exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2010-04-14

Adobe Reader / Acrobat Memory Corruption
Posted Apr 14, 2010
Authored by Haifei Li, Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0194, CVE-2010-1241
SHA-256 | fc8110eba746beaeaeb312acf0c3de98f282e855acb65e89c31ceef45a4695c5
Microsoft Visio Memory Corruption
Posted Apr 14, 2010
Authored by Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Microsoft Office Visio, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0254, CVE-2010-0256
SHA-256 | 4ddb8146c2a01939e8998f706909c46588252e14afc6f4ee3ed9ebe1e339c565
Technical Cyber Security Alert 2010-103C
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103C - Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

tags | advisory, vulnerability
SHA-256 | 122d675cfc2564336cee46a233e0de2bf41adbdeb473dbc8636262213b35e267
Mandriva Linux Security Advisory 2010-071
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-071 - Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-0629
SHA-256 | 4f2e730b7e9d6e4a1620d4b0afacf275a4fb99dc0d7d71c16271806cd9c5d469
Zero Day Initiative Advisory 10-075
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-075 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes an XML request containing specific UTF-8 characters, an underlying library will raise an exception that is uncaught by the application. Due to the exception being uncaught, the application will then terminate which will cause future requests made against the service to fail. This will lead to a denial of service against the affected application.

tags | advisory, web, denial of service
advisories | CVE-2010-0897
SHA-256 | 247d31263eb05779bae84a92141bec9562b0d25a7f64ab4cf80dc8ece2d84478
Zero Day Initiative Advisory 10-074
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-074 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's LDAP implementation and can be triggered via a malformed LDAP query to the service. When the service decodes the malformed query, the application will cause a buffer overflow which can lead to code execution under the context of the service.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2010-0897
SHA-256 | 3fd51fbf66a177cb188fc7514a8364a7877e68d67997a092b77daa01c422eeee
Administrator Login Finding Script
Posted Apr 14, 2010
Authored by FuRt3X

This Ruby script scans a given site looking for administrator login pages.

tags | tool, scanner, ruby
systems | unix
SHA-256 | 4807fc91ca699c013d3390a37be1c780e241a1029fe00cbc5dffd54990d56312
Bash Scripts For Bruteforcing FTP And Looking For RFI/LFI
Posted Apr 14, 2010
Authored by FuRt3X

This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities.

tags | tool, remote, local, scanner, vulnerability, bash, file inclusion
systems | unix
SHA-256 | e19a0914b0f6880f78c49d6c67f5ecd55462ffd15303f6b5a94f170bc503365b
Technical Cyber Security Alert 2010-103B
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103B - The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
SHA-256 | 2459ad9983926671049928179a4cfcb8c882f48d67a5d3cd6f8b3044cee1bb7d
Basic Tutorial For THC-Hydra
Posted Apr 14, 2010
Authored by MDH3LL

This whitepaper is called Tutorial Basico THC-Hydra. Written in Portuguese.

tags | paper
SHA-256 | 1829b4450c17c4a90409586f07ccee48c92c1f8be2fa9da08f71d3ce3523576a
Zero Day Initiative Advisory 10-073
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-073 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes a search request with a malformed username, the application will dereference a null pointer causing any future queries made against the webserver to fail. This will lead to a denial of service against the affected service.

tags | advisory, web, denial of service
advisories | CVE-2010-0897
SHA-256 | e54c4cfdaef65c3e8ab9c3b030666f09ed92cf463631d7259e7f7143430fbe3c
Viper Corp Collection Number 0x01
Posted Apr 14, 2010
Authored by David Diego D. Firmino Siqueira, vipercorp

Viper Corp Collection Issue 0x01 - This is a Brazilian e-zine that covers exploit stack overflows on Windows, shellcoding on Linux, heap overflows, and more.

tags | overflow, magazine
systems | linux, windows
SHA-256 | 48dab11e6b3187670584cc98abf5235e4d5360c9d31dc4c4fcd6705249542204
Technical Cyber Security Alert 2010-103A
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103A - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange.

tags | advisory, vulnerability
systems | windows
SHA-256 | f7c0d2974849b72881e9d7b9ce4bae81af01d2a552a4a9ecc9657f6d1009b30b
Joelz Bulletin Board 0.9.9rc3 SQL Injection
Posted Apr 14, 2010
Authored by Easy Laster

Joelz Bulletin Board versions 0.9.9rc3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | ce146abc3416c98644313347de1b235a6d75d88e5790fae73da541db5810ff60
Zero Day Initiative Advisory 10-071
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0195
SHA-256 | a419b8807446f9d9cd84fe11e19c1479130543783894b1b6e25b11628d8c7b3c
Zero Day Initiative Advisory 10-070
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-070 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for retrieving a codec for an unknown fourCC compression code. If an embedded Windows Media Player control attempts to play a media file containing an unknown codec it makes a request to Microsoft to retrieve the necessary capability. If the control is removed from the page while attempting to do this, cleanup routines will call an already freed pointer. An attacker can leverage this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, web, arbitrary
systems | windows
advisories | CVE-2010-0268
SHA-256 | d738a45d8056ac0c0b9953e7d9cbd31ee67409a6be049bc77ac22f3cb287179c
Zero Day Initiative Advisory 10-069
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-069 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible for converting files from the Publisher 97 format. While processing a TextBox item, several programming errors can be triggered allowing a maliciously created publisher file to execute arbitrary code under the context of the user opening the file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0479
SHA-256 | 3570dc640876c200308b1882b1f3d3845e18e8957ac225ec81908276c8a0f320
Mandriva Linux Security Advisory 2010-070
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-070 - Many security issues were identified and fixed in firefox. These issues range from memory corruption to stability bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-0164, CVE-2010-0165, CVE-2010-0167, CVE-2010-0168, CVE-2010-0170, CVE-2010-0172, CVE-2010-1122, CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
SHA-256 | d1dbac31fec5aaf4ccbfa6c390607e2f03c8adad158389687409d09844832819
Police Municipale Open Main Courante 1.01beta Local File Inclusion / Remote File Inclusion
Posted Apr 14, 2010
Authored by cr4wl3r

Police Municipale Open Main Courante version 1.01beta suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | bff038a87426c05991c6895890f6ea153872a91613aec5757cdf27023e3ab4f4
Openurgence Vaccin 1.03 Local File Inclusion / Remote File Inclusion
Posted Apr 14, 2010
Authored by cr4wl3r

Openurgence Vaccin version 1.03 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 7ba4ef6f5bae7f2cdf5d07112e00a288f14b75104ed0ad1e9cb86f6c9e06718c
Games Script (Galore) Backup Disclosure
Posted Apr 14, 2010
Authored by indoushka

Games Script (Galore) suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | b00f9942ca90b2856227f8ec53d594126cb7bee5b1efa6af620f5a278e9f13fd
Joomla QPersonal SQL Injection
Posted Apr 14, 2010
Authored by Valentin Hoebel

The Joomla QPersonal component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9851ddd52e5e62c0262b023274a91ac037f8a43371fd991f6cebd593a2eb2134
MyBB 1.4.11 Weak Random Numbers
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset weak random number vulnerability.

tags | advisory
SHA-256 | 76401bf313ed59fd28899756d38cace82dd2d12586e3c58956850da0f8a12cc1
MyBB 1.4.11 Password Reset
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset vulnerability.

tags | advisory
SHA-256 | eebecf174ba3f29f1d553d050fbff4e47f7d1b2b733b9981a342465b41506447
VMware Remote Console Format String
Posted Apr 14, 2010
Authored by Alexey Sintsov | Site dsecrg.com

VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.

tags | advisory, remote, web, arbitrary, code execution, activex
advisories | CVE-2009-3732
SHA-256 | 9b7e2d5d9e6d71cece7b4f8e09a5fa1063bb231718082ebea4980540a99db1c7
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close