Exploit the possiblities
Showing 1 - 25 of 53 RSS Feed

Files Date: 2010-02-04

Core Security Technologies Advisory 2009.0625
Posted Feb 4, 2010
Authored by Core Security Technologies, Jorge Luis Alvarez Medina, Federico Muttis | Site coresecurity.com

Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.

tags | exploit, remote, vulnerability
advisories | CVE-2010-0255
MD5 | 36320648119fe6322abfd8ce8887f87e
libssh2 C Library 1.2.3
Posted Feb 4, 2010
Site libssh2.org

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.

Changes: This release adds ssh-agent support, libssh2_trace_sethandler(), and two new examples. It fixes 8 bugs, including two memory leaks.
tags | encryption, protocol
MD5 | 24144c99908f377c2c4a9b3942102f0b
Stunnel SSL Wrapper 4.31
Posted Feb 4, 2010
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Log file reloading with SIGUSR1 was added. Some regression issues introduced in the experimental version 4.30 were fixed.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 2fc31bc0c940fbe545a88d896b13cacf
Tinc VPN Daemon 1.0.12
Posted Feb 4, 2010
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release really allows fast roaming of hosts to other nodes in a switched VPN, fixes potentially missing or incorrect environment variables when calling host-up/down and subnet-up/down scripts, allows the port to be specified in Address statements, clamps MSS of TCP packets to the discovered path MTU, and lets two nodes behind NAT learn each other\'s current UDP address and port via a third node, potentially allowing direct communications in a similar way to STUN.
tags | encryption
MD5 | 51dc4a2e5bcbc0ff7dd1a420635c614e
ManageEngine OpUtils 5 Login.DO Cross Site Scripting
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.

tags | exploit, vulnerability, xss
MD5 | b569e4cd245b6a5868965bb9949c002e
ManageEngine OpUtils 5 Login.DO SQL Injection
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.

tags | exploit, remote, sql injection
MD5 | ab4dbe3b908d1e7283e0f2d25720467e
UltraBB 1.17 Cross Site Scripting
Posted Feb 4, 2010
Authored by s4r4d0

UltraBB version 1.17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e70ce312039d9c06cb2a1e98484e24b7
Hackito Ergo Sum 2010 Call For Papers
Posted Feb 4, 2010
Authored by Hackito Ergo Sum | Site hackitoergosum.org

The Hackito Ergo Sum 2010 Call For Papers has been announced. It will be held from April 8th to 10th, 2010 in Paris, France. HES2010 will focus on hardcore computer security, insecurity, vulnerability analysis, reverse engineering, research and hacking.

tags | paper, conference
MD5 | e4432de9993e8e01e8bf8e785aa4784e
Outlook Web Access Attachment Access
Posted Feb 4, 2010
Authored by Ricardo Martins

Outlook Web Access (OWA) suffers from a vulnerability that allows direct access to files blocked by policy.

tags | exploit, web, bypass
MD5 | d8f70bc0f1a1bbc62540ee3043f2a50d
Hipergate 4.0.12 SQL Injection
Posted Feb 4, 2010
Authored by N. Grisolia

Hipergate version 4.0.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a5cc9759bc347aa210794009247813a5
Hipergate 4.0.12 Reflected Cross Site Scripting
Posted Feb 4, 2010
Authored by N. Grisolia

Hipergate version 4.0.12 suffers from a reflected cross site scripting vulnerability.

tags | exploit, xss
MD5 | c4ae14b95f6b97895fbde7eb9e9d3fa9
Hipergate 4.0.12 Permanent Cross Site Scripting
Posted Feb 4, 2010
Authored by N. Grisolia

Hipergate version 4.0.12 suffers from a permanent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1d2b1c6e1e6be949e7cbd52c92882723
AOL 9.5 Heap Overflow
Posted Feb 4, 2010
Authored by karak0rsan | Site tcc.hellcode.net

Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5. Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on "waol.exe". Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
MD5 | 4a4f33ee6e688f98ab47780495138ecf
AMS2 Symantec Code Execution
Posted Feb 4, 2010
Authored by Kingcope

Remote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products.

tags | exploit, remote
advisories | CVE-2009-1429
MD5 | f978f77e5fbeaf14861e8acc2a406f0e
Facebook Cross Site Scripting
Posted Feb 4, 2010
Authored by Juan Galiana Lara

The mobile interface of Facebook social network was affected by a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 338251d4ffb06072b74d2b1c1c127482
Whitepaper Called Reverse Honey Trap
Posted Feb 4, 2010
Authored by Aditya K Sood, Rohit Bansal

Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers.

tags | paper, web
MD5 | 979913c772244ef601f8a0becdd79981
HP Security Bulletin HPSBOV02505 SSRT100023
Posted Feb 4, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege.

tags | advisory
advisories | CVE-2010-0443
MD5 | 7f59caf4a03b1252f4de50f00137b2b3
Debian Linux Security Advisory 1990-1
Posted Feb 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1990-1 - Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries.

tags | advisory, web
systems | linux, debian
advisories | CVE-2010-0394
MD5 | 1bf01f60060ecfed6d59bc59620b1749
Debian Linux Security Advisory 1989-1
Posted Feb 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1989-1 - Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, debian
advisories | CVE-2009-3297
MD5 | 0b544879650be317a980053b30aee4fa
Debian Linux Security Advisory 1988-1
Posted Feb 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1988-1 - Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725, CVE-2009-2700
MD5 | 0fadcfbd4ac0cef554418c9945fd3bb0
PHP Car Rental Script SQL Injection
Posted Feb 4, 2010
Authored by MizoZ

PHP Car Rental Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 2d12cc041c0ad3d7d5d158a6e7c3741a
Digital Amp MP3 3.1 Crash
Posted Feb 4, 2010
Authored by SkuLL-HacKeR

Digital Amp MP3 version 3.1 local crash proof of concept exploit.

tags | exploit, denial of service, local, proof of concept
MD5 | 4f9a3b88e0975b5ba45f99cb81a7b8d3
Packet Storm New Exploits For January, 2010
Posted Feb 4, 2010
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 517 exploits added to Packet Storm in January, 2010.

tags | exploit
MD5 | 7b95540b80dd588d186922b6943bce5e
Pound-2.5.tgz
Posted Feb 4, 2010
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: New features include support for HTTPS back-end servers, full support for DH key exchange, an "include" directive in configuration files, support for separate connection time-out, much improved auto-configuration and Make, and flags to enable or disable optional libraries. A bunch of minor bugs were fixed. Performance was improved.
tags | web
MD5 | 2693e0f51f025572b3d3875fd0664c04
sydbox-0.6.4.tar.bz2
Posted Feb 4, 2010
Authored by Ali Polatel | Site projects.0x90.dk

sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.

Changes: This release fixes a few annoyances. Sydbox now uses vfork instead of fork to spawn the initial child, which decreases start up time. This also replaces the before_initial_execve hack for execve() sandboxing. Network access violations can now be filtered. Option parsing was fixed.
tags | tool
systems | unix
MD5 | a36c88a6abe919db2d138b3ad5b1f110
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close