exploit the possibilities
Showing 1 - 25 of 40 RSS Feed

Files Date: 2010-04-14

Adobe Reader / Acrobat Memory Corruption
Posted Apr 14, 2010
Authored by Haifei Li, Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0194, CVE-2010-1241
MD5 | ee5addca93945d4eb0d784393cd19af9
Microsoft Visio Memory Corruption
Posted Apr 14, 2010
Authored by Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Microsoft Office Visio, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0254, CVE-2010-0256
MD5 | cfeb1539a84c406a4d0c8cfa69923adc
Technical Cyber Security Alert 2010-103C
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103C - Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

tags | advisory, vulnerability
MD5 | 8238f32de36016d7acfd1d55cbc24e53
Mandriva Linux Security Advisory 2010-071
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-071 - Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-0629
MD5 | d7821815b0913bd3d8a19ee485bdf181
Zero Day Initiative Advisory 10-075
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-075 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes an XML request containing specific UTF-8 characters, an underlying library will raise an exception that is uncaught by the application. Due to the exception being uncaught, the application will then terminate which will cause future requests made against the service to fail. This will lead to a denial of service against the affected application.

tags | advisory, web, denial of service
advisories | CVE-2010-0897
MD5 | 205cdbc3fafe3dcf6f2486061e6f5bf8
Zero Day Initiative Advisory 10-074
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-074 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's LDAP implementation and can be triggered via a malformed LDAP query to the service. When the service decodes the malformed query, the application will cause a buffer overflow which can lead to code execution under the context of the service.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2010-0897
MD5 | 2cc7ab522633e7f142857102ec948eff
Administrator Login Finding Script
Posted Apr 14, 2010
Authored by FuRt3X

This Ruby script scans a given site looking for administrator login pages.

tags | tool, scanner, ruby
systems | unix
MD5 | f9a80c97bd8093610d8122145e55a61e
Bash Scripts For Bruteforcing FTP And Looking For RFI/LFI
Posted Apr 14, 2010
Authored by FuRt3X

This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities.

tags | tool, remote, local, scanner, vulnerability, bash, file inclusion
systems | unix
MD5 | a7890c11f55c473f3f5ce503eac12c04
Technical Cyber Security Alert 2010-103B
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103B - The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
MD5 | b8212a3633ba8a5c6ba15e383b9b4f5b
Basic Tutorial For THC-Hydra
Posted Apr 14, 2010
Authored by MDH3LL

This whitepaper is called Tutorial Basico THC-Hydra. Written in Portuguese.

tags | paper
MD5 | 1060b83502339207192ea5ec8a0d791c
Zero Day Initiative Advisory 10-073
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-073 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes a search request with a malformed username, the application will dereference a null pointer causing any future queries made against the webserver to fail. This will lead to a denial of service against the affected service.

tags | advisory, web, denial of service
advisories | CVE-2010-0897
MD5 | aed98ec8bfebff09245f31a88934753a
Viper Corp Collection Number 0x01
Posted Apr 14, 2010
Authored by David Diego D. Firmino Siqueira, vipercorp

Viper Corp Collection Issue 0x01 - This is a Brazilian e-zine that covers exploit stack overflows on Windows, shellcoding on Linux, heap overflows, and more.

tags | overflow, magazine
systems | linux, windows
MD5 | 1c261ad5dd316bc2ea1d1e470837959d
Technical Cyber Security Alert 2010-103A
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103A - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange.

tags | advisory, vulnerability
systems | windows
MD5 | b7aec71621ae7668e691258ddeacb922
Joelz Bulletin Board 0.9.9rc3 SQL Injection
Posted Apr 14, 2010
Authored by Easy Laster

Joelz Bulletin Board versions 0.9.9rc3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | f7266e906b1fac9c79a2cf604f3da394
Zero Day Initiative Advisory 10-071
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0195
MD5 | b10e34d8de714b82403a759e2c371b32
Zero Day Initiative Advisory 10-070
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-070 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for retrieving a codec for an unknown fourCC compression code. If an embedded Windows Media Player control attempts to play a media file containing an unknown codec it makes a request to Microsoft to retrieve the necessary capability. If the control is removed from the page while attempting to do this, cleanup routines will call an already freed pointer. An attacker can leverage this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, web, arbitrary
systems | windows
advisories | CVE-2010-0268
MD5 | 5bc87063f421d9bca53cac64988091be
Zero Day Initiative Advisory 10-069
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-069 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible for converting files from the Publisher 97 format. While processing a TextBox item, several programming errors can be triggered allowing a maliciously created publisher file to execute arbitrary code under the context of the user opening the file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0479
MD5 | 80487f5040a19875df4450caf0376523
Mandriva Linux Security Advisory 2010-070
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-070 - Many security issues were identified and fixed in firefox. These issues range from memory corruption to stability bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-0164, CVE-2010-0165, CVE-2010-0167, CVE-2010-0168, CVE-2010-0170, CVE-2010-0172, CVE-2010-1122, CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
MD5 | 8a0e89dd74647403cea90d515a81bdd4
Police Municipale Open Main Courante 1.01beta Local File Inclusion / Remote File Inclusion
Posted Apr 14, 2010
Authored by cr4wl3r

Police Municipale Open Main Courante version 1.01beta suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | f705be1fd5d69faee62eabeb4711602f
Openurgence Vaccin 1.03 Local File Inclusion / Remote File Inclusion
Posted Apr 14, 2010
Authored by cr4wl3r

Openurgence Vaccin version 1.03 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | 988941e33596ac6aa04a4b8948adebcc
Games Script (Galore) Backup Disclosure
Posted Apr 14, 2010
Authored by indoushka

Games Script (Galore) suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 9172a16543bd25061c987fd4bfc86559
Joomla QPersonal SQL Injection
Posted Apr 14, 2010
Authored by Valentin Hoebel

The Joomla QPersonal component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 69048a85bc0fa36100a1994f228080bc
MyBB 1.4.11 Weak Random Numbers
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset weak random number vulnerability.

tags | advisory
MD5 | fad2fc053862ee5f3eafe4d0445db334
MyBB 1.4.11 Password Reset
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset vulnerability.

tags | advisory
MD5 | 29ef5f79128f2c75ead00e9910d4ab7c
VMware Remote Console Format String
Posted Apr 14, 2010
Authored by Alexey Sintsov | Site dsecrg.com

VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.

tags | advisory, remote, web, arbitrary, code execution, activex
advisories | CVE-2009-3732
MD5 | 086438aad57475ec11043229c4ec0935
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close