exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files Date: 2009-12-17

Open Source CERT Security Advisory 2009.19
Posted Dec 17, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Ganeti versions greater than and equal to 1.2.9, 2.0.5, and 2.1.0-rc2 suffer from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2009-4261
SHA-256 | 38ad9fb8176a29c49ef7d6bc05a8b7d39a8a5f0fd8c68eab4b4ac8fe36fc89c9
Winamp PNG / JPEG Data Integer Overflow
Posted Dec 17, 2009
Authored by Nicolas Joly | Site vupen.com

Winamp versions 5.56 and below suffer from PNG / JPEG data related integer overflows.

tags | advisory, overflow
SHA-256 | 00ac4b07e29ca97458c3bf23efeb44c90db99bf75eae3b7d99c57c99fcb24140
Horde 3.3.5 Cross Site Scripting
Posted Dec 17, 2009
Authored by Juan Galiana Lara

Horde version 3.3.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2009-3701
SHA-256 | 1627efc1a062f84d9d9c5667d6a97f0f55081228b23f76fefb6717a55faaf8a5
Cisco ASA VPN SSL Module Bypass
Posted Dec 17, 2009
Authored by David Eduardo Acosta Rodriguez

Cisco VPN SSL Clientless lets administrators define rules to specific targets within the private network that WebVPN users will be able to access. This specific targets are published using links in VPN SSL home page. These links (URL) are protected (obfuscated) using a ROT13 substitution and converting ASCII characters to hexadecimal. An user with a valid account and without "URL entry" can access any internal/external resource simply taken an URL, encrypt with ROT 13, convert ASCII characters to hexadecimal and appending this string to Cisco VPN SSL URL. Brilliant. Versions 8.x and below are affected. Proof of concept included.

tags | exploit, proof of concept, bypass
systems | cisco
SHA-256 | eed08b404d2e80d03da94999244f8dcc1cc89b2c4db6f0ac79d11d118d8c4c7c
Sitecore Staging Module Authentication Bypass
Posted Dec 17, 2009
Authored by Lukas Weichselbaum | Site sec-consult.com

Sitecore Staging Module versions 5.4.0 revision 080625 and below suffer from authentication bypass and file manipulation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 0021244a4c6cebaaec10e5a1c3d431de7999b29903a312e90b39f88e0151ebb6
SomeryC 0.2.5 Remote File Inclusion
Posted Dec 17, 2009
Authored by AnTi SeCuRe | Site vxx9.cc

SomeryC version 0.2.5 suffers from the same remote file inclusion previously discovered in 0.2.4.

tags | exploit, remote, code execution, file inclusion
SHA-256 | f3ec16bd27b334c53f45b7a77fadbbce3355d1f6297ca6ec6a8f1c3f6b984e5a
Rumba XML Cross Site Scripting
Posted Dec 17, 2009
Authored by Hadi Kiamarsi

Rumba XML suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d25348706003b40e96af4297734bb2cfcc34deef0399ab25849570e52107f78e
Hostmap Discovery Tool 0.2
Posted Dec 17, 2009
Authored by Alessandro Tanasi | Site hostmap.sourceforge.net

Hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It's goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.

Changes: Fully refactored and rewritten in Ruby. User requested interrupt (CTRL+C) now is handled. Various other changes and many additions.
tags | tool, scanner, ruby
systems | unix
SHA-256 | a06c770c7aaaaaa5ceac444c53dcb693e0a188f472e1d9b614145219d8de7f17
Winamp Impulse Tracker Instrument Parsing Buffer Overflows
Posted Dec 17, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered three vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions and can be exploited to cause heap-based buffer overflows via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2009-3995
SHA-256 | ca49063a3ce1d04720b9450f40327282be08ce864b34b3207257c6a67a5ed246
Winamp Impulse Tracker Sample Parsing Buffer Overflow
Posted Dec 17, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3995
SHA-256 | 07e9de28b9074addc7c2002be4bc50f5d8a928740507ce513ac4af97b163c2e6
Winamp Ultratracker File Parsing Buffer Overflow
Posted Dec 17, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Ultratracker files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3996
SHA-256 | da211724536ef1c0859a7361b4f4cf6b1b6866921c4d73d47b44411d27b7fdda
PHP F1 Shell Upload
Posted Dec 17, 2009
Authored by wlhaan Hacker

PHP F1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php, file upload
SHA-256 | f8a3aaa2ecebf10bba91b9dd757a4fb77861c059319794df9cbaf53ec4392438
Winamp Oktalyzer Parsing Integer Overflow Vulnerability
Posted Dec 17, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Oktalyzer files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3997
SHA-256 | 123cb62bfd01bb8e6554db8f9fa0a7da3e9f532dcd856406860c649b903bde01
DBLog Database Disclosure
Posted Dec 17, 2009
Authored by AnTi SeCuRe | Site vxx9.cc

DBLog suffers from a remote database disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | e85613a71a24eadb016d3ee0b8e925f7a8c9faf13410733cfe77edb58692a5c5
Mandriva Linux Security Advisory 2009-334
Posted Dec 17, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-334 - Multiple poppler vulnerabilities have been addressed though Mandriva failed to note them. Check the CVEs for additional information.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0791, CVE-2009-3605, CVE-2009-3608, CVE-2009-3609
SHA-256 | 030273d5d33a240b7b1fd29191f45d4461d598cf3adb0356f63b653f5b433171
Basic PHP Events Lister 2 Add Administrator
Posted Dec 17, 2009
Authored by RENO

Basic PHP Events Listed version 2 suffers from a remote administrator addition vulnerability.

tags | exploit, remote, php, add administrator
SHA-256 | 74ed9b3642d70d0412605811887c34ceccf76ce3536f5299e16f7330254e7f58
HP Security Bulletin HPSBMA02252 SSRT061258 SSRT061259
Posted Dec 17, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector running on HP-UX, Windows, Linux and Solaris. These vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-2280, CVE-2007-2281
SHA-256 | 6cc8f95ed238f04230a64989f4543105eec588432c89532c7c415c015f512406
Jobscript4Web 3.5 XSRF
Posted Dec 17, 2009
Authored by bi0

Jobscript4Web version 3.5 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 065f02f1573dfa592a1aa6d0b782b4c891a70801860af56a5c95efcaf8bbc00b
Matrimony Script XSRF
Posted Dec 17, 2009
Authored by bi0

Matrimony Script suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 1716b41e4bcc6a693df27ace159b8b94f99ea19d9dd8d331b16924ee294ded5a
Secunia Security Advisory 37813
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing attacks, or compromise a user's system.

tags | advisory, spoof, vulnerability
systems | linux, debian
SHA-256 | 25a2538fec74e08bc6d336d10cba14c00c3465b00148729b1dbb7407aca0e276
Secunia Security Advisory 37730
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Maxim A. Kulakov has reported a vulnerability in multiple Kaspersky products, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 3ed36b5f9b1d604a9760c658a9e56ed5742a6d6999e0355612281237729ab11b
Secunia Security Advisory 37743
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in ScriptsEz Ez Blog, which can be exploited by malicious people to conduct cross-site scripting, request forgery, and script insertion attacks.

tags | advisory, vulnerability, xss
SHA-256 | 87515113710eb062a6753aca3446f3116ef235ce80cdbe2ad9d336077bbe24dc
Secunia Security Advisory 37814
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in GNU Automake, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
SHA-256 | dc5a0bf1c63345153fc2af008d05c33860bda7796b89325f1675051b4db4fbf2
Secunia Security Advisory 37752
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Justin C. Klein Keane has reported a vulnerability in the Sections module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 8ce8527c3873d7d56989db9f9efd9a840d4e8e403faf408cb14e8a3846da161f
Secunia Security Advisory 37810
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Cisco WebEx WRF Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | cisco
SHA-256 | 8baa669dcbaf015922a456ac5d58e3d8b4ad6d55c31a05dd2f9d9442d6fc35c6
Page 1 of 3
Back123Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close