exploit the possibilities
Showing 1 - 25 of 46 RSS Feed

Files Date: 2010-02-26

SyScan 10 Call For Papers
Posted Feb 26, 2010
Site syscan.org

SyScan 10 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Hangzhou, Taipei, and Ho Chi Minh City.

tags | paper, conference
MD5 | b36bfc0a19b213fb2138302474a4b007
Mandriva Linux Security Advisory 2010-050
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.

tags | advisory, denial of service
systems | linux, mandriva
MD5 | 0fccabbaf71e2011697935542bdec54c
FileExecutive File Disclosure / Path Disclosure / Shell Upload
Posted Feb 26, 2010
Authored by ViRuSMaN

FileExecutive suffers from file disclosure, path disclosure, shell upload, edit administrator and add administrator vulnerabilities.

tags | exploit, shell, vulnerability, add administrator, file inclusion
MD5 | b7ed8f259efee49af9d97576f6dc9dab
getPlus Insufficient Domain Name Validation
Posted Feb 26, 2010
Authored by Yorick Koster | Site akitasecurity.nl

getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.

tags | advisory
advisories | CVE-2010-0189
MD5 | 3fdb375f69fdba6afb5d299261d069a8
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
MD5 | 96b5d56898cb42ff746d93184ad1b2cd
Internet Explorer 6 / 7 / 8 winhlp32.exe Command Execution
Posted Feb 26, 2010
Authored by Maurycy Prodeus | Site isec.pl

Internet Explorer versions 6, 7, and 8 suffer from an arbitrary command execution vulnerability related to winhlp32.exe.

tags | exploit, arbitrary
MD5 | 0158712ac4432a59112c1e0a8612ac46
Cybershade CMS 0.2b Session Hijacking
Posted Feb 26, 2010
Authored by JosS | Site spanish-hackers.com

Cybershade CMS version 0.2b suffers from a session hijacking vulnerability.

tags | exploit
MD5 | 5ce2049ea26b2667d01fde43abb66140
Mandriva Linux Security Advisory 2010-049
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2010-0426
MD5 | ce54f70bd3712518207c76a2bbe77157
Apache Tomcat Directory Traversal
Posted Feb 26, 2010
Authored by indoushka

Apache Tomcat versions 4.1.0 through 4.1.37 and 5.5.0 through 5.5.26 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | a27952fc15cbdbe3599544b288d2b98e
AtACimo RC2 Cross Site Scripting
Posted Feb 26, 2010
Authored by sniper ip

AtACimo release candidate 2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e1c16156cfc77aed46a8d861a87d9536
Openwall tcb Suite 1.0.5
Posted Feb 26, 2010
Site openwall.com

The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).

Changes: The .data section size has been reduced by 256 KB when tcb is compiled against Linux 2.6 kernel headers.
systems | linux
MD5 | f76081990891c19e529f00f4b9477546
John The Ripper 1.7.5
Posted Feb 26, 2010
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: Support for the use of --format along with --show or --make-charset has been added. The choice of .rec and .log filenames has been made more intuitive. A new numeric variable has been added to the rules engine. Various other fixes and additions have been made.
tags | cracker
systems | windows, unix, beos
MD5 | f9cf7c1da9e0e8202637950407442331
Comptel InstantLink Cross Site Scripting
Posted Feb 26, 2010
Authored by thebluegenius

The Comptel InstantLink system suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4e59a6d642da4b0d3b730c8ef9f437dd
Oracle Siebel Loyalty 8.1 Cross Site Scripting
Posted Feb 26, 2010
Authored by thebluegenius

Oracle Siebel Loyalty version 8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f969044b54609676819c812f0d962f4
Joomla JoomlaConnect_be SQL Injection
Posted Feb 26, 2010
Authored by Snakespc

The Joomla JoomlaConnect_be component suffers from a remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 32ce44e64c0359cb57c8d30f04c505ef
OpenSCAP Libraries 0.5.7
Posted Feb 26, 2010
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.

Changes: This release adds a new Debian dpkginfo probe, improved RHEL5 support, a new OVAL scanner commandline tool, Fedora 12 OVAL content, documentation updates, and lots of bugfixes.
tags | protocol, library
MD5 | 0c72fb5549f71ea095e0fe537f8030e8
Mandriva Linux Security Advisory 2010-048
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2010-0464
MD5 | 603ea6e56f052454b43c7ca0c358fcc1
RedBanc.cl Cross Site Scripting
Posted Feb 26, 2010
Authored by Zerial

RedBanc.cl, the Chilean ATM / banking network, suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 162ddb7ca4173c97ba8cdfdcbb5e025d
WebAdministrator Lite CMS SQL Injection
Posted Feb 26, 2010
Authored by Ariko-Security

WebAdministrator Lite CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5d6c72289d8abe0f322f9839127b6a0b
IBM Websphere Portal Cross Site Scripting
Posted Feb 26, 2010
Authored by Ofer Hafif | Site hacktics.com

IBM Websphere Portal Server and Lotus Web Content Management systems suffer from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 71387cd8f7bbcb5566f6405c7c70b8bc
DATEV Active-X Control Remote Command Execution
Posted Feb 26, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

The DATEV Active-X control suffers from a remote command execution vulnerability.

tags | advisory, remote, activex
advisories | CVE-2010-0689
MD5 | 4751b84357cfad67cddca8f9f4529f30
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Posted Feb 26, 2010
Authored by H D Moore, laurent gaffie, sf | Site metasploit.com

This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.

tags | exploit
systems | windows, vista, 7
advisories | CVE-2009-3103
MD5 | 3020f10279af4ec16b64a2fdc43b26b2
GameScript 3.0 SQL Injection
Posted Feb 26, 2010
Authored by FormatXFormaT

GameScript version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d8e6c0af8579fb44797fd00baed66570
Secunia Security Advisory 38752
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.

tags | advisory
MD5 | d7c3cece8368548eb27ebb6c56e0fa47
Secunia Security Advisory 38705
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, fedora
MD5 | 6560c48f7f16fe8e0d34c81e38fb271e
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close