what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2010-10-06

Zero Day Initiative Advisory 10-193
Posted Oct 6, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file format. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-3632
MD5 | 8a32e369e3555e5cd3ff789242b029da
Zero Day Initiative Advisory 10-192
Posted Oct 6, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. Within the 'desc' tag there exists an embedded 'mluc' data structure. The code within ACE performs arithmetic on the second DWORD from the mluc structure and a value from the desc structure. The resulting integer is used for an allocation of a heap-based buffer. An attacker can forge these values to force the process to under-allocate this buffer and later overflow it during a copy operation. This leads to remote code execution under the context of the user running the application.

tags | advisory, remote, web, overflow, arbitrary, code execution
advisories | CVE-2010-3622
MD5 | 6d086529e45af94fb8f79eb07839daff
RSA SecurID 800 Authenticator Secret Extraction
Posted Oct 6, 2010
Site emc.com

RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.

tags | advisory
advisories | CVE-2010-3321
MD5 | b1fad4c29869bb1fc16688313e470d38
Core Security Technologies Advisory 2010.0701
Posted Oct 6, 2010
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - Adobe Acrobat Reader is prone to a use-after-free vulnerability due to an invalid usage of a released memory chunk. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Acrobat Reader to open a specially crafted file and click on PAGES thumbnails.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3627
MD5 | 1b7bf899c61dd3e017480fd4996ce2fb
Joomla Basdv Local File Inclusion / Directory Traversal
Posted Oct 6, 2010
Authored by Fl0riX

The Joomla Bsadv component suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | ecbf4197ce95f4f693a05e072579a778
Zero Day Initiative Advisory 10-191
Posted Oct 6, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0xFFFFFFFF a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2010-3621
MD5 | b4e6f013526b5571202f50d8fe243dda
Digital Whisper Electronic Magazine #13
Posted Oct 6, 2010
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 13. Written in Hebrew.

tags | magazine
MD5 | 0407917027a0ac144b9ca0ef2293808a
Ubuntu Security Notice 1001-1
Posted Oct 6, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1001-1 - The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2010-2526
MD5 | c1d802ce1bc6e8db2fe0252475849339
Joomla Club Manager SQL Injection
Posted Oct 6, 2010
Authored by Fl0riX

Joomla Club Manager component remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | 06455c882b958de32f5fa6838602dd82
Technical Cyber Security Alert 2010-279A
Posted Oct 6, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-279A - Adobe has released Security Bulletin APSB10-21, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

tags | advisory, vulnerability
MD5 | d142aea56d77661c24005c01ffc5661a
HP Data Protector Media Operations Denial Of Service
Posted Oct 6, 2010
Authored by d0lc3

HP Data Protector Media Operations NULL pointer dereference remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 691ec63ef86aafd5f4416a1beb1e975c
Mandriva Linux Security Advisory 2010-197
Posted Oct 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-197 - An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-3433
MD5 | 08a3b0fdc30d70b5b5fe5623dae9d042
Microsoft IIS FTP Server NLST Response Overflow
Posted Oct 6, 2010
Authored by H D Moore, Kingcope | Site metasploit.com

This Metasploit module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).

tags | exploit, overflow
advisories | CVE-2009-3023
MD5 | 2d7090cb831b8a36bb2070fb81db4f50
HP Data Protector Manager 6.11 Denial Of Service
Posted Oct 6, 2010
Authored by Pepelux | Site enye-sec.org

HP Data Protector Manager version 6.11 NULL pointer dereference remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 5e5696b094d752538b7042078045c99c
TomatoCart 1.0.1 Cross Site Scripting
Posted Oct 6, 2010
Authored by LiquidWorm | Site zeroscience.mk

TomatoCart version 1.0.1 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | a59f79578537ea42356c65842552296b
nSense Vulnerability Research Security Advisory NSENSE-2010-001
Posted Oct 6, 2010
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected.

tags | exploit, remote, arbitrary
advisories | CVE-2010-3631
MD5 | 066ec21826ff6faef2095ec293147509
Feindura File Manager 1.0 Shell Upload
Posted Oct 6, 2010
Authored by KnocKout

Feindura File Manager version 1.0 suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 93f7768919d54aca23244c089a6c200a
AlZip 7.4 DLL Hijacking
Posted Oct 6, 2010
Authored by Pepelux | Site enye-sec.org

AlZip version 7.4 DLL hijacking exploit that leverages ieframe.dll.

tags | exploit
MD5 | 7278faeeff2a3e7bc7d47b3697d784e6
My Vacation Tracker DLL Hijacking
Posted Oct 6, 2010
Authored by anT!-Tr0J4n

My Vacation Tracker DLL hijacking exploit that leverages svctaglib.dll.

tags | exploit
MD5 | 663c0f95ff02670e83250acb2ba4cced
Dupehunter Professional DLL Hijacking
Posted Oct 6, 2010
Authored by anT!-Tr0J4n

Dupehunter Professional DLL hijacking exploit that leverages fwpuclnt.dll.

tags | exploit
MD5 | a7e0cfadca954643181416799fc5d2d1
Secunia Security Advisory 41656
Posted Oct 6, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Foxit Reader, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 5c4e638213cdef6819eac5d2d89d5060
Secunia Security Advisory 41679
Posted Oct 6, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in BrailleNote Apex devices, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 9e9c875f2bb83fe8d01259d9c3115b25
Secunia Security Advisory 41673
Posted Oct 6, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Foxit Phantom, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | a588d61173b220d52696501103909afa
Secunia Security Advisory 41691
Posted Oct 6, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
MD5 | 84c6c171e27fb74d20644a4a0b44e788
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close