what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 61 RSS Feed

Files Date: 2010-07-26

Ubuntu Security Notice 964-1
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2010-0833
SHA-256 | b2737c5487ee0ccc3dd0aad08766de3ded97438472b971e00129211a3aad8404
Ubuntu Security Notice 930-6
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2755
SHA-256 | 0cbe8d05a764e5b496cb01656e64143f445ea1830d36e968351d0ef74ebca3f3
Ubuntu Security Notice 957-2
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2755
SHA-256 | 16e48f7ce91d82b0c33ab001e1e7a2c4d68028db35e9f025aa12897a6e511aa8
Likewise Open Logic Flaw
Posted Jul 26, 2010
Site likewise.com

Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.

tags | advisory, local, root
advisories | CVE-2010-0833
SHA-256 | 38c7f39d2b82f28d7e948cda23a7c17ad84d4b02355d6ec17cb2a2bc5a75629b
Nessus Cross Site Scripting / Information Disclosure
Posted Jul 26, 2010
Authored by Renaud Deraison | Site nessus.org

The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
SHA-256 | 8ebf160c845108fcb7fac85ca7e6aa7427a189c844a2dadca4911d578a00cd6e
Mac OS X WebDAV Kernel Extension Denial Of Service
Posted Jul 26, 2010
Authored by Dan Rosenberg

The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.

tags | advisory, denial of service, kernel, local
systems | apple, osx
advisories | CVE-2010-1794
SHA-256 | d6f15be99289fd0bcf6c81b9793b54371556cccddb48c1a7ecd9884a927c66d7
Foofus.net Security Advisory 20100726 - Symantec Antivirus CE Command Execution
Posted Jul 26, 2010
Authored by Spider | Site foofus.net

The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected.

tags | advisory, tcp
SHA-256 | fbd8d8c9489c9d5364d8d254c147e664b61c9384cceec62815a48e5a516b2f90
FuzzDiff Crash Analysis Tool
Posted Jul 26, 2010
Authored by Dan Rosenberg | Site vsecurity.com

FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.

tags | fuzzer
SHA-256 | 64a2478b6758505b56ea79a765292e926f190b7255790d538d7a95e688fd16bb
Killed By Code - Software Transparency In Implantable Medical Devices
Posted Jul 26, 2010
Authored by Laura Moy, Lysandra Ohrstrom, Robert McVay, Karen Sandler

Whitepaper called Killed by Code: Software Transparency in Implantable Medical Devices.

tags | paper
SHA-256 | af90e47c4e2ab09755f1bc97c5d61b0691e93b7f7752cc9c24ac6a5974de2967
QQplayer 2.3.696.400p1 Buffer Overflow
Posted Jul 26, 2010
Authored by Lufeng Li

QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | df8b0e2bb9d5792041154196ddbe98dd0ae2a1df2a0f14877598e8664133de23
Oscommerce Max 2.0.25 Backup Related
Posted Jul 26, 2010
Authored by indoushka

Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability.

tags | exploit
SHA-256 | 5e74018474eda8cf0fa93c922c9191eee7ec4049bdf870c9ee7ceaadb6330a05
MySQL SQL Injection Tutorial
Posted Jul 26, 2010
Authored by Prashant Uniyal

This whitepaper is a MySQL SQL injection tutorial.

tags | paper, sql injection
SHA-256 | 517d27c0d6f06d56b0bfa16f3e725b79f33fe4a3755de1772342c7350620aa7c
XAOS CMS SQL Injection
Posted Jul 26, 2010
Authored by H-SK33PY

XAOS CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e5cfd804a58020e6e3ea34bdfeb752cd128c65e425ab5be93d4ff719c3f0b7bd
Ballettin Forum SQL Injection
Posted Jul 26, 2010
Authored by evolution

Ballettin Forum suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | f03d45799067236e31f36dd25387a83d8965b28786b1e5b55b2a18aab9b3912b
Digital Forensics Framework 0.7.0
Posted Jul 26, 2010
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: This release is dedicated to the DFRWS 2010 challenge. The API was rewritten to provide mapped file system objects, allowing data identification from a very low level. Attributes on nodes were improved, so any module can dynamically add its own attributes. Support was added for BSD systems. Many bugs were fixed. Graphical embellishments were made.
tags | tool, forensics
SHA-256 | fb2b7acd857cba9b4c1a757a137b0cca0e7013ec228cec1207e9e466749671c8
Freeway CMS 1.4.3.210 SQL Injection
Posted Jul 26, 2010
Authored by RoAd_KiLlEr

Freeway CMS version 1.4.3.210 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4e5f2a0cfddbc3d5700204c48260d7bee3e8451f021e2523e722d97d3fe49383
CMS Ignition SQL Injection
Posted Jul 26, 2010
Authored by Neavorc

CMS Ignition suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 03c0470ef1e1dba6af2c26304f9863eb2654a230b43b92c7139ef6a9dd46055b
3dl.am Script Mtxkl Raidrush Cross Site Scripting / SQL Injection
Posted Jul 26, 2010
Authored by indoushka

3dl.am Script Mtxkl Raidrush suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 1b2e68fbd7fac5c86d96bb86dcaa4852d45ad71c3d1085124e4009127447f9be
RewriteProxy Same-Domain Policy Bypass
Posted Jul 26, 2010
Authored by Noen | Site noen.svartboks.com

RewriteProxy is a small python tool that is based on the twisted library. Its purpose is to serve local files instead of remote files to fool the same-domain policy of modified flash and java-applets.

tags | java, remote, web, local, python
SHA-256 | eca6b434258f98306fbfe4e27f6f2f5a761dd5ee8cf65a55b9e18c282e184890
Hackers 2 Hackers Conference 2010 Call For Papers
Posted Jul 26, 2010
Site h2hc.com.br

The Hackers 2 Hackers Conference (H2HC) 7th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from November 27th through the 28th, 2010.

tags | paper, conference
SHA-256 | 94f4a0e2f129226948aea42f25a5113d71c147fe10c5de9d1f581fe896d5755e
Joomla Youtube SQL Injection
Posted Jul 26, 2010
Authored by Forza-Dz

The Joomla Youtube component version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3d3aff5e4a9c61938a2125377aa7583720a7da8f90dfc14f045bf0a43a05d64a
sNews SQL Injection
Posted Jul 26, 2010
Authored by MajoR

sNews suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 254ea89845f7694dae2b2659cadb767ceb55eb06e8ae2970e1f99fe1c94e7cc7
WhiteBoard 0.1.30 Blind SQL Injection
Posted Jul 26, 2010
Authored by Salvatore Fresta

WhiteBoard version 0.1.30 suffers from remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 08940cc3306709a98b325d021b6aaa33acdc5351462748d950fbbd0d70ca9524
MC Content Manager Cross Site Scripting / SQL Injection
Posted Jul 26, 2010
Authored by MustLive

MC Content Manager suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 265d3681b6a219ca2ac1a882ec056dc41c776f5a0d34b9c0b0aebeb14467c091
Ubuntu Security Notice 958-1
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.

tags | advisory, web, overflow
systems | linux, ubuntu
advisories | CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
SHA-256 | 5419ae4fb245c6c535395ea9b94b38b179ed987669180fa8c3c08cbbe2746990
Page 1 of 3
Back123Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    12 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close