11b52f8b44eb
Troopers 2010 Call For Papers
Posted Nov 18, 2009
Site troopers.de

Call For Papers for Troopers 2010 - The conference will be held in Heidelberg, Germany from March 10th through the 11th, 2010.

tags | paper, conference
MD5 | ea6c8d909a0a3567a524e0bc4dc07229
Alteon OS XSS / XSRF
Posted Nov 18, 2009
Authored by Alexey Sintsov | Site dsecrg.com

Alteon OS BBI versions 21.0.8.3 and below suffer from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | c4785e783f7c41dce6a3a265a00d2e07
Linux pipe.c Privilege Escalation
Posted Nov 18, 2009
Authored by Earl Chew

Linux kernel pipe.c proof of concept local privilege escalation exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
MD5 | b60df3f8f50f41321f2ae9c3bbeab1ca
iAWACS 2010 Call For Papers
Posted Nov 18, 2009
Authored by iawacs

Call For Papers for the Second International Alternative Workshop on Aggressive Computing and Security. It will take place from May 12th through the 14th, 2010 in Paris, France.

tags | paper, conference
MD5 | d3da8712315de343e977cc5ceb8f9826
PHD Help Desk 1.43 Cross Site Scripting
Posted Nov 18, 2009
Authored by Amol Naik

PHD Help Desk version 1.43 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | fe58ab446a9f7bcfa607aabf344d1459
Page 1 of 4
Back1234Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close