what you don't know can hurt you
Showing 1 - 25 of 82 RSS Feed

Files Date: 2010-09-21

Acoustica Audio Converter Pro 1.1 Heap Overflow
Posted Sep 21, 2010
Authored by Carlos Hollmann

Acoustica Audio Converter Pro version 1.1 suffers from a heap overflow vulnerability.

tags | exploit, overflow
MD5 | 5be5cb42b79b25e93aaba678eb290e95
Gentoo Linux Security Advisory 201009-8
Posted Sep 21, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-8 - An untrusted search path vulnerability in python-updater might result in the execution of arbitrary code. Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path (sys.path) before calling import. Versions less than 0.7-r1 are affected.

tags | advisory, arbitrary, python
systems | linux, gentoo
MD5 | 461206403c70f0e32c36471b9e8c3913
Gentoo Linux Security Advisory 201009-7
Posted Sep 21, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-7 - Multiple Denial of Services vulnerabilities were found in libxml2. Versions less than 2.7.3-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2414, CVE-2009-2416
MD5 | 624ca515e54009a7a9e5dcdd575d69b7
WebSuite SQL Injection
Posted Sep 21, 2010
Authored by jos_ali_joe

WebSuite suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a688832f2068989f49ac3eaadd6eda98
Atmail WebMail Cross Site Scripting
Posted Sep 21, 2010
Authored by Vicente Aguilera Diaz

Atmail Webmail suffers from a cross site scripting vulnerability. Versions prior to 6.2.0 are affected.

tags | exploit, xss
MD5 | 6269664e25f288c80b1c27ac1706590f
Tuenti.com Insecure Direct Object Reference
Posted Sep 21, 2010
Authored by Vicente Aguilera Diaz

Tuenti.com suffers from an insecure direct object reference vulnerability allowing anyone to read arbitrary blog posts.

tags | exploit, arbitrary
MD5 | 85d8ff22e0e8fa88a47d5a589d279db8
SnowFox Total Video Converter DLL Hijacking
Posted Sep 21, 2010
Authored by anT!-Tr0J4n

SnowFox Total Video Converter DLL hijacking exploit.

tags | exploit
MD5 | 80c294ada1144897a6bb580ff188b66d
CollabNet Subversion Cross Site Scripting
Posted Sep 21, 2010
Authored by Sumit Kumar Soni

CollabNet Subversion Edge versions 1.2 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 6b688d698e653e9209acf969738116a1
Softek Barcode Reader Toolkit Active-X 7.1.4.14 Buffer Overflow
Posted Sep 21, 2010
Authored by LiquidWorm | Site zeroscience.mk

Softek Barcode Reader Toolkit version 7.1.4.14 Active-X related buffer overflow proof of concept exploit.

tags | exploit, overflow, activex, proof of concept
MD5 | 8aa99dc0ba8a0fc008402b9f2de625cc
wpQuiz 2.7 SQL Injection
Posted Sep 21, 2010
Authored by KnocKout

wpQuiz version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | b95a0267ec3254d2181cca903235ce41
ibPhotohost 1.1.2 SQL Injection
Posted Sep 21, 2010
Authored by fred777

ibPhotohost version 1.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e461d1dc666787bbdbe1c1912a630c3c
Month Of Abysssec Undisclosed Bugs - Microsoft Excel WOPT
Posted Sep 21, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a WOPT record parsing heap memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
advisories | CVE-2010-0824
MD5 | 312e375131ffd5c847ea5ffed7b32309
Ubuntu Security Notice 990-2
Posted Sep 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 990-2 - USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.

tags | advisory, web, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555
MD5 | dc9e170fa39afa67eeb9040ec0773594
Ubuntu Security Notice 990-1
Posted Sep 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 990-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.

tags | advisory, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555
MD5 | 6737a9756adff06ae8a3e9f06b7a5db2
Month Of Abysssec Undisclosed Bugs - Personal.Net Portal
Posted Sep 21, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Personal.Net Portal version 2.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | a9ce156f99c6b869c1e190c0cb578279
Month Of Abysssec Undisclosed Bugs - Personal.Net Portal
Posted Sep 21, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Personal.Net Portal version 2.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 5130c835c14bff57dbe9bae50467f6dd
Novell iPrint Client ActiveX Control call-back-url Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-1527
MD5 | 80269d9e5705e85962cc7e26d8957a01
Novell iPrint Client ActiveX Control debug Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest() property of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-3106
MD5 | 4c82e48d18c60cbb339bae8863c7b2e3
Mandriva Linux Security Advisory 2010-186
Posted Sep 21, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-186 - Cross-site scripting vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. This upgrade provides phpmyadmin 3.3.7 which is not vulnerable for this security issue.

tags | advisory, remote, web, arbitrary, php, xss
systems | linux, mandriva
advisories | CVE-2010-3263
MD5 | a3e9be82850f5ebe1af8233fcc8b8a2f
Microsoft Print Spooler Service Impersonation Vulnerability
Posted Sep 21, 2010
Authored by H D Moore, jduck | Site metasploit.com

This Metasploit module exploits the RPC service impersonation vulnerability detailed in Microsoft Bulletin MS10-061. By making a specific DCE RPC request to the StartDocPrinter procedure, an attacker can impersonate the Printer Spooler service to create a file. The working directory at the time is %SystemRoot%\\\\system32. An attacker can specify any file name, including directory traversal or full paths. By sending WritePrinter requests, an attacker can fully control the content of the created file. In order to gain code execution, this module writes an EXE and then (ab)uses the impersonation vulnerability a second time to create a secondary RPC connection to the \\\\PIPE\\\\ATSVC named pipe. We then proceed to create a remote AT job using a blind NetrJobAdd RPC call.

tags | exploit, remote, code execution
advisories | CVE-2010-2729
MD5 | 0580f4d44dd64fd3314f7ef5a0b654d1
Secunia Security Advisory 41517
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, kernel, local
systems | linux, redhat
MD5 | e94030554d9e09c077344a0c6eea202b
Secunia Security Advisory 41524
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in JP1/Remote Control Agent, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, remote
MD5 | c818fbd3573a8e518717a7e6fb26f839
Secunia Security Advisory 41547
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniTouch Contact Center Standard Edition, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | c320135cfb0d450c13cdcea3d415681e
Secunia Security Advisory 41509
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniTouch Contact Center Standard Edition, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 20a07947462dfd87e0b470fdc462a4d6
Secunia Security Advisory 41508
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniVista 4760, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 1ed39946552432d6b49da2e1e0b15c9a
Page 1 of 4
Back1234Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close