the original cloud security
Showing 1 - 25 of 25 RSS Feed

Files Date: 2010-07-27

PHPKIT WCMS 1.6.5 Cross Site Scripting
Posted Jul 27, 2010
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

PHPKIT WCMS version 1.6.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 0703add159aebb090826a24794228dde
Mandriva Linux Security Advisory 2010-139
Posted Jul 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version.

tags | advisory, arbitrary, php
systems | linux, mandriva
advisories | CVE-2010-2484, CVE-2010-2225, CVE-2010-0397, CVE-2010-2531
MD5 | 2b75ea5f7908e8b6b979d2ee7f9b6e02
EasyFTP Server <= 1.7.0.11 MKD Command Stack Buffer Overflow
Posted Jul 27, 2010
Authored by x90c, jduck | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'MKD' commands, which leads to a stack based buffer overflow. NOTE: EasyFTP allows anonymous access by default. However, in order to access the 'MKD' command, you must have access to an account that can create directories. After version 1.7.0.12, this package was renamed "UplusFtp". This exploit utilizes a small piece of code that I\\'ve referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation. See references for more information.

tags | exploit, overflow
MD5 | a31ab6edcdb29318cc3ec1bcff1a522d
EasyFTP Server <= 1.7.0.11 LIST Command Stack Buffer Overflow
Posted Jul 27, 2010
Authored by jduck, Karn Ganeshan, MFR | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11. credit goes to Karn Ganeshan. NOTE: Although, this is likely to exploit the same vulnerability as the 'easyftp_cwd_fixret' exploit, it uses a slightly different vector.

tags | exploit, overflow
MD5 | dd1158c4d3c385cf313352a66803a9f8
EasyFTP Server <= 1.7.0.11 list.html path Stack Buffer Overflow
Posted Jul 27, 2010
Authored by ThE g0bL!N, jduck | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. After version 1.7.0.12, this package was renamed "UplusFtp". Due to limited space, as well as difficulties using an egghunter, the use of staged, ORD, and/or shell payloads is recommended.

tags | exploit, web, overflow, shell
MD5 | e8e1ba35a15a4cce0d46cd0b3dd34996
Hyleos ChemView ActiveX Control Stack Buffer Overflow
Posted Jul 27, 2010
Authored by Paul Craig, jduck, Dz_attacker | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-0679
MD5 | ba64d10e2eab24164863d5807b3b8829
Secunia Security Advisory 40694
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 7d093bb21740f176779302eb2f56a1d0
Secunia Security Advisory 40712
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | a9204d710498ed10201b163ee60482a7
Secunia Security Advisory 40757
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, fedora
MD5 | 85860c4cd8713a121b201303a313641e
Secunia Security Advisory 40736
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for likewise-open. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security features.

tags | advisory, local
systems | linux, ubuntu
MD5 | 1fed638221e997cb47e4da5f34608cc6
Secunia Security Advisory 40722
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Nessus Web Server plugin for Nessus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
MD5 | 2497944b3421b1b1b2f47ba507ae6b9f
Secunia Security Advisory 40754
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Vieira-Kurz has discovered some vulnerabilities in PHPKIT, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | d1521c7994ae759738f37ebf34f9e4a1
Secunia Security Advisory 40746
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AKY Blog, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 6b905aa1138a673dac6dd21880f84168
Secunia Security Advisory 40716
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Salvatore Fresta has discovered a vulnerability in the TTVideo component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 7185e37487e5d139658f63b959951167
Secunia Security Advisory 40721
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Private messaging extension for PunBB, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 2b15a5ae9aeb95bf16ce68c32ab025bd
Secunia Security Advisory 40758
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and some vulnerabilities have been reported in libvirt, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions.

tags | advisory, local, vulnerability
MD5 | e51f9e438baccc7808c9c73e64656595
Secunia Security Advisory 40731
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Wing FTP, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 40cee6c17f7fbbbe3348ff6cedcffdcf
Secunia Security Advisory 40769
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered some vulnerabilities in SyndeoCMS, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
MD5 | b0f62d4463f6bb8cc19aa89ade80573c
Secunia Security Advisory 40717
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, redhat
MD5 | 6c52a933f01967d654907d414bdf9550
Secunia Security Advisory 40720
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | fa7aac528a8a2f578ad9813509801219
Secunia Security Advisory 40762
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mysql. This fixes a security issue, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | 45be48b8d1a2a7c8fa468be2abeaf42b
Secunia Security Advisory 40725
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Likewise-CIFS and Likewise Open, which can be exploited by malicious, local users to bypass certain security features.

tags | advisory, local
MD5 | b3374d2a763c1ea5aa6ce5fead700125
Secunia Security Advisory 40693
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox and xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, ubuntu
MD5 | caa7f94888f830064e567a64534bf88a
Secunia Security Advisory 40756
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mingw32-libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, fedora
MD5 | 4a72974119c9ea359598debabd89b1c0
Secunia Security Advisory 40760
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for openttd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | faaa56306c4c75543159674dd4412147
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close