exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2010-03-10

Samhain File Integrity Checker 2.6.3
Posted Mar 10, 2010
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a regression in the email module which caused messages of the highest priority to be queued along with lower priority messages, instead of being mailed immediately.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 8cd4ffd3e9ce8c519665215549971586b664385a5392246824a5eb3b4b4ba121
Botan C++ Crypto Algorithms Library 1.9.4
Posted Mar 10, 2010
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: This version adds a SSLv3/TLSv1.0 implementation, the GOST 34.10-2001 signature scheme, and the XSalsa20 stream cipher. New countermeasures against fault attacks on signature schemes are included. New SIMD optimizations for the IDEA and Noekeon block ciphers are available, and CBC and XTS modes can now make use of cipher implementations that use SIMD. A SQLite-like amalgamation option is now available, making botan very easy to distribute in applications. The dependency on TR1 for ECC has been removed, making ECDSA/ECDH available on Windows and with older compilers.
tags | library
SHA-256 | 094a54277805905742060da5052c713064a686d8a1ae4245817b9312a8c8ac12
GNU Privacy Guard 2.0.15
Posted Mar 10, 2010
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A regression in 2.0.14 which prevented unprotection of new or changed gpg-agent passphrases was fixed. A new command "--passwd" was added. libassuan 2.0 is now used.
tags | encryption
SHA-256 | 5881882f4da120ce1c71da64468392704b391ca7652ddc512bc4f1d8968f0d1c
Firewall Builder With GUI 4.0.0
Posted Mar 10, 2010
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: This is a major upgrade. It comes with support for high availability firewall configurations, including heartbeat, vrrpd, keepalived, and conntrackd on Linux, CARP and pfsync on OpenBSD, and PIX failover configuration. It can generate configuration scripts to manage IP addresses, VLAN, bridge, and bonding interfaces on the firewall. Drop-in support for OpenWRT firewall script is now available, as well as experimental integration with IPCOP firewall appliances. The has supports undo and redo of unlimited depth and was generally streamlined and improved.
tags | tool, firewall
systems | cisco, linux, openbsd
SHA-256 | e1a0294b875443b04d6afa8dded2a8dfb102925040bd6b177ab2a628a10231ec
Anantasoft Gazelle CMS Cross Site Request Forgery
Posted Mar 10, 2010
Authored by Pratul Agrawal

Anantasoft Gazelle CMS suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a14362560ff7768b718cea04d0245c6a007f69091c2e9368fbba77276da41755
Employee Timeclock Software mysqldump Password Disclosure
Posted Mar 10, 2010
Site secunia.com

Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the "mysqldump" utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.

tags | advisory, local, info disclosure
advisories | CVE-2010-0124
SHA-256 | c121eab4b6b14b7e6b0057b834916031f50a684b99bfd9ae840f8820a4494bc8
Employee Timeclock Software SQL Injection
Posted Mar 10, 2010
Site secunia.com

Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected.

tags | advisory, arbitrary, php, vulnerability, sql injection
advisories | CVE-2010-0122
SHA-256 | 5795aa2f7b68c3c5da9b0bfedba7c22c43d0eb18d3b5231dfd1bb899c4d043f4
First Remote Code Execution Vulnerablity Affecting Microsoft Notepad
Posted Mar 10, 2010
Authored by Eduardo Braun Prado | Site secumania.net

The MS HTML Help control activex is prone to a remote CHM help file hijack vulnerability when applications invoke help. Multiple built-in applications are vulnerable to this. The impact of the vulnerability is the loading of the incorrect CHM help file when it resides in the same directory the application invoking help starts in. This proof of concept exploit leverages Notepad to demonstrate the vulnerability.

tags | exploit, remote, activex, proof of concept
SHA-256 | d554dfbaf395542e7dbce75391389ccf6d9ee1129f374497120bd915602e661e
Tar / Cpio Heap Buffer Overflow
Posted Mar 10, 2010
Authored by Jakob Lell

GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.

tags | advisory, overflow
advisories | CVE-2010-0624
SHA-256 | d24150b634cab2351df08efe4449b09dfe98932abdb966b3ab00c97293fcd9c2
ispCP Omega 1.0.4 Remote File Inclusion
Posted Mar 10, 2010
Authored by cr4wl3r

ispCP Omega versions 1.0.4 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 922baf86deec0ef3869626898eb0df9096550f52df4a9958aa6bdb9dea17a9ce
Employee Timeclock Software Backup Information Disclosure
Posted Mar 10, 2010
Site secunia.com

Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected.

tags | advisory, web, root
advisories | CVE-2010-0123
SHA-256 | 791197339282ae1c20bc6bc0ce2857c777981663ae904b29ba627e0864d2d08b
Httpdx 1.5.3 Break Services
Posted Mar 10, 2010
Authored by Jonathan Salwan | Site shell-storm.org

Httpdx version 1.5.3 remote break services exploit.

tags | exploit, remote
SHA-256 | b8808a28a386f0d8c3d59aba63de1cbb3609069df25b542a052e8ac8dd7877b7
Softbiz Jobs And Recruitment SQL Injection
Posted Mar 10, 2010
Authored by Easy Laster

Softbiz Jobs and Recruitment script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 70d6542d3bfa7b4b543751a1e4201dd5c80a482d5106d8ac17aa17f93a9a3875
Campsite 3.3.5 Cross Site Request Forgery
Posted Mar 10, 2010
Authored by Pratul Agrawal

Campsite version 3.3.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | eb0d01c2a930fc31d717fa16a939f6a78c269961cbbb5fd5db5f784cfc57e10a
iDEFENSE Security Advisory 2010-03-09.4
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0260
SHA-256 | 0ce96e514152fd2e39a14f6d90a2f11df679f07a29a783acaf69ad7b35b46079
iDEFENSE Security Advisory 2010-03-09.3
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0261
SHA-256 | 77193ef3d20874264fedaa93e9df41c77a445408a2adbf53e0f52c7a05ed79da
iDEFENSE Security Advisory 2010-03-09.2
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs due to Excel using a local function variable without properly initializing it. This error occurs when parsing several related records inside of an Excel worksheet. When Excel parses certain records in a particular order, a stack variable may not be initialized properly. If an attacker can control the area of memory used for this variable, then it is possible to execute arbitrary code on the targeted host. iDefense has confirmed the existence of this vulnerability in Excel versions 2003 SP3, 2007 SP0, SP1, and SP3 . Previous versions do not appear to be affected. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, arbitrary, local
advisories | CVE-2010-0262
SHA-256 | afa32145630344b33f79a25b11bebbadfa235ce38636dab4c79747202fc7a5aa
60cycleCMS Cross Site Scripting
Posted Mar 10, 2010
Authored by Pratul Agrawal

60cycleCMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1c69f37ffd88f7490f360b12e525ef5c98f2e57f042a7e9801d91d5b7b542713
iDEFENSE Security Advisory 2010-03-09.1
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is a type confusion vulnerability that occurs when parsing several related Excel record types. In this case, the type confusion is due to multiple records containing fields that identify the type of an object shared between them. By controlling memory outside of the bounds of the allocated heap chunk, an attacker can control a C++ object pointer used in a virtual function call. This can result in an area of memory being treated as a different type of object than it actually is, resulting in access outside of the bounds of the allocated object. iDefense has confirmed the existence of this vulnerability in all currently supported versions of Excel (2007 SP1/SP2, 2003 SP3, XP SP3), and also the currently unsupported Excel 2000 SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0258
SHA-256 | c520fac0cdcddff6b7b4da53bb2adfa8b2b1a95fa9ea34bc2f2783cc46550ee5
Friendly-Tech FriendlyTR69 2.8.9 SQL Injection
Posted Mar 10, 2010
Authored by Yaniv Miron

Friendly-Tech FriendlyTR69 CPE remote management version 2.8.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 58ccac000cdd3134afda51cec0b760989d3af73eaba4ecc1194b1016dcfa7bd1
Hydra CMS SQL Injection / Cross Site Scripting
Posted Mar 10, 2010
Authored by MustLive

Hydra CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 7ae091808029de57dae5ca81b731c5d50b7cabf9a9cc60641fdd0bbdb3afd67c
Debian Linux Security Advisory 2009-1
Posted Mar 10, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2009-1 - It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitizing in the TrackBack transmission plugin.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2010-0726
SHA-256 | cdca26ab67f9ac1397b3b3bac93f82b4d5e9f6681824ba915f69fb788823a63a
Secunia Security Advisory 38843
Posted Mar 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for curl. This fixes a security issue, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | c2f2fafaf0080eae469ddb3344957bb02f2937f571fccb93be1c76717a466376
Secunia Security Advisory 38863
Posted Mar 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | 5697b5fef706b4fbc0289cc51a7ebe9b05fd54169c1611793cdec3f16de4765b
Secunia Security Advisory 38814
Posted Mar 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for bournal. This fixes multiple security issues, which can be exploited by malicious, local users to disclose sensitive information and to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, fedora
SHA-256 | e77a8dac2e6a1bb2a27496c3da182b53e3bb42784dc329303bb2e150a0ad595c
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close