what you don't know can hurt you
Showing 1 - 25 of 61 RSS Feed

Files Date: 2010-01-05

Microsoft SQL Server sp_replwritetovarbin Memory Corruption
Posted Jan 5, 2010
Authored by jduck | Site metasploit.com

A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. This exploit smashes several pointers, as shown below. 1. pointer to a 32-bit value that is set to 0 2. pointer to a 32-bit value that is set to a length influenced by the buffer length. 3. pointer to a 32-bit value that is used as a vtable pointer. In MSSQL 2000, this value is referenced with a displacement of 0x38. For MSSQL 2005, the displacement is 0x10. The address of our buffer is conveniently stored in ecx when this instruction is executed. 4. On MSSQL 2005, an additional vtable ptr is smashed, which is referenced with a displacement of 4. This pointer is not used by this exploit. There are two different methods used by this exploit, which have been named "writeNcall" and "sprayNbrute". The first, "writeNcall", was published by k'sOSe on Dec 17 2008. It uses pointers 2 and 3, as well as a writeable address. This method is quite reliable. However, it relies on the the operation on pointer 2. Newer versions of SQL server (>= 2000 SP3 at least) use a length value that is 8-byte aligned. This imposes a restriction that the code address that leads to the payload (jmp ecx in this case) must match the regex '.[08].[08].[08].[08]'. Unfortunately, no such addresses were found in memory. For this reason, the second method, "sprayNbrute" is used. First a heap-spray is used to prime memory with lots of copies of the address of our code that leads to the payload (jmp ecx). Next, brute force is used to try to guess a value for pointer 3 that points to the sprayed data. A new method of spraying the heap inside MSSQL is presented. Sadly, it only allows the creation of a bunch of 8000 byte buffers.

tags | exploit, overflow
systems | windows
advisories | CVE-2008-5416
MD5 | a6ba5011db5fd353bf27497da463eaa4
BigAnt Server 2.52 USV Buffer Overflow
Posted Jan 5, 2010
Authored by jduck, DouBle_Zer0, Lincoln | Site metasploit.com

This exploits a stack overflow in the BigAnt Messaging Service, part of the BigAnt Server product suite. This Metasploit module was tested successfully against version 2.52. NOTE: The AntServer service does not restart, you only get one shot.

tags | exploit, overflow
MD5 | 9faf9e3ec743c3615196e705a8f3befc
Gentoo Linux Security Advisory 201001-3
Posted Jan 5, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5498, CVE-2008-5514, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2008-5814, CVE-2008-5844, CVE-2008-7002, CVE-2009-0754, CVE-2009-1271, CVE-2009-1272, CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546
MD5 | 712336a63c0cc0a0608bdcf2ae90dee2
Mandriva Linux Security Advisory 2009-220
Posted Jan 5, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 519ad0aaf9f7de9d7a5a06b5ae943b5e
Obsession-Design Image-Gallery (ODIG) Cross Site Scripting
Posted Jan 5, 2010
Authored by kaMtiEz | Site indonesiancoder.com

Obsession-Design Image-Gallery (ODIG) suffers from a cross site scripting vulnerability in display.php.

tags | exploit, php, xss
MD5 | 7f28c14680e3b22b0dbbbc4678b825b2
Ofilter Player 1.1 Local Denial Of Service
Posted Jan 5, 2010
Authored by Rehan Ahmed | Site rewterz.com

Ofilter Player version 1.1 suffers from a local denial of service vulnerability.

tags | advisory, denial of service, local
MD5 | 111408c8296ed2bac6ca1e2159ca9ee5
Nemesis Player (NSP) Local Denial Of Service
Posted Jan 5, 2010
Authored by Rehan Ahmed | Site rewterz.com

Nemesis Player (NSP) version 2.0 and 1.1 Beta suffer from a local denial of service vulnerability.

tags | advisory, denial of service, local
MD5 | 1c73ae422f3885af49a20818b7f4fe8b
n.player 1.12.07 Local Heap Overflow
Posted Jan 5, 2010
Authored by Rehan Ahmed | Site rewterz.com

n.player version 1.12.07 suffers from a local heap overflow vulnerability.

tags | advisory, overflow, local
MD5 | ee645d2777918b5b00361702f5fc854e
SyScan 10 Call For Training
Posted Jan 5, 2010
Site syscan.org

SyScan 10 Call For Training - This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Ho chi Minh City (Vietnam).

tags | paper, conference
MD5 | ec59e6c7768e2ea9e0bc97308a9f45c8
How To Do Windows Account Password Guessing With WinScanX
Posted Jan 5, 2010
Authored by Reed Arvin | Site windowsaudit.com

Small write up describing how to do windows account password guessing using the WinScanX tool.

tags | paper
systems | windows
MD5 | 3677f4cfe39458958727056c89ed3cab
LineWeb Local File Inclusion / SQL Injection
Posted Jan 5, 2010
Authored by Ignacio Garrido

LineWeb suffers from remote SQL injection, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
MD5 | 4633216f27c28d2605b49c5af0da4697
YP Portal MS-Pro Surumu 1.0 Database Disclosure
Posted Jan 5, 2010
Authored by indoushka

YP Portal MS-Pro Surumu version 1.0 suffers from a remote database download vulnerability.

tags | exploit, remote, info disclosure
MD5 | 486630e98870bf94aaee604790e022b8
Secunia Security Advisory 38076
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in KMSoft Guestbook, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 29907550d2f1c04616d9aca5b0ea2ecb
Secunia Security Advisory 38096
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - alnjm33 has reported a vulnerability in Deviant Art Clone, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 3573f15864c63dae8ce725fddd78ac76
Secunia Security Advisory 38078
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Justin C. Klein Keane has discovered some vulnerabilities in Magento, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 0f7137608a39f7194076547018474f7b
Secunia Security Advisory 38048
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Linear eMerge, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | a7bd71d0aec457d65fa23a604fc36ea5
Secunia Security Advisory 38103
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in CNR Hikaye Portal, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | c840f76a0ab000f8e3ed65be8ee5f5de
Secunia Security Advisory 38117
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in LXR Cross Referencer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 6b6af7dd58239ae9babd21ea224b47b3
Secunia Security Advisory 38072
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Events Manager plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 2721fe8fecbd921d97b8139bab4d775e
Secunia Security Advisory 38001
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the TPJobs component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 5242d91ab1f24b2d31355a3e345bd280
Secunia Security Advisory 38054
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Webace CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | dac5a498ba938e6dd0660de75d7620c1
Secunia Security Advisory 38106
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in uF.Phpaw, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 4c24981b66bda3f293da205b8d5c24e8
Secunia Security Advisory 38109
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in PD Portal, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 306cde8e1e6a5559d5f1dc601741de7d
Secunia Security Advisory 38113
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in F5 Data Manager, which can be exploited by malicious users to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | c9930c1efe496c4e7192cbcb30d701de
Secunia Security Advisory 38008
Posted Jan 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Left 4 Dead Stats, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | b56ea311e7893e02e818538b48cb016e
Page 1 of 3
Back123Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close