exploit the possibilities
Showing 1 - 25 of 61 RSS Feed

Files Date: 2010-07-26

Ubuntu Security Notice 964-1
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2010-0833
MD5 | 3111259b30c67166c3ac294216b6aa2f
Ubuntu Security Notice 930-6
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2755
MD5 | 324692d14b04636308087c2f0b7a0216
Ubuntu Security Notice 957-2
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2755
MD5 | 3ac0be5b6b188eb8f7028ff06ce196a5
Likewise Open Logic Flaw
Posted Jul 26, 2010
Site likewise.com

Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.

tags | advisory, local, root
advisories | CVE-2010-0833
MD5 | e3445faede7a32cf2db6c82cd7257311
Nessus Cross Site Scripting / Information Disclosure
Posted Jul 26, 2010
Authored by Renaud Deraison | Site nessus.org

The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
MD5 | df40b917caf2683326df86131ff08b44
Mac OS X WebDAV Kernel Extension Denial Of Service
Posted Jul 26, 2010
Authored by Dan Rosenberg

The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.

tags | advisory, denial of service, kernel, local
systems | apple, osx
advisories | CVE-2010-1794
MD5 | 435b710d622d103c5cd3285c6c725f47
Foofus.net Security Advisory 20100726 - Symantec Antivirus CE Command Execution
Posted Jul 26, 2010
Authored by Spider | Site foofus.net

The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected.

tags | advisory, tcp
MD5 | e3cc0c7592f38c3b6586dee82cf27d3e
FuzzDiff Crash Analysis Tool
Posted Jul 26, 2010
Authored by Dan Rosenberg | Site vsecurity.com

FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.

tags | fuzzer
MD5 | ec3d8e64642e2cc6539902f9ff72fd1f
Killed By Code - Software Transparency In Implantable Medical Devices
Posted Jul 26, 2010
Authored by Laura Moy, Lysandra Ohrstrom, Robert McVay, Karen Sandler

Whitepaper called Killed by Code: Software Transparency in Implantable Medical Devices.

tags | paper
MD5 | 5fcfc55317dc9197494fe74df312b5b1
QQplayer 2.3.696.400p1 Buffer Overflow
Posted Jul 26, 2010
Authored by Lufeng Li

QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 406fce05161dd97728004e5127e74900
Oscommerce Max 2.0.25 Backup Related
Posted Jul 26, 2010
Authored by indoushka

Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability.

tags | exploit
MD5 | cc921370448d96ff05e985cba88687e9
MySQL SQL Injection Tutorial
Posted Jul 26, 2010
Authored by Prashant Uniyal

This whitepaper is a MySQL SQL injection tutorial.

tags | paper, sql injection
MD5 | e29082314c34ad39aacd6ba49afe9045
XAOS CMS SQL Injection
Posted Jul 26, 2010
Authored by H-SK33PY

XAOS CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3f1232364f7761927a2bc521a89941c4
Ballettin Forum SQL Injection
Posted Jul 26, 2010
Authored by evolution

Ballettin Forum suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | f0d470d0b7080cb35de5500baf7793bb
Digital Forensics Framework 0.7.0
Posted Jul 26, 2010
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: This release is dedicated to the DFRWS 2010 challenge. The API was rewritten to provide mapped file system objects, allowing data identification from a very low level. Attributes on nodes were improved, so any module can dynamically add its own attributes. Support was added for BSD systems. Many bugs were fixed. Graphical embellishments were made.
tags | tool, forensics
MD5 | 6b32705c46baca28919e4eb4a86d5edb
Freeway CMS 1.4.3.210 SQL Injection
Posted Jul 26, 2010
Authored by RoAd_KiLlEr

Freeway CMS version 1.4.3.210 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1216100b38edc567233f55871056cc3c
CMS Ignition SQL Injection
Posted Jul 26, 2010
Authored by Neavorc

CMS Ignition suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 446d8862e5f82196fb635141c713b34a
3dl.am Script Mtxkl Raidrush Cross Site Scripting / SQL Injection
Posted Jul 26, 2010
Authored by indoushka

3dl.am Script Mtxkl Raidrush suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 96c08fb2939955b12c9e268f6891e5b1
RewriteProxy Same-Domain Policy Bypass
Posted Jul 26, 2010
Authored by Noen | Site noen.svartboks.com

RewriteProxy is a small python tool that is based on the twisted library. Its purpose is to serve local files instead of remote files to fool the same-domain policy of modified flash and java-applets.

tags | java, remote, web, local, python
MD5 | a08c950a24eed7173d10eedf262b18f9
Hackers 2 Hackers Conference 2010 Call For Papers
Posted Jul 26, 2010
Site h2hc.com.br

The Hackers 2 Hackers Conference (H2HC) 7th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from November 27th through the 28th, 2010.

tags | paper, conference
MD5 | 12de3bc173f5529e277ebfeb9786eb76
Joomla Youtube SQL Injection
Posted Jul 26, 2010
Authored by Forza-Dz

The Joomla Youtube component version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c8dd9f2b8c10c316d484ab3670899934
sNews SQL Injection
Posted Jul 26, 2010
Authored by MajoR

sNews suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ed4caa097d0a5510528623309e911953
WhiteBoard 0.1.30 Blind SQL Injection
Posted Jul 26, 2010
Authored by Salvatore Fresta

WhiteBoard version 0.1.30 suffers from remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2a19ae36375d32a5ab9fdedfbfb652cc
MC Content Manager Cross Site Scripting / SQL Injection
Posted Jul 26, 2010
Authored by MustLive

MC Content Manager suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 58d6abfd9ce2049944a7bf5349cdf4ca
Ubuntu Security Notice 958-1
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.

tags | advisory, web, overflow
systems | linux, ubuntu
advisories | CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
MD5 | 0de1e7fa26e9a0047dec66a87aa31f88
Page 1 of 3
Back123Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    9 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close