exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2009-12-05

Ubuntu Security Notice 864-1
Posted Dec 5, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 864-1 - Kernel packages have been updated. It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. Earl Chew discovered race conditions in pipe handling. There are about a dozen other issues also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638, CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888, CVE-2009-3889, CVE-2009-3939
MD5 | e38ae4ed3f25d183f262c2fe08d3961a
Debian Linux Security Advisory 1946-1
Posted Dec 5, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1946-1 - It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0049
MD5 | 0537f7835764e5ce98e30256a9f2baf6
Mandriva Linux Security Advisory 2009-224
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-224 - Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-2937
MD5 | 4d5245608f2d241970f4c8353fcf2d18
Mandriva Linux Security Advisory 2009-223
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-223 - Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-1885
MD5 | acab8580b138c39db42d77856949840f
Mandriva Linux Security Advisory 2009-315
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-315 - neon before 0.28.6, when OpenSSL is used, does not properly handle a '\\0' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, arbitrary, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2474
MD5 | f502d9e9ac8e855da61a2955de863647
Mandriva Linux Security Advisory 2009-218
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 30599622274a6a427213334f3092ab58
Mandriva Linux Security Advisory 2009-212
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 4b025593d08806a343de0eba426069fe
Mandriva Linux Security Advisory 2009-211
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 7e61663a3f19dea9e078424a5be3ef7a
Mandriva Linux Security Advisory 2009-208
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2008-4776
MD5 | fe0ac62b8c338a9c6b800ccb9615f68b
Mandriva Linux Security Advisory 2009-213
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 83a980775861460b6320acf0bf388298
Mandriva Linux Security Advisory 2009-206
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-206 - GNU Wget before 1.12 does not properly handle a '\\0' (NUL) character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-3490
MD5 | 0c0f6080384833089a73a04efb15579a
DevIL DICOM GetUID() Buffer Overflow
Posted Dec 5, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected.

tags | advisory, overflow
advisories | CVE-2009-3994
MD5 | 58714520d3876effb9f18755329c2f3d
Core FTP Server 1.0 Build 319 Denial Of Service
Posted Dec 5, 2009
Authored by Mert SARICA

Core FTP Server version 1.0 Build 319 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | cb890ee677f3442afd521561fedb05f8
Ninja Intrusion And Prevention System
Posted Dec 5, 2009
Authored by Tom Rune Flo | Site forkbomb.org

Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.

Changes: A bugfix for x86-64 platforms when using a log file.
tags | tool, local, root, intrusion detection
systems | linux, unix
MD5 | 4ff6738dd84897a70d16997f6dcae06a
IPT_PKD Iptables Port Knocking Detection 1.5
Posted Dec 5, 2009
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: This release adds support for iptables 1.4.4 and 1.4.5 and kernels 2.6.30 and 2.6.31.
tags | tool, kernel, udp, firewall
systems | linux
MD5 | 4218bd5790110e326b8e61508a54b6fa
BM Classifieds Ads SQL Injection
Posted Dec 5, 2009
Authored by Cr3w-D, Dr.0rYX

BM Classifieds Ads suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 85cdfbc1134010629014d048001f6747
Achievo 1.4.2 Cross Site Scripting
Posted Dec 5, 2009
Authored by Nahuel Grisolia | Site cybsec.com

Achievo version 1.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 245160d3860cdd6c7237fe77a6dd65fe
Achievo 1.4.2 Shell Upload
Posted Dec 5, 2009
Authored by Nahuel Grisolia | Site cybsec.com

Achievo version 1.4.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 35ba49765753ae9e82e26870e2cbca39
libmodplug s3m Buffer Overflow
Posted Dec 5, 2009
Authored by dummy

The libmodplug library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. Versions prior to 0.8.6 are affected.

tags | exploit, remote, overflow
MD5 | c985c0ce8788dcfad9e52ae4c1d439c7
Yoast Google Analytics Cross Site Scripting
Posted Dec 5, 2009
Authored by MaXe

Yoast Google Analytics version 3.2.4 for Wordpress suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c977a8076853e4d145a0d6a2786ed744
Invision Power Board Local File Inclusion / SQL Injection
Posted Dec 5, 2009
Authored by Dawid Golunski

Invision Power Board versions 3.0.4 and below suffer from local file inclusion and remote SQL injection vulnerabilities. Versions 2.3.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | e4b771cd889fc1926a7be0967e202a97
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close