what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2010-01-12

Technical Cyber Security Alert 2010-12B
Posted Jan 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-12B - Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.

tags | advisory, vulnerability
systems | windows, xp
advisories | CVE-2010-0018
MD5 | d9a522110eac29f174a5b5c54bf4dad5
Zero Day Initiative Advisory 10-02
Posted Jan 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Oracle Secure Backup Services daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2010-0072
MD5 | 3f1f881e9f1eb23f604ac6d14f2d4c7b
HITB Magazine Volume 1 Issue 1
Posted Jan 12, 2010
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 1 Issue 1 -This issue covers LDAP injection, DLL injection, malware obfuscation, and more.

tags | magazine
MD5 | e0e38d8bcad34abd0c623fcfd8fdf0fa
Technical Cyber Security Alert 2010-12A
Posted Jan 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-12A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
MD5 | c0b9455faba3da718ac355bf075afb14
Ubuntu Security Notice 881-1
Posted Jan 12, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 881-1 - It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2009-4212
MD5 | c5cc3071235d3683b1c35e54ec7d601d
Google Maps Cross Site Scripting
Posted Jan 12, 2010
Authored by Gaurav Baruah, Pratul Agrawal

Google Maps suffered from a cross site scripting vulnerability. This was patched the same day as it was publicly disclosed.

tags | exploit, xss
MD5 | 888f54e7c1d88d88df037210a4b74f12
Calendar Express 2 Cross Site Scripting
Posted Jan 12, 2010
Authored by Sora

Calendar Express 2 version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a16ab7782187e412a8f1d53ece193831
Apple Iphone/Ipod Denial Of Service
Posted Jan 12, 2010
Authored by mr_me

Apple Iphone/Ipod Udisk FTP Basic Edition version 1.0 suffers from a remote pre-authentication denial of service vulnerability. Proof of concept included.

tags | exploit, remote, denial of service, proof of concept
systems | apple, iphone
MD5 | 042f4471fccaaf1f978d0f8954491a7a
Mandriva Linux Security Advisory 2010-003
Posted Jan 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-003 - sendmail before 8.14.4 does not properly handle a '\\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for this vulnerability.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-4565
MD5 | c18ea676b8eb51367d52261fb2788cf0
Mandriva Linux Security Advisory 2010-002
Posted Jan 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-002 - Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. This update provides pidgin 2.6.5, which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2010-0013
MD5 | 7226873ff6153f816a25acddb14064ab
Mandriva Linux Security Advisory 2010-001
Posted Jan 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-001 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2009-3615, CVE-2010-0013
MD5 | e5b03601138caff85338a39af21a4bfc
LayoutCMS 1.0 SQL Injection / Cross Site Scripting
Posted Jan 12, 2010
Authored by R3d-D3v!L

LayoutCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 48bf17562f7d5271e284581300693420
PhPepperShop Webshop 2.5 Cross Site Scripting
Posted Jan 12, 2010
Authored by Crux

PhPepperShop Webshop version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e02ad44bbe24356663d682f8a4a9ed15
VisioSight Script 1.0 SQL Injection
Posted Jan 12, 2010
Authored by R3d-D3v!L

VisioSight Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0f530e0c59c472177549de03b031b4a3
Commercial CMS 1.0 Cross Site Scripting
Posted Jan 12, 2010
Authored by R3d-D3v!L

Commercial CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f03794f8b802f3fcfc75caaf94e1a2b
Docmint CMS 1.0 Cross Site Scripting
Posted Jan 12, 2010
Authored by R3d-D3v!L

Docmint CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0a710bc7f684cc0dabf758f6df7b957e
SBD Directory 4.0 Cross Site Scripting
Posted Jan 12, 2010
Authored by Crux

SBD Directory version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 03accaa66a9b866dcc98d634e3259224
IBM Cognos 8 Business Intelligence 8.4.1 Cross Site Scripting
Posted Jan 12, 2010
Authored by Spala Ferenc

IBM Cognos 8 Business Intelligence version 8.4.1 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 3d6900f49ce26748400a87ac87f523c2
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close