what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2010-05-03

Mandriva Linux Security Advisory 2010-089
Posted May 3, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, overflow, protocol
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2010-0731
SHA-256 | 8e6f0623746842315b28097db9c639035f0776c495c4ad893afdaf437d64678e
Debian Linux Security Advisory 2040-1
Posted May 3, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2040-1 - It was discovered that in squidguard, a URL redirector/filter/ACL plugin for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote users to either cause a denial of service or bypass rules.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2009-3700, CVE-2009-3826
SHA-256 | 8ecfb2dbcd98bafedd07e970a6b4302b435e74249fd1cad8e348bbd9ccf749ec
Joomla DJ Classifieds Shell Upload
Posted May 3, 2010
Authored by Sid3 effects

The Joomla DJ Classifieds component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9ce74b880f307f1c2ec7c8268a1c33b6d252ee65efc1fd7e84545cb76feb28af
Joomla Gallery SQL Injection
Posted May 3, 2010
Authored by HeaDShoT

The Joomla Gallery component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0a1cc3be4f1282f060219cd65a33306b7ec76295cd42de4ba1bf36dfefb32e05
Mango 1.4.1 Cross Site Scripting
Posted May 3, 2010
Authored by MustLive

Mango version 1.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | eecb09bb73b3b65cf8201d6b1a1453df96ed78fcfa0297f19fe915a4f9488a99
wsCMS SQL Injection
Posted May 3, 2010
Authored by Err0R

wsCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e774b6ef67ed82fb5993f8b4168f52eb7b40a8f594b82476742cf7dd3e05c8b2
NolaPro Enterprise 4.0.5538 Cross Site Scripting / SQL Injection
Posted May 3, 2010
Authored by ekse | Site corelan.be

NolaPro Enterprise version 4.0.5538 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 71c9885d017261935b2b8b3f90ed42116a5fb2a6851395c06fba4645827ecd67
Kaspersky Antivirus Code Injection
Posted May 3, 2010
Authored by Daniel Lopez

Kaspersky Antivirus versions 4.0.9.0, 5.0.712, 6.0.2.690 and 6.0.3.837 suffer from a code injection vulnerability.

tags | exploit
SHA-256 | 35da833f4eee17d383abe927792f7e22338810a7442ffde99adb3ee1acb060ce
Comersus 8 Shopping Cart Cross Site Request Forgery / SQL Injection
Posted May 3, 2010
Authored by Sid3 effects

Comersus 8 Shopping Cart suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | 49875f021b91c8db29be3c364308c75aa1067b12fcad3b586022deb71b242002
Opencimetiere 2.01 Remote File Inclusion
Posted May 3, 2010
Authored by cr4wl3r

Opencimetiere version 2.01 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 3b485e2f3d2bde3b3f0ed5cc354f4e528e5c62210fa9fb5dd8693f2b88581156
Opencatalogue 1.024 Local File Inclusion
Posted May 3, 2010
Authored by cr4wl3r

Opencatalogue version 1.024 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 17a618a289e6c61b279e1b2a2b560c7412e7a9b784fa5f543004facd8fe63acc
Web Negar Directory Traversal
Posted May 3, 2010
Authored by Pouya Daneshmand

Web Negar suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | d475c2724c2bf1c6f53d7d30f39f9b72af1c687e870a3b3f2590277c479385f4
Joomla Table JX Cross Site Scripting
Posted May 3, 2010
Authored by Valentin Hoebel

The Joomla Table JX component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d496e025856408c55e1a856971806071200c05779015a8578c83443a5fcaba00
Joomla Card View JX Cross Site Scripting
Posted May 3, 2010
Authored by Valentin Hoebel

The Joomla Card View JX component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2e61c5d2447674f1cc55c396643f0af1ce3cfc2c7c213f201450a8cdd32c458e
TSS Scripts SQL Injection
Posted May 3, 2010
Authored by Err0R

TSS Scripts suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b99af8a66c8ca950812ba564cff1ed7e75e0fe4744123f5fc93e6faa90853825
Rad User Manager Cross Site Scripting
Posted May 3, 2010
Authored by Valentin Hoebel

Rad User Manager version 2.90 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 30e754dc077e39aec75701c91e64f87ad0d24d9f48ac2d430efc32eab3056748
CF Image Host Remote File Inclusion
Posted May 3, 2010
Authored by The.Morpheus

CF Image Host suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | debc398635281d20dc19d78550e03ef7936a98423584d2f25ac01e1080a56723
Various Browsers Denial Of Service
Posted May 3, 2010
Authored by Dr_IDE

This archive has forkbomb and unicode denial of service exploits for Firefox, Safari and various other browsers.

tags | exploit, denial of service
SHA-256 | d9ed2cfda73d2c61b805add17e330491e74f3e95546a9bbe9df37bcf7e566cae
Packet Storm New Exploits For April, 2010
Posted May 3, 2010
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 490 exploits added to Packet Storm in April, 2010.

tags | exploit
SHA-256 | 412b1f922ded3a26dd0924d44bc6cf2b2a3907515f44f3fcb3e84d53386c7bd2
TFTPGUI Long Transport Mode Overflow
Posted May 3, 2010
Authored by Jeremiah Talamantes

TFTPGUI version 1.4.5 long transport mode overflow exploit.

tags | exploit, overflow
SHA-256 | 409c8e4ca280a1437d682ad977565b9f4669519e051857f3013b10e46147db6e
Google Chrome 4.1.249.1064 Memory Corruption
Posted May 3, 2010
Authored by eidelweiss

Google Chrome version 4.1.249.1064 remote memory corruption exploit.

tags | exploit, remote
SHA-256 | 65bc15b051398739bb1c5122344c763179190c1a6979f4a2e7511578fcd32fc5
Urgent Backup / ABC Backup Pro SEH Exploit
Posted May 3, 2010
Authored by Lincoln | Site corelan.be

Urgent Backup version 3.20, ABC Backup Pro version 5.20 and ABC Backup version 5.50 SEH exploit that creates a malicious .zip file.

tags | exploit
SHA-256 | 61ab4ec986a1a00a6be031557d1010971379c71bebe7ee0a8f677278cbd5cf73
Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
Posted May 3, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an "OPTIONS" request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV enabled. This exploit was tested and confirmed to work on Windows XP SP3 without DEP. Versions for other platforms are vulnerable as well. The vulnerability was originally discovered and disclosed by Evgeny Legerov of Intevydis.

tags | exploit, java, web, overflow, arbitrary
systems | windows
advisories | CVE-2010-0361
SHA-256 | c3475168b519e0a4d79aa02d77825b2c1bfbe2132656b22f2313752701602378
Maple Maplet File Creation and Command Execution
Posted May 3, 2010
Authored by scriptjunkie | Site metasploit.com

This Metasploit module harnesses Maple's ability to create files and execute commands automatically when opening a Maplet. All versions up to 13 are suspected vulnerable. Testing was conducted with version 13 on Windows. Standard security settings prevent code from running in a normal maple worksheet without user interaction, but those setting do not prevent code in a Maplet from running. In order for the payload to be executed, an attacker must convince someone to open a specially modified .maplet file with Maple. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, arbitrary
systems | windows
SHA-256 | 48cf2fc583fbcdc37654c0ac828cc80aed7b98dcc536af1af641e2b62e11c413
ProSSHD 1.2 Remote Post-Auth Exploit
Posted May 3, 2010
Authored by Alexey Sintsov

ProSSHD version 1.2 remote post-authentication exploit with ASLR and DEP bypass.

tags | exploit, remote
SHA-256 | b3febb48bce1a02fd3be1189d335c4be2aa3bec9e2c4ff5d651b643e66766516
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close