what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 82 RSS Feed

Files Date: 2010-09-21

Acoustica Audio Converter Pro 1.1 Heap Overflow
Posted Sep 21, 2010
Authored by Carlos Hollmann

Acoustica Audio Converter Pro version 1.1 suffers from a heap overflow vulnerability.

tags | exploit, overflow
SHA-256 | 6fe70bf67f386ffa96a5ec9a9281efa39e74f8f126906dac4fb3b69467545067
Gentoo Linux Security Advisory 201009-8
Posted Sep 21, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-8 - An untrusted search path vulnerability in python-updater might result in the execution of arbitrary code. Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path (sys.path) before calling import. Versions less than 0.7-r1 are affected.

tags | advisory, arbitrary, python
systems | linux, gentoo
SHA-256 | 1ff60790d2f7405b802381d13a92f2fc74aef95178c0c3b99d23582bb56b7d64
Gentoo Linux Security Advisory 201009-7
Posted Sep 21, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-7 - Multiple Denial of Services vulnerabilities were found in libxml2. Versions less than 2.7.3-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2414, CVE-2009-2416
SHA-256 | bdab84a12192d58604b471ca794e6a7959ec1e5edaa94c5aed690fb93624ee16
WebSuite SQL Injection
Posted Sep 21, 2010
Authored by jos_ali_joe

WebSuite suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c678b5364b351b1f8cdfde36a20d82701483f85ef55e6e38dd8d9f03e647d985
Atmail WebMail Cross Site Scripting
Posted Sep 21, 2010
Authored by Vicente Aguilera Diaz

Atmail Webmail suffers from a cross site scripting vulnerability. Versions prior to 6.2.0 are affected.

tags | exploit, xss
SHA-256 | cb6f90aa2c4b5814e7f1cc5ff1519d4fa832cced07f124d15e44fbe5111fb627
Tuenti.com Insecure Direct Object Reference
Posted Sep 21, 2010
Authored by Vicente Aguilera Diaz

Tuenti.com suffers from an insecure direct object reference vulnerability allowing anyone to read arbitrary blog posts.

tags | exploit, arbitrary
SHA-256 | 6f39659cdbc856ac25c93f23092ab2733e4e5ea90e0c2c8f02eb97c48177fd45
SnowFox Total Video Converter DLL Hijacking
Posted Sep 21, 2010
Authored by anT!-Tr0J4n

SnowFox Total Video Converter DLL hijacking exploit.

tags | exploit
SHA-256 | f305fbb47c1bafab15a61b7666cd2abaf37a056179305162482fb7708fd38355
CollabNet Subversion Cross Site Scripting
Posted Sep 21, 2010
Authored by Sumit Kumar Soni

CollabNet Subversion Edge versions 1.2 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 2b31fec8620d98b41749f84d2fdbd6e20459a5fbc5117ef577677d263e760e03
Softek Barcode Reader Toolkit Active-X 7.1.4.14 Buffer Overflow
Posted Sep 21, 2010
Authored by LiquidWorm | Site zeroscience.mk

Softek Barcode Reader Toolkit version 7.1.4.14 Active-X related buffer overflow proof of concept exploit.

tags | exploit, overflow, activex, proof of concept
SHA-256 | dceb54e1f32d6772544fa6532904219bd3241b6d0353f08dbdff2c9fb43cb1b2
wpQuiz 2.7 SQL Injection
Posted Sep 21, 2010
Authored by KnocKout

wpQuiz version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 85020cf3d0c88fd61910a8a4186652a6f78783e70b8465b29810d12f7e22b90b
ibPhotohost 1.1.2 SQL Injection
Posted Sep 21, 2010
Authored by fred777

ibPhotohost version 1.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 466f6f08172c676eddfac173eaccc72cc7e5c63b2dc337e0a85aace6712ff9a5
Month Of Abysssec Undisclosed Bugs - Microsoft Excel WOPT
Posted Sep 21, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a WOPT record parsing heap memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
advisories | CVE-2010-0824
SHA-256 | fe880ccab01d65f59e8f668c6229f63f7ddcc6fc21b3ff91caf035b6a6c9da43
Ubuntu Security Notice 990-2
Posted Sep 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 990-2 - USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.

tags | advisory, web, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555
SHA-256 | cccbd306122a0cbb598817a4a808664cd2a88b4fdb163db24e5ce00f2835f58f
Ubuntu Security Notice 990-1
Posted Sep 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 990-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.

tags | advisory, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555
SHA-256 | a0b60b36d1de06cc835d2420585e797c041653ecf96ec460c5a7ce10e0651f75
Month Of Abysssec Undisclosed Bugs - Personal.Net Portal
Posted Sep 21, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Personal.Net Portal version 2.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 43e1c2be4560ce1395c64a1b0cd930f7ab6a8d07084b282a1f6f0c725830faf5
Month Of Abysssec Undisclosed Bugs - Personal.Net Portal
Posted Sep 21, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Personal.Net Portal version 2.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 1c4b687e3deccab54c8f2c63ef0051120b09fe4d1b00c5094edb52789eb215a2
Novell iPrint Client ActiveX Control call-back-url Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-1527
SHA-256 | 7cbaaf11994cc2aa297944de64087d82388e708d5b6a96ed7191080f1ca223d0
Novell iPrint Client ActiveX Control debug Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest() property of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-3106
SHA-256 | e50f64e1f69d2ac7f0d33800fc3dc1283cd8c9b8ee93f24befcc1d27e5d76691
Mandriva Linux Security Advisory 2010-186
Posted Sep 21, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-186 - Cross-site scripting vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. This upgrade provides phpmyadmin 3.3.7 which is not vulnerable for this security issue.

tags | advisory, remote, web, arbitrary, php, xss
systems | linux, mandriva
advisories | CVE-2010-3263
SHA-256 | 1ed48851199098893a0ac5c5e4283162106e4c007e1f0e5f31aa3f5f41b6e8d8
Microsoft Print Spooler Service Impersonation Vulnerability
Posted Sep 21, 2010
Authored by H D Moore, jduck | Site metasploit.com

This Metasploit module exploits the RPC service impersonation vulnerability detailed in Microsoft Bulletin MS10-061. By making a specific DCE RPC request to the StartDocPrinter procedure, an attacker can impersonate the Printer Spooler service to create a file. The working directory at the time is %SystemRoot%\\\\system32. An attacker can specify any file name, including directory traversal or full paths. By sending WritePrinter requests, an attacker can fully control the content of the created file. In order to gain code execution, this module writes an EXE and then (ab)uses the impersonation vulnerability a second time to create a secondary RPC connection to the \\\\PIPE\\\\ATSVC named pipe. We then proceed to create a remote AT job using a blind NetrJobAdd RPC call.

tags | exploit, remote, code execution
advisories | CVE-2010-2729
SHA-256 | 04cbfe670279e81d3e5cc91c21f2c90426a352f556e914a6b712e856fe79bdf1
Secunia Security Advisory 41517
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, kernel, local
systems | linux, redhat
SHA-256 | 472da02a75450868ed4b78ce2d0e8356699fd1f0e3dd2bfd28997b8a70cbd502
Secunia Security Advisory 41524
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in JP1/Remote Control Agent, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, remote
SHA-256 | 0793f525bcfa7c2b33331977964c80603cccf02ae4831bd7f8b89ba53dc052bf
Secunia Security Advisory 41547
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniTouch Contact Center Standard Edition, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | ae8519bc068c6624f76f4eb602d5bf933b8c949e51f3d8183c24c2b1e8f163f6
Secunia Security Advisory 41509
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniTouch Contact Center Standard Edition, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | a3dbd319b746bb0f3f35b7dc60ddd7ff177f7b3b92fab0264d393a0e6e706cbd
Secunia Security Advisory 41508
Posted Sep 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniVista 4760, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 081b553ec2c3e82fb9da4a40bf10a871a623f9d017a9dfffa7e9d699cad22e99
Page 1 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close