the original cloud security
Showing 1 - 25 of 44 RSS Feed

Files Date: 2010-01-27

Debian Linux Security Advisory 1979-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1979-1 - Multiple vulnerabilities have been discovered in lintian, a Debian package checker.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
MD5 | 5b02a173de8bb1df9df37896a5651c2b
SAP BusinessObjects Cross Site Scripting
Posted Jan 27, 2010
Authored by Richard Brain | Site procheckup.com

SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b8ff415b2162a6d51559dbe082d71238
Ubuntu Security Notice 803-2
Posted Jan 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 803-2 - USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0692
MD5 | 59f8411599b6a1bac908489547ac10c6
ProCheckUp Security Advisory 2009.15
Posted Jan 27, 2010
Authored by ProCheckUp, Richard Brain | Site procheckup.com

HP System Management

tags | exploit
MD5 | 9c24ab6950cb652963c095255700b914
Cisco Security Advisory 20100127-mp
Posted Jan 27, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in Cisco Unified MeetingPlace. These range from insufficient validation of SQL commands to privilege escalation.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2010-0139, CVE-2010-0140, CVE-2010-0141, CVE-2010-0142
MD5 | 077ed399283adcd8b0aa2f29577bbd6a
MySQL yaSSL SSL Hello Message Buffer Overflow
Posted Jan 27, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-0226
MD5 | e84c81f804d3eb481760507625648075
Geo++(R) GNCASTER HTTP Digest Authentication Faulty Implementation
Posted Jan 27, 2010
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the GNCaster software has multiple bugs in its implementation of HTTP Digest Authentication. Versions 1.4.0.7 and below are affected.

tags | advisory, web
MD5 | 47a5f3d50e437ecb3f30c0df93675cbb
Geo++(R) GNCASTER Insecure Handling Of NMEA-Data
Posted Jan 27, 2010
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the GNCaster software does not handle NMEA-data correctly. An attacker that has valid login credentials can use this to crash the server software or potentially execute code on the server. Versions 1.4.0.7 and below are affected.

tags | exploit
MD5 | 3e2c933a8d60fc962fa41f41e23de87e
Mandriva Linux Security Advisory 2010-028
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof
systems | linux, netbsd, freebsd, openbsd, mandriva
advisories | CVE-2009-2702, CVE-2009-2537, CVE-2009-0689
MD5 | ca72b5b5176f9490073325867040e938
Mod_proxy From Apache 1.3 Integer Overflow
Posted Jan 27, 2010
Authored by Adam Zabrocki

Mod_proxy from Apache 1.3 suffers from an integer overflow. Full details and proof of concept provided.

tags | exploit, overflow, proof of concept
MD5 | 0e53eeae7fb95547ed4e285e0d53d28a
CamShot SEH Overwrite Exploit
Posted Jan 27, 2010
Authored by tecnik

CamShot version 1.2 SEH overwrite exploit.

tags | exploit
MD5 | a829049931c3d1bc1c1bcc645cb97500
HP Security Bulletin HPSBMA02502 SSRT090171
Posted Jan 27, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.

tags | advisory
advisories | CVE-2009-4183
MD5 | 4c455a83d8b462fe921015938e3d450c
ServersMan 3.1.5 Denial Of Service
Posted Jan 27, 2010
Authored by mr_me

The Apple iPhone/iPod Serversman HTTP server version 3.1.5 suffers from a denial of service vulnerability. Proof of concept included.

tags | exploit, web, denial of service, proof of concept
systems | apple, iphone
MD5 | 29d0bd31b0d0cecdea7a33d8ee1d1577
Netsupport Manager Denial Of Service
Posted Jan 27, 2010
Authored by Matthew Whitehead

Netsupport Manager versions prior to Jan 11, 2010 suffered from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | c9ccd1470badea64661a168c38cef217
Joomla Customers Who Bought SQL Injection
Posted Jan 27, 2010
Authored by bhunt3r

The Joomla Customers Who Bought module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 11aeb55d085b9126c7939c81a1e1e95c
ShareTronix 1.0.4 Cross Site Scripting
Posted Jan 27, 2010
Authored by MaXe

ShareTronix version 1.0.4 suffers from a html injection / cross site scripting vulnerability.

tags | exploit, xss
MD5 | f7ad9f2ebbce1f0b8a3efb950ab36fee
Lalim Compact Player Denial Of Service
Posted Jan 27, 2010
Authored by Red-D3v1L

Lalim Compact Player suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | f7be15fe171a1bd3cb26b1031f06cc3c
Geo++(R) GNCASTER 1.4.0.7 Insecure Handling Of Long URLs
Posted Jan 27, 2010
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the GNCASTER software does not handle long URLs correctly. An attacker can use this to crash the server software or potentially execute code on the server.Versions 1.4.07 and below are affected.

tags | exploit
MD5 | a19246be1fc4bb1f634a7c4a64f8e342
Weaning The Web Off Of Session Cookies
Posted Jan 27, 2010
Authored by Timothy D. Morgan | Site vsecurity.com

Whitepaper called Weaning The Web Off Of Session Cookies. It compares the security weaknesses and usability limitations of both cookie-based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice.

tags | paper, web
MD5 | 9469a3766c681c802663697fe6cb6347
Mandriva Linux Security Advisory 2010-027
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, javascript
systems | linux, netbsd, windows, freebsd, openbsd, apple, osx, mandriva, iphone
advisories | CVE-2009-2702, CVE-2009-1687, CVE-2009-1725, CVE-2009-1690, CVE-2009-1698, CVE-2009-2537, CVE-2009-0689, CVE-2009-0945
MD5 | 71dd2ef10df3ead3da1c7f0863e27e61
Joomla 3D Cloud Cross Site Scripting
Posted Jan 27, 2010
Authored by MustLive

The Joomla 3D Cloud component suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9738772d6588f828a5c4abd56dd90eda
Joomla Virtuemart 1.1.4 SQL Injection
Posted Jan 27, 2010
Authored by bhunt3r

The Joomla Virtuemart component version 1.1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ee87344dd271b05aa07d1df50691a953
Debian Linux Security Advisory 1978-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1978-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP.

tags | advisory, remote, web, php, vulnerability
systems | linux, debian
advisories | CVE-2009-4414, CVE-2009-4415, CVE-2009-4416
MD5 | c94da1ad689a93d98e4740e60381e1eb
Methods Of Quick Exploitation Of Blind SQL Injection
Posted Jan 27, 2010
Authored by Dmitriy Evteev | Site securitylab.ru

Whitepaper called Methods Of Quick Exploitation Of Blind SQL Injection.

tags | paper, sql injection
MD5 | eccd61b2d2aa22ed0d0eded8726b3b0e
LookMer Music Portal Database Disclosure
Posted Jan 27, 2010
Authored by LionTurk

LookMer Music Portal suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 16419ea3d743c87da1960724fbd966cc
Page 1 of 2
Back12Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    17 Files
  • 19
    Aug 19th
    15 Files
  • 20
    Aug 20th
    11 Files
  • 21
    Aug 21st
    15 Files
  • 22
    Aug 22nd
    15 Files
  • 23
    Aug 23rd
    13 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close