exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2010-02-26

SyScan 10 Call For Papers
Posted Feb 26, 2010
Site syscan.org

SyScan 10 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Hangzhou, Taipei, and Ho Chi Minh City.

tags | paper, conference
SHA-256 | 68eb33a2445ba33b93eac2cc42cdb7acfe711f408ca104f526921ee43473f4e7
Mandriva Linux Security Advisory 2010-050
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.

tags | advisory, denial of service
systems | linux, mandriva
SHA-256 | 6c71492b8421e92f36cdd1a6901462fa3a8ad3e3f74fa98728a535318bf3f961
FileExecutive File Disclosure / Path Disclosure / Shell Upload
Posted Feb 26, 2010
Authored by ViRuSMaN

FileExecutive suffers from file disclosure, path disclosure, shell upload, edit administrator and add administrator vulnerabilities.

tags | exploit, shell, vulnerability, add administrator, file inclusion
SHA-256 | f7f5c67e670e0bc41e64df6c871a2ab737bf4d7b24e41b3491f140ec2ae8ebed
getPlus Insufficient Domain Name Validation
Posted Feb 26, 2010
Authored by Yorick Koster | Site akitasecurity.nl

getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.

tags | advisory
advisories | CVE-2010-0189
SHA-256 | e071af8d3f4b8b962bc5edfde3e6bfc33db4acd32f7296e78e2eaedc666e6e16
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
SHA-256 | 1b93b33da3d5184c379547d81b5050d83dfdbc328a9e859576be03060c04eeb1
Internet Explorer 6 / 7 / 8 winhlp32.exe Command Execution
Posted Feb 26, 2010
Authored by Maurycy Prodeus | Site isec.pl

Internet Explorer versions 6, 7, and 8 suffer from an arbitrary command execution vulnerability related to winhlp32.exe.

tags | exploit, arbitrary
SHA-256 | ce8c868aaeb05091eebf05d2264a9ae0a388169e7afa4691506db33a26a57fc9
Cybershade CMS 0.2b Session Hijacking
Posted Feb 26, 2010
Authored by JosS | Site spanish-hackers.com

Cybershade CMS version 0.2b suffers from a session hijacking vulnerability.

tags | exploit
SHA-256 | 14ce583c55a5ed3d19649a70c7bb7cfc53a20fa68723a78e98b09df1170420f2
Mandriva Linux Security Advisory 2010-049
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2010-0426
SHA-256 | e08356d2265f5bbf8e1e1d35a2a50499020c9010536a56aec7e5bd3169bf8174
Apache Tomcat Directory Traversal
Posted Feb 26, 2010
Authored by indoushka

Apache Tomcat versions 4.1.0 through 4.1.37 and 5.5.0 through 5.5.26 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 784cbced69953a4b6c5cd8a8fbd15a313f674bac5a000ed841e40acb7d3d8787
AtACimo RC2 Cross Site Scripting
Posted Feb 26, 2010
Authored by sniper ip

AtACimo release candidate 2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9e0d4b0f825ff97e709506dd7e253dfbd37e93941c1e3b5aa8b90ea088487271
Openwall tcb Suite 1.0.5
Posted Feb 26, 2010
Site openwall.com

The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).

Changes: The .data section size has been reduced by 256 KB when tcb is compiled against Linux 2.6 kernel headers.
systems | linux
SHA-256 | df2b3d32c1f1b767d5777589695fb8947404f6068101ad147c6b58305da0c6d1
John The Ripper 1.7.5
Posted Feb 26, 2010
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: Support for the use of --format along with --show or --make-charset has been added. The choice of .rec and .log filenames has been made more intuitive. A new numeric variable has been added to the rules engine. Various other fixes and additions have been made.
tags | cracker
systems | windows, unix, beos
SHA-256 | db897484183389e5e4b83a6bfcd238179e1e2bfce0787f85c9be19d87090deda
Comptel InstantLink Cross Site Scripting
Posted Feb 26, 2010
Authored by thebluegenius

The Comptel InstantLink system suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 126feb8bc88964d80e385256db2a9e47fedd26d6459474ab9eef67d939954928
Oracle Siebel Loyalty 8.1 Cross Site Scripting
Posted Feb 26, 2010
Authored by thebluegenius

Oracle Siebel Loyalty version 8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b93b1060eee35e6f9fe03d649232909f4ab9c419cde427a22ad100637f664028
Joomla JoomlaConnect_be SQL Injection
Posted Feb 26, 2010
Authored by Snakespc

The Joomla JoomlaConnect_be component suffers from a remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 0744117df97d33fe748fee71acae4b33e346e42d7d78a1c94c36e17b5481e2cd
OpenSCAP Libraries 0.5.7
Posted Feb 26, 2010
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.

Changes: This release adds a new Debian dpkginfo probe, improved RHEL5 support, a new OVAL scanner commandline tool, Fedora 12 OVAL content, documentation updates, and lots of bugfixes.
tags | protocol, library
SHA-256 | 6aa196607cb2dc1c22eca5f8515302ac10958b410b35527ab69880d4c0e8caed
Mandriva Linux Security Advisory 2010-048
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2010-0464
SHA-256 | 5a74a11549ef957148ffdfc501ea49d478176ec6645d67961c660a4b2edc9d22
RedBanc.cl Cross Site Scripting
Posted Feb 26, 2010
Authored by Zerial

RedBanc.cl, the Chilean ATM / banking network, suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 634b798cea85a277862662913608c23f4803894f0d226dcbc1387293e3d3a86a
WebAdministrator Lite CMS SQL Injection
Posted Feb 26, 2010
Authored by Ariko-Security

WebAdministrator Lite CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 352a68b7739ff5001115d68f541be5dbaeb4c36c5e0370bceb430900ac14d367
IBM Websphere Portal Cross Site Scripting
Posted Feb 26, 2010
Authored by Ofer Hafif | Site hacktics.com

IBM Websphere Portal Server and Lotus Web Content Management systems suffer from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 91942922c8003dfbfec21b6086688dd980aad8df11ec3cc970f82ef9bcb39a73
DATEV Active-X Control Remote Command Execution
Posted Feb 26, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

The DATEV Active-X control suffers from a remote command execution vulnerability.

tags | advisory, remote, activex
advisories | CVE-2010-0689
SHA-256 | 0813b6e932bdf3408d8be317740e7fb909e9982105a6a146fa81b12ae71dbb2b
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Posted Feb 26, 2010
Authored by H D Moore, laurent gaffie, sf | Site metasploit.com

This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.

tags | exploit
systems | windows
advisories | CVE-2009-3103
SHA-256 | de2b37c604aa41ff0e596df449f770135048223b2482bc370245289a93342173
GameScript 3.0 SQL Injection
Posted Feb 26, 2010
Authored by FormatXFormaT

GameScript version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 45a1c144b40020782b9154b6b792d647ff8a03db40c9fa3cdab3b3b17b0731f1
Secunia Security Advisory 38752
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.

tags | advisory
SHA-256 | cb7691a7d72f6398bfb3a87125f6fd54d3c21d2155d5731fb531f8f43c895e07
Secunia Security Advisory 38705
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, fedora
SHA-256 | 2eea838cca988ed6f1dd1bdc96d5ab0a425fa9a7390d7ee9cdf0c0ca3c64653b
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close