what you don't know can hurt you
Showing 1 - 25 of 46 RSS Feed

Files Date: 2010-05-03

Mandriva Linux Security Advisory 2010-089
Posted May 3, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, overflow, protocol
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2010-0731
MD5 | 44b06f19342fa717dbaae77eac3ce9ce
Debian Linux Security Advisory 2040-1
Posted May 3, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2040-1 - It was discovered that in squidguard, a URL redirector/filter/ACL plugin for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote users to either cause a denial of service or bypass rules.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2009-3700, CVE-2009-3826
MD5 | 8ee5703e10847db488136b7b440092bb
Joomla DJ Classifieds Shell Upload
Posted May 3, 2010
Authored by Sid3 effects

The Joomla DJ Classifieds component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | bdbbd934937cf3b10d3235093ba302d3
Joomla Gallery SQL Injection
Posted May 3, 2010
Authored by HeaDShoT

The Joomla Gallery component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 22c6d6fd662616474e10aabf8377c271
Mango 1.4.1 Cross Site Scripting
Posted May 3, 2010
Authored by MustLive

Mango version 1.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a186e10fb2c1ab5821a1d0a2fc57fea1
wsCMS SQL Injection
Posted May 3, 2010
Authored by Err0R

wsCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2f3d3d6e26c9da2a5a5cfb2d4a8e8049
NolaPro Enterprise 4.0.5538 Cross Site Scripting / SQL Injection
Posted May 3, 2010
Authored by ekse | Site corelan.be

NolaPro Enterprise version 4.0.5538 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6d58ff52da2b66d1fbf177dcacb5a98e
Kaspersky Antivirus Code Injection
Posted May 3, 2010
Authored by Daniel Lopez

Kaspersky Antivirus versions 4.0.9.0, 5.0.712, 6.0.2.690 and 6.0.3.837 suffer from a code injection vulnerability.

tags | exploit
MD5 | 85f0e0fc0a8daf6b74f1e37925100693
Comersus 8 Shopping Cart Cross Site Request Forgery / SQL Injection
Posted May 3, 2010
Authored by Sid3 effects

Comersus 8 Shopping Cart suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | e2ac6a7995288525372ab65c746a69b3
Opencimetiere 2.01 Remote File Inclusion
Posted May 3, 2010
Authored by cr4wl3r

Opencimetiere version 2.01 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 05978823acde9df600fed36959dd9807
Opencatalogue 1.024 Local File Inclusion
Posted May 3, 2010
Authored by cr4wl3r

Opencatalogue version 1.024 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a3f33fc884f1c9bda85fbdd0e60159f0
Web Negar Directory Traversal
Posted May 3, 2010
Authored by Pouya Daneshmand

Web Negar suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
MD5 | 5d0e62957e4eceeba6efd708dd0ba6dc
Joomla Table JX Cross Site Scripting
Posted May 3, 2010
Authored by Valentin Hoebel

The Joomla Table JX component suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c3c9436d983552b2a73561cc99db3348
Joomla Card View JX Cross Site Scripting
Posted May 3, 2010
Authored by Valentin Hoebel

The Joomla Card View JX component suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 473f8362e0f18f10d5dcdeb4c5e0edec
TSS Scripts SQL Injection
Posted May 3, 2010
Authored by Err0R

TSS Scripts suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | af9e3d40e7c5dde3d1dced6deb80a448
Rad User Manager Cross Site Scripting
Posted May 3, 2010
Authored by Valentin Hoebel

Rad User Manager version 2.90 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8554f0da83613066445a8535846ecc04
CF Image Host Remote File Inclusion
Posted May 3, 2010
Authored by The.Morpheus

CF Image Host suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 05d77d0c311a1041fa88b911c0a0827e
Various Browsers Denial Of Service
Posted May 3, 2010
Authored by Dr_IDE

This archive has forkbomb and unicode denial of service exploits for Firefox, Safari and various other browsers.

tags | exploit, denial of service
MD5 | 0286a1074040d71ccd3d926609c0e3b5
Packet Storm New Exploits For April, 2010
Posted May 3, 2010
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 490 exploits added to Packet Storm in April, 2010.

tags | exploit
MD5 | 4ea2b01e9fd7107ae132b94986603c85
TFTPGUI Long Transport Mode Overflow
Posted May 3, 2010
Authored by Jeremiah Talamantes

TFTPGUI version 1.4.5 long transport mode overflow exploit.

tags | exploit, overflow
MD5 | 7290f3054473333008675a89ea27e4ee
Google Chrome 4.1.249.1064 Memory Corruption
Posted May 3, 2010
Authored by eidelweiss

Google Chrome version 4.1.249.1064 remote memory corruption exploit.

tags | exploit, remote
MD5 | 554ed306c16456deb4df8bef8c4eaa30
Urgent Backup / ABC Backup Pro SEH Exploit
Posted May 3, 2010
Authored by Lincoln | Site corelan.be

Urgent Backup version 3.20, ABC Backup Pro version 5.20 and ABC Backup version 5.50 SEH exploit that creates a malicious .zip file.

tags | exploit
MD5 | 89a505187bd8d44b91b8fb684d5ce048
Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
Posted May 3, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an "OPTIONS" request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV enabled. This exploit was tested and confirmed to work on Windows XP SP3 without DEP. Versions for other platforms are vulnerable as well. The vulnerability was originally discovered and disclosed by Evgeny Legerov of Intevydis.

tags | exploit, java, web, overflow, arbitrary
systems | windows, xp
advisories | CVE-2010-0361
MD5 | 493661df703dea64d404403b9cf59a4d
Maple Maplet File Creation and Command Execution
Posted May 3, 2010
Authored by scriptjunkie | Site metasploit.com

This Metasploit module harnesses Maple's ability to create files and execute commands automatically when opening a Maplet. All versions up to 13 are suspected vulnerable. Testing was conducted with version 13 on Windows. Standard security settings prevent code from running in a normal maple worksheet without user interaction, but those setting do not prevent code in a Maplet from running. In order for the payload to be executed, an attacker must convince someone to open a specially modified .maplet file with Maple. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, arbitrary
systems | windows
MD5 | fc0df49094ac371fdfb479107f97879b
ProSSHD 1.2 Remote Post-Auth Exploit
Posted May 3, 2010
Authored by Alexey Sintsov

ProSSHD version 1.2 remote post-authentication exploit with ASLR and DEP bypass.

tags | exploit, remote
MD5 | 03d2843b77832c04e6a5bad95667f53b
Page 1 of 2
Back12Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    30 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close