what you don't know can hurt you
Showing 1 - 25 of 39 RSS Feed

Files Date: 2010-03-24

Cisco Security Advisory 20100324-tcp
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, tcp
systems | cisco
advisories | CVE-2010-0577
SHA-256 | c1019fa92a864c1cbf24264cb9ca2fdf792bbb2c1479a80d171478dcc51e4c80
Cisco Security Advisory 20100324-ldp
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service (DoS) condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP). A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process. A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP). Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, udp, protocol
systems | cisco, osx
advisories | CVE-2010-0576
SHA-256 | 45f87c7e6014bc5afcef7ed267b5ae0ea102b514f3ed6999a6a0c8350cffd0b7
Cisco Security Advisory 20100324-sccp
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

tags | advisory, protocol
systems | cisco
advisories | CVE-2010-0584
SHA-256 | da2cea29710b2e959d5d2cd57fab10f9c9b38bbdcd25d51d872e894c1efea2fd
Cisco Security Advisory 20100324-sip
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible. Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.

tags | advisory, remote, vulnerability, code execution, protocol
systems | cisco
advisories | CVE-2010-0580, CVE-2010-0581, CVE-2010-0579
SHA-256 | 3e51714231b9499727494ed2f3a1c00199e2047f111996d612a81df59e0cbdf8
Cisco Security Advisory 20100324-h323
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.

tags | advisory, denial of service, vulnerability
systems | cisco
advisories | CVE-2010-0582, CVE-2010-0583
SHA-256 | 25877787ab0cf62e446a4b927d9ae03879ae2628238ae18324c0e9422996d18c
Cisco Security Advisory 20100324-cucme
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco
advisories | CVE-2010-0585, CVE-2010-0586
SHA-256 | b8f96eb691d8e27b3cdc488d448cf6e46064ce022436739699ded820e784f3c5
Cisco Security Advisory 20100324-ipsec
Posted Mar 24, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A malformed Internet Key Exchange (IKE) packet may cause a device running Cisco IOS Software to reload. Only Cisco 7200 Series and Cisco 7301 routers running Cisco IOS software with a VPN Acceleration Module 2+ (VAM2+) installed are affected. Cisco has released free software updates that address this vulnerability.

tags | advisory
systems | cisco
advisories | CVE-2010-0578
SHA-256 | 46283fd36b172576f35ca10b12a4f9724b2802a1bf8a6862267b3d021f024946
Pulse CMS login.php Arbitrary File Writing
Posted Mar 24, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by people to compromise a vulnerable system. An error within includes/login.php in the handling of failed login attempts can be exploited to store content in an arbitrary file within the web root. This e.g. allows executing arbitrary PHP code via a specially crafted request. Successful exploitation requires that "register_globals" is enabled.

tags | advisory, web, arbitrary, root, php
advisories | CVE-2010-0988
SHA-256 | 7d72f52e14d3e1978ae72f73f313631c8265d2d019934dc7e4afc066f96c448d
Pulse CMS Arbitrary File Deletion
Posted Mar 24, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to manipulate certain data. Input passed via the "f" parameter to delete.php is not properly sanitized before deleting files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal attacks. Successful exploitation requires authentication.

tags | advisory, web, arbitrary, php
advisories | CVE-2010-0989
SHA-256 | 7450fd8e62d2065d4bee6409cb1e2e3c46e4a4ad0a47d7eae22b538cda229e64
Pulse CMS Arbitrary File Writing
Posted Mar 24, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "filename" and "block" parameters to view.php is not properly sanitized before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code. Successful exploitation requires authentication.

tags | advisory, arbitrary, php
advisories | CVE-2010-0988
SHA-256 | 40307d5c43ea3eab74e5803b290ea245c236721a099a25f9d6231058a5d34a33
LibDVB 1.0.1
Posted Mar 24, 2010
Site videolan.org

libdvbcsa is a free implementation of the DVB Common Scrambling Algorithm with encryption and decryption capabilities. It comes in two flavors: a classical single packet implementation and a faster parallel bitslice implementation. The parallel implementation can take advantages of MMX, SSE, or Altivec instruction sets. The parallel implementation can process MPEG TS packets at 300Mbps or more on recent processors. It has been successfully tested on processors with different word widths and endianess.

Changes: _mm_malloc sse2 memory allocation is used.
tags | library
SHA-256 | 0a57f0373a1ae1cf2dd565f26041f20a99332860e1833636a651fc4c9f1cfa68
Joomla Wallpapers SQL Injection
Posted Mar 24, 2010
Authored by DevilZ TM

The Joomla Wallpapers component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b22df1973fbd6637ed90c5b4821e92a704c435d5d58cffffa1f9c27c4f0a2230
Lexmark Laser Printer Denial Of Service
Posted Mar 24, 2010
Authored by Francis Provencher

Multiple Lexmark laser printers suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2010-0618
SHA-256 | 841ee8594d3134ad52863f80eadc2624517a74d49b50c5a701b129085d46e979
Ubuntu Security Notice 918-1
Posted Mar 24, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 918-1 - It was discovered the Samba handled symlinks in an unexpected way when both "wide links" and "UNIX extensions" were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server.

tags | advisory, remote, arbitrary
systems | linux, unix, ubuntu
advisories | CVE-2010-0926
SHA-256 | bd283a2db41d2217a96503c0a4190247aaf02a865407552ee662cacd6848654e
Ubuntu Security Notice 917-1
Posted Mar 24, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 917-1 - It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2009-3564, CVE-2010-0156
SHA-256 | 17eef93c81a5147eefd3cd3d1872dce9264982cb263d0d7ea0bd857a79f2feda
OpenCMS OAMP Comments Module 1.0.0 Cross Site Scripting
Posted Mar 24, 2010
Authored by Cyrill Brunschwiler | Site csnc.ch

The OpenCMS OAMP Comments module version 1.0.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2009-4505
SHA-256 | 0d91df4096bf129abbfd8fab3373b7979734af8faebdf3e59f3016941a842367
E-PHP CMS 1.0 SQL Injection
Posted Mar 24, 2010
Authored by Th3 RDX

E-PHP CMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | ac461835697dcd871e38b1b875eeaba53e4c4935d12044eb156cfefdc89993c6
Joomla Universal Remote File Inclusion
Posted Mar 24, 2010
Authored by eidelweiss

The Joomla Universal component suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ca9e7d286bd71f282850add302faa64f1eef2bd18dc99a41128fa3543cce6c00
jitedegg-shellcode.txt
Posted Mar 24, 2010
Authored by Alexey Sintsov

JITed egg-hunter stage-0 shellcode (permanent DEP bypass).

tags | shellcode
SHA-256 | c0457bd37fa64a3dd66bfe32d6241af964f283e3fe7bec27a59d2d87f5a45c82
Smart PC Recorder 4.8 Crash Exploit
Posted Mar 24, 2010
Authored by chap0

Smart PC Recorder version 4.8 local crash exploit that creates a malicious .mp3 file.

tags | exploit, denial of service, local
SHA-256 | f0f3d82b9a011cc28d798bb4e70f9c80faa595d9bd4ca88872f0d543e1e48607
Easy-Clanpage 2.0 Profile Page SQL Injection
Posted Mar 24, 2010
Authored by Easy Laster

Easy-Clanpage version 2.0 remote profile page blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 87200a679d787cd2b2601b8d404592020627476c183198633f1aaf7178ea22fb
Secunia Security Advisory 39074
Posted Mar 24, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Real Estate Property component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 1af3a7cddff85558719942f4eeff734cdcc30b89221edf92f903b20ef320d1db
Secunia Security Advisory 39033
Posted Mar 24, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kernel-rt. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | e3ca26d8e7fa975a4fe34d3519166e5b5e2ddc23371dc353fd9e78a64c364cf4
Secunia Security Advisory 39023
Posted Mar 24, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 0857374575c9ceceec47fb20e4c007151584aba3f97452733f80148b771938e9
Secunia Security Advisory 39022
Posted Mar 24, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mediawiki. This fixes a vulnerability and a security issue, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions.

tags | advisory
systems | linux, debian
SHA-256 | 0b4ca3401cb06bf62f88b2357a90af5ff925e8ae716b5dd85aa06adc217bcdfe
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close