ignore security and it'll go away
Showing 1 - 25 of 37 RSS Feed

Files Date: 2010-03-10

Samhain File Integrity Checker 2.6.3
Posted Mar 10, 2010
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a regression in the email module which caused messages of the highest priority to be queued along with lower priority messages, instead of being mailed immediately.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | d0b25c09bad153304f4aadba4b449c0e
Botan C++ Crypto Algorithms Library 1.9.4
Posted Mar 10, 2010
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: This version adds a SSLv3/TLSv1.0 implementation, the GOST 34.10-2001 signature scheme, and the XSalsa20 stream cipher. New countermeasures against fault attacks on signature schemes are included. New SIMD optimizations for the IDEA and Noekeon block ciphers are available, and CBC and XTS modes can now make use of cipher implementations that use SIMD. A SQLite-like amalgamation option is now available, making botan very easy to distribute in applications. The dependency on TR1 for ECC has been removed, making ECDSA/ECDH available on Windows and with older compilers.
tags | library
MD5 | 8ff9f7929b05295e9701adf1c8859a32
GNU Privacy Guard 2.0.15
Posted Mar 10, 2010
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A regression in 2.0.14 which prevented unprotection of new or changed gpg-agent passphrases was fixed. A new command "--passwd" was added. libassuan 2.0 is now used.
tags | encryption
MD5 | c1286e85b66349879dc4b760dd83e2f1
Firewall Builder With GUI 4.0.0
Posted Mar 10, 2010
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: This is a major upgrade. It comes with support for high availability firewall configurations, including heartbeat, vrrpd, keepalived, and conntrackd on Linux, CARP and pfsync on OpenBSD, and PIX failover configuration. It can generate configuration scripts to manage IP addresses, VLAN, bridge, and bonding interfaces on the firewall. Drop-in support for OpenWRT firewall script is now available, as well as experimental integration with IPCOP firewall appliances. The has supports undo and redo of unlimited depth and was generally streamlined and improved.
tags | tool, firewall
systems | cisco, linux, openbsd
MD5 | 211788146729375d450756f104441068
Anantasoft Gazelle CMS Cross Site Request Forgery
Posted Mar 10, 2010
Authored by Pratul Agrawal

Anantasoft Gazelle CMS suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | dad820e563724bc7b8c491876c9048fa
Employee Timeclock Software mysqldump Password Disclosure
Posted Mar 10, 2010
Site secunia.com

Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the "mysqldump" utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.

tags | advisory, local, info disclosure
advisories | CVE-2010-0124
MD5 | 5c55f50ca9c91dbe8978a3bb60746a6c
Employee Timeclock Software SQL Injection
Posted Mar 10, 2010
Site secunia.com

Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected.

tags | advisory, arbitrary, php, vulnerability, sql injection
advisories | CVE-2010-0122
MD5 | 97deca06ff6efb5d59e274ff9355eacb
First Remote Code Execution Vulnerablity Affecting Microsoft Notepad
Posted Mar 10, 2010
Authored by Eduardo Braun Prado | Site secumania.net

The MS HTML Help control activex is prone to a remote CHM help file hijack vulnerability when applications invoke help. Multiple built-in applications are vulnerable to this. The impact of the vulnerability is the loading of the incorrect CHM help file when it resides in the same directory the application invoking help starts in. This proof of concept exploit leverages Notepad to demonstrate the vulnerability.

tags | exploit, remote, activex, proof of concept
MD5 | 3f0edb83fb8c525b3c7a93556ab16cc7
Tar / Cpio Heap Buffer Overflow
Posted Mar 10, 2010
Authored by Jakob Lell

GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.

tags | advisory, overflow
advisories | CVE-2010-0624
MD5 | f12725e9c18845e64dcff526a6f7d29f
ispCP Omega 1.0.4 Remote File Inclusion
Posted Mar 10, 2010
Authored by cr4wl3r

ispCP Omega versions 1.0.4 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 1ecfa63512e948355cf15fd528e4c374
Employee Timeclock Software Backup Information Disclosure
Posted Mar 10, 2010
Site secunia.com

Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected.

tags | advisory, web, root
advisories | CVE-2010-0123
MD5 | 691c19edbe543e11cd7b2a8326ea3cd9
Httpdx 1.5.3 Break Services
Posted Mar 10, 2010
Authored by Jonathan Salwan | Site shell-storm.org

Httpdx version 1.5.3 remote break services exploit.

tags | exploit, remote
MD5 | 0d68268c5eda2e07d8be262bba731a96
Softbiz Jobs And Recruitment SQL Injection
Posted Mar 10, 2010
Authored by Easy Laster

Softbiz Jobs and Recruitment script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a2b901cd5a4520daee9be76aab46b150
Campsite 3.3.5 Cross Site Request Forgery
Posted Mar 10, 2010
Authored by Pratul Agrawal

Campsite version 3.3.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 02c5f2f26afd7f5d5c3d519bb791a6fe
iDEFENSE Security Advisory 2010-03-09.4
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0260
MD5 | 361cae51b434d20705f58c6f7cde7793
iDEFENSE Security Advisory 2010-03-09.3
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0261
MD5 | fcd3d4df59f6a8656e954ecae6950e45
iDEFENSE Security Advisory 2010-03-09.2
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs due to Excel using a local function variable without properly initializing it. This error occurs when parsing several related records inside of an Excel worksheet. When Excel parses certain records in a particular order, a stack variable may not be initialized properly. If an attacker can control the area of memory used for this variable, then it is possible to execute arbitrary code on the targeted host. iDefense has confirmed the existence of this vulnerability in Excel versions 2003 SP3, 2007 SP0, SP1, and SP3 . Previous versions do not appear to be affected. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, arbitrary, local
advisories | CVE-2010-0262
MD5 | 4c6d869c98aaa46c8b7d0dec92b565e3
60cycleCMS Cross Site Scripting
Posted Mar 10, 2010
Authored by Pratul Agrawal

60cycleCMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 47b9959eebc266e101924d1fd6e37482
iDEFENSE Security Advisory 2010-03-09.1
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is a type confusion vulnerability that occurs when parsing several related Excel record types. In this case, the type confusion is due to multiple records containing fields that identify the type of an object shared between them. By controlling memory outside of the bounds of the allocated heap chunk, an attacker can control a C++ object pointer used in a virtual function call. This can result in an area of memory being treated as a different type of object than it actually is, resulting in access outside of the bounds of the allocated object. iDefense has confirmed the existence of this vulnerability in all currently supported versions of Excel (2007 SP1/SP2, 2003 SP3, XP SP3), and also the currently unsupported Excel 2000 SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0258
MD5 | bc5319861ff9ff807a6e7bfce8180ecb
Friendly-Tech FriendlyTR69 2.8.9 SQL Injection
Posted Mar 10, 2010
Authored by Yaniv Miron

Friendly-Tech FriendlyTR69 CPE remote management version 2.8.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e9c939b6efcdae9fd324a8ff61d3f247
Hydra CMS SQL Injection / Cross Site Scripting
Posted Mar 10, 2010
Authored by MustLive

Hydra CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 1e7bf05f74db4c8d6bb5c916597f23bf
Debian Linux Security Advisory 2009-1
Posted Mar 10, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2009-1 - It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitizing in the TrackBack transmission plugin.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2010-0726
MD5 | 17479d9fa7fc431d68a341d436fda6a2
Secunia Security Advisory 38843
Posted Mar 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for curl. This fixes a security issue, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

tags | advisory, denial of service
systems | linux, fedora
MD5 | 8385d6933e16106819e2a94357e1880e
Secunia Security Advisory 38863
Posted Mar 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
MD5 | b26fa391a70f49993c4dad0c0e6d89dc
Secunia Security Advisory 38814
Posted Mar 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for bournal. This fixes multiple security issues, which can be exploited by malicious, local users to disclose sensitive information and to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, fedora
MD5 | 9125cd21078ac4d5daf5ca30730521cf
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close