what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 84 RSS Feed

Files Date: 2009-11-18

RhinoSoft Serv-U TEA Decoding Buffer Overflow
Posted Nov 18, 2009
Site secunia.com

Secunia Research has discovered a vulnerability in Serv-U, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in a function when processing a hexadecimal representation of a string using a TEA decoding algorithm. This can be exploited to cause a stack-based buffer overflow by passing an overly long string. Successful exploitation may allow execution of arbitrary code. Version 9.0.0.5 is affected.

tags | advisory, overflow, arbitrary
SHA-256 | 91578cec99ab6bd596015abc46151a4524003351c0b7b52ba97ff0920567f0c5
HP Security Bulletin HPSBMI02473 SSRT080138
Posted Nov 18, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with the Cisco Catalyst Blade Switch 3020/3021. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service
systems | cisco
advisories | CVE-2008-4609
SHA-256 | ea08f093537b584373ba4ecea842587a49b52eed50b47dd316839ec3ef17823e
TLS / SSLv3 Vulnerability Explained
Posted Nov 18, 2009
Authored by Thierry Zoller

This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.

tags | paper, protocol
SHA-256 | e3e2ec70ee2040efbdbd9bc976ec570be8d2ff285c3860f57e0e4a9dff455e2f
SUSE Security Announcement SUSE-SA:2009:057
Posted Nov 18, 2009
Site suse.com

SUSE Security Announcement - The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.

tags | advisory, web, protocol
systems | linux, suse
advisories | CVE-2009-3555
SHA-256 | 64dd6d04fc2d6d8902730cdd4ebe8561bc511ab3d3891aabc2ba909b1c8b1636
Torrent Swarm Poisoning
Posted Nov 18, 2009
Authored by Burningmace

Paper on poisoning a torrent's peer swarm with large numbers of fake peers, including proof of concept code. Works on most trackers. Could possibly be adapted to perform a reflected denial of service (DRDoS) on a target.

tags | exploit, denial of service, proof of concept
SHA-256 | 9ef8fa4913dfc7ea605f7ff92cc9b58d17bb8847b4e976ba538c2d898c68c01e
Gentoo Linux Security Advisory 200911-2
Posted Nov 18, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200911-2 - Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Versions less than 1.6.0.17 are affected.

tags | advisory, java, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-2086, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342
SHA-256 | 6c09d770120fdd5f0fd5936497c4e389e3872a0dc13ec5c2b2565221dc0a2be7
Core Security Technologies Advisory 2009.0814
Posted Nov 18, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - HP Openview Network Node Manager is one of the most widely-deployed network monitoring and management platforms used throughout enterprise organizations today. The platform includes many server and client-side core components with a long list of previously disclosed security bugs. In this case, a remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service. HP Openview NNM version 7.53 is affected.

tags | exploit, denial of service
advisories | CVE-2009-3840
SHA-256 | 7d534a7b0dbe0cbc5abd0d58b4d34abfed0c6b32115eace7c6021c6659df10e8
Debian Linux Security Advisory 1936-1
Posted Nov 18, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1936-1 - Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-0455, CVE-2009-3546
SHA-256 | 66708303038192047a61eddb05e535eccc4f5020eceeb60349b6a70ac5c0494e
Kaspersky Anti-Virus 2010 9.0.0.463 Denial Of Service
Posted Nov 18, 2009
Authored by Stefan Le Berre

Kaspersky Anti-Virus 2010 version 9.0.0.463 suffers from a denial of service vulnerability.

tags | exploit, denial of service, virus
SHA-256 | 7ae0cfcd643b35679b0935fa72b27c7089e68d07020a0c1a2084c395b59bc687
HP Security Bulletin HPSBMA02456 SSRT090188
Posted Nov 18, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely by an authorized user to execute arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2009-3841
SHA-256 | b855638e504c36224e12fe96f7f3ef6f6bdcb6ad6ab169f40486ddc6af19bfd9
Gimp PSD Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-3909
SHA-256 | d7ed67ca8048162c65807572876c20725ffeeafb25e10c4e521996f9876bd56c
Home FTP Server 1.10.1.139 Traversal
Posted Nov 18, 2009
Authored by zhangmc

Home FTP Server version 1.10.1.139 suffers from a remote directory traversal vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 3e2aebb0adee075436258fb142539b20bef583fe7ffa202bd139a3339fc90e1b
Novell eDirectory 8.8 SP5 HTTPSTK Stack Overflow
Posted Nov 18, 2009
Authored by karak0rsan, murderkey | Site tcc.hellcode.net

Novell eDirectory version 8.8 SP5 HTTPSTK login stack overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | aaff44cb7e0507ba901a88e6833da6ac7746837d03811e3d7515b64aa4b00925
Adobe AcroPDF.dll Denial Of Service
Posted Nov 18, 2009
Authored by Beenu Arora | Site beenuarora.com

Adobe's AcroPDF.dll Active-X controller version 7.0.5 suffers from a denial of service vulnerability. Proof of concept code included.

tags | exploit, denial of service, activex, proof of concept
SHA-256 | e2f760594e35ad2f78542900bf23c1fe3c24c3c59698335541a9bd9414797cab
Mandriva Linux Security Advisory 2009-158
Posted Nov 18, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-158 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS3 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-1194
SHA-256 | 376767689a770b410a1a4463080312327ed9d33c1b032b67fcb9b94eaadc2488
Joomla Extion IF Portfolio Nexus SQL Injection
Posted Nov 18, 2009
Authored by 599eme Man

Joomla Extion iF Portfolio Nexus suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2544bbaeedb2fa932acf7f721f6fd221aa50b8b6985ff009361c8774703446f9
Joomla / Mambo Ezine Remote File Inclusion
Posted Nov 18, 2009
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla / Mambo Ezine component version 2.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 64e128e7842dcece7bfeb3a3c1c62129f99a25bd02e4949442ecae7ddec3654e
Linux x86 ip6tables -F Polymorphic Shellcode
Posted Nov 18, 2009
Authored by Jonathan Salwan | Site shell-storm.org

71 bytes small ip6tables -F polymorphic shellcode for Linux x86.

tags | x86, shellcode
systems | linux
SHA-256 | ec9b712caa705ccbd87234f9ebb1e5ae3ffc0307009e35dc3f6d1501f301801f
Linux x86 ip6tables -F Shellcode
Posted Nov 18, 2009
Authored by Jonathan Salwan | Site shell-storm.org

47 bytes small ip6tables -F shellcode for Linux x86.

tags | x86, shellcode
systems | linux
SHA-256 | 3840566c05ffaa2ffc2617d924372f2f816bb87c9d53ca6c2a2c26bd0c98ee67
Home FTP Server Denial Of Service
Posted Nov 18, 2009
Authored by zhangmc

Home FTP Server suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 66a1b9607f465cc97dd2702d08b04d74f0289162cc31c8f3e78630982ad4b1c7
Troopers 2010 Call For Papers
Posted Nov 18, 2009
Site troopers.de

Call For Papers for Troopers 2010 - The conference will be held in Heidelberg, Germany from March 10th through the 11th, 2010.

tags | paper, conference
SHA-256 | be8c5e5f52ad4de4728b84de59c6accecba9377c46e7a506ac066710d384bfc9
Alteon OS XSS / XSRF
Posted Nov 18, 2009
Authored by Alexey Sintsov | Site dsecrg.com

Alteon OS BBI versions 21.0.8.3 and below suffer from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 1b51194ddfb04e33e624402eb4d2735d44b283fa92494f8c50b04ddc871b6c91
Linux pipe.c Privilege Escalation
Posted Nov 18, 2009
Authored by Earl Chew

Linux kernel pipe.c proof of concept local privilege escalation exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
SHA-256 | 5a47903584a2c97af605391e2cc36aa5943b60bfcc2f6b301ab746c32cc5867f
iAWACS 2010 Call For Papers
Posted Nov 18, 2009
Authored by iawacs

Call For Papers for the Second International Alternative Workshop on Aggressive Computing and Security. It will take place from May 12th through the 14th, 2010 in Paris, France.

tags | paper, conference
SHA-256 | 0cb078c4a9b363a11c8e6fb5167eef53437c243fe5d15968a3cb1ca679bdcafa
PHD Help Desk 1.43 Cross Site Scripting
Posted Nov 18, 2009
Authored by Amol Naik

PHD Help Desk version 1.43 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9e31d678e762edb548c87400979bdc81a4269333d3425fb379c8406bf176fc71
Page 1 of 4
Back1234Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close