exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2010-04-10

iDEFENSE Security Advisory 2010-04-09.1
Posted Apr 10, 2010
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.09.10 - Remote exploitation of a heap-based buffer overflow vulnerability in VMware Inc.'s movie decoder allows attackers to execute arbitrary code. This vulnerability exists due to a lack of input validation when processing certain specially crafted Audio-Video Interleave (AVI) files. During processing, a heap buffer will be allocated based on one part of the AVI file data. However, the amount of data copied into that buffer is calculated based on a different part of the file. This leads to an exploitable heap-based buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1564
SHA-256 | ad96e1122e9fb8b93f4a08cadad62bc39f256d9bf122deba3f29e2cac37a654e
Ubuntu Security Notice 921-1
Posted Apr 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
SHA-256 | 3c2ad9ef0cea24bcc04e06d51bb75bbac258b8b969603ad2fff0078adc1901c2
Scapy Packet Manipulation Tool 2.1.1
Posted Apr 10, 2010
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: This release adds SCTP and VRRP protocols. It fixes some bugs.
tags | tool, scanner, python
systems | unix
SHA-256 | 7fb576e16c3f05c9be726475382cdbd4c91cdb4277029e92a5cdccf479c2f3eb
Protecting PHP Applications From Hacking Part 2
Posted Apr 10, 2010
Authored by Mohd Abbas

Whitepaper called Protecting PHP Application From Hacking. Part 2 of 2.

tags | paper, php
SHA-256 | 43b0f6569893b9b54142b1db25f85684bf560ab9ad662b0fc484aec28ede5868
Protecting PHP Applications From Hacking Part 1
Posted Apr 10, 2010
Authored by Mohd Abbas

Whitepaper called Protecting PHP Application From Hacking. Part 1 of 2.

tags | paper, php
SHA-256 | 173e5f922b422870302766892e923eebbadd3d5ca7120c1e3f223ad64ff632a9
Basic Buffer Overflow Exploitation
Posted Apr 10, 2010
Authored by SkuLL-HacKeR

Whitepaper called Basic Buffer Overflow Exploitation. Written in Arabic.

tags | paper, overflow
SHA-256 | 0d6179563cd56411e3ce5c26472bf7378aa8b576f171ab39a28a4c73ec224dc2
Ubuntu Security Notice 920-1
Posted Apr 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179
SHA-256 | 557c412f827f2f32ff7489ae2f4654feece2a35b1342ce9770ba6964e2dd12e7
Joomla Agenda 1.0.1 SQL Injection
Posted Apr 10, 2010
Authored by v3n0m

The Joomla Agenda component version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5b5be6dd56a17ff321c9642a11afa63a7bee1666254b03277e176e6eabbac406
Ubuntu Security Notice 927-1
Posted Apr 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 927-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

tags | advisory, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555
SHA-256 | 9c733daebf47aa609e4f17aec7c1dc786ed108dbd1d2c69292e4199273052c20
Linux Kernel 2.6.34-rc3 ReiserFS xattr Privilege Escalation
Posted Apr 10, 2010
Authored by Jon Oberheide

Linux Kernel versions 2.6.34-rc3 and below ReiserFS xattr privilege escalation exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2010-1146
SHA-256 | ec3e3da22ac58162ce7be7447d104d5ca1384de9ba4a5958c34ad37d6cb977dc
Tembria Server Monitor 5.6.0 Stack Overflow
Posted Apr 10, 2010
Authored by Lincoln | Site corelan.be

Tembria Server Monitor version 5.6.0 suffers from a stack overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2010-1316
SHA-256 | 2c2e79decf3313f4a5d1345601bba1b7e6285b2f6c4cee6fc50f184b1c74bf15
Asset Manager 1.0 Shell Upload
Posted Apr 10, 2010
Authored by NeT_Own3r, Shichemt Alen

Asset Manager version 1.0 suffers from a shell upload vulnerability.

tags | exploit, shell, file upload
SHA-256 | 64c029a1ed6a1aaf534d6ded2e0068f3b3c8543db99ce009b6d7c13bca38013c
Joomla HuruHelpDesk SQL Injection
Posted Apr 10, 2010
Authored by bumble_be

The Joomla HuruHelpDesk component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 34da214c658c94c26e65d6d489864dffd381bb8b2ff83aa5e55e7e8db9fe947a
Multi Profit Websites Local File Inclusion
Posted Apr 10, 2010
Authored by H4CK3R Crew

Multi Profit Websites suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 1861bf76d9c81ffee45c7654330aad989915c956013dcbc57edf06544f4c191d
VMWare VMnc Codec HexTile Encoding Integer Truncation
Posted Apr 10, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered two vulnerabilities in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by two integer truncation errors in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause heap-based buffer overflows. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2009-1565
SHA-256 | 2dfce36a8cb16e4454aed3c8b3138b1e05a792d019a2fc275906b4da34add4a7
VMWare VMnc Codec HexTile Encoding Buffer Overflow
Posted Apr 10, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-1564
SHA-256 | 51f3c7fde9ec1243f3e24e712b834af517fb1633907eceaade5df15ac236b860
Oracle PL/SQL Unwrapper
Posted Apr 10, 2010
Authored by Niels Teusink | Site blog.teusink.net

This tool decodes wrapped (obfuscated) Oracle PL/SQL packages. Supports Oracle 10g and 11g.

systems | unix
SHA-256 | 04976acaa5e604a5f7210531fcbf4b8284d9b51bb5023c5208596d721c55e492
VMware Security Advisory 2010-0007
Posted Apr 10, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware hosted products, vCenter Server and ESX patches resolve multiple security issues.

tags | advisory
advisories | CVE-2010-1142, CVE-2010-1140, CVE-2009-2042, CVE-2009-1564, CVE-2009-1565, CVE-2009-3732, CVE-2009-3707, CVE-2010-1138, CVE-2010-1139, CVE-2010-1141
SHA-256 | e16687d5cfca70a16709fd562f838d84c272a3a7b70eda5f2039b595265b5db8
WinSoftMagic Photo Editor .PNG Buffer Overflow
Posted Apr 10, 2010
Authored by eidelweiss

WinSoftMagic Photo Editor local buffer overflow exploit that creates a malicious .png file which will bind a shell to port 4444 or spawns calc.exe.

tags | exploit, overflow, shell, local
SHA-256 | 2b514377fe211c84dc9e21e1a8344508ed42bc1a90763bae7f3a4b63158c1f27
Java Deployment Toolkit Performs Insufficient Validation
Posted Apr 10, 2010
Authored by Tavis Ormandy

The Java Deployment Toolkit performs insufficient validation of parameters.

tags | exploit, java
SHA-256 | 39effd7d9fa4798243ce10ca37904472709a66049243821dc6495e5343e4cd1d
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close