what you don't know can hurt you
Showing 1 - 25 of 35 RSS Feed

Files Date: 2010-10-20

In Memory Fuzzing - Real Time Input Tracing And In Memory Fuzzing
Posted Oct 20, 2010
Authored by sinn3r

Whitepaper called In Memory Fuzzing - Real Time Input Tracing and In Memory Fuzzing.

tags | paper
MD5 | 6804854ad9f42a484f9b50a11a26a3d0
MS10-070 ASP.NET Auto-Decryptor File Download
Posted Oct 20, 2010
Authored by Agustin Azubel | Site ampliasecurity.com

MS10-070 ASP.NET auto-decryptor file download proof of concept exploit.

tags | exploit, asp, proof of concept
MD5 | af077afaecde4564fca5a1f9b19c2959
Mandriva Linux Security Advisory 2010-207
Posted Oct 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-207 - A vulnerability in the GNU C library was discovered which could escalate the privileges for local users.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2010-3847
MD5 | eca357f574d6f5078d4c4e08e372c6ea
Ubuntu Security Notice 998-1
Posted Oct 20, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

tags | advisory, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
MD5 | 48f9473bdde9e557eb82a9dc8cbf51c0
Ubuntu Security Notice 997-1
Posted Oct 20, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 997-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

tags | advisory, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
MD5 | fe2f4f6d78a07a4d351c8681f9a37abb
Ubuntu Security Notice 1007-1
Posted Oct 20, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1007-1 - Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2010-3170, CVE-2010-3173
MD5 | cfa5970b4db4009992cdbf82016167d7
Core Security Technologies Advisory 2010.0819
Posted Oct 20, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A statically allocated buffer is overwritten in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi. This may result in arbitrary code execution by cleverly overwriting key pointers in memory.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-2891
MD5 | 61d3b52300e145dbbfb1d4c4b3f513da
sNews 1.7 Cross Site Scripting
Posted Oct 20, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

sNews version 1.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5de025e8946249d7ff19dd2855b210bb
Ubuntu Security Notice 1000-1
Posted Oct 20, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1000-1 - Various image updates have been provided. Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. Suresh Jayaraman discovered that CIFS did not correctly validate certain response packets. Various other issues have also been addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2798, CVE-2010-2942, CVE-2010-2946, CVE-2010-2954, CVE-2010-2955, CVE-2010-2960, CVE-2010-2963, CVE-2010-3015, CVE-2010-3067, CVE-2010-3078
MD5 | 9a6e8a6cc188250442d7b66222a06fbe
4Site CMS 2.6 Cross Site Scripting
Posted Oct 20, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

4Site CMS version 2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 367ad32798e53c724ea75a4792c4edda
Tribiq CMS 5.2.5 Path Disclosure
Posted Oct 20, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

Tribiq CMS version 5.2.5 suffers from a path disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 310c7d7932c4ec41d2a5bbc64105fdaa
DeluxeBB 1.3 SQL Injection
Posted Oct 20, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

DeluxeBB version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a3213cd1981a3f6ad2226ad299979b1e
vBulletin 3.6.1 SQL Injection
Posted Oct 20, 2010
Authored by jos_ali_joe

vBulletin version 3.6.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8bf6ff43671e5c19788c22d9ebe1774c
Winamp 5.5.8.2985 Stack Overflow
Posted Oct 20, 2010
Authored by Mighty-D

Winamp version 5.5.8.2985 stack overflow exploit that creates a malicious .mtm file.

tags | exploit, overflow
MD5 | 663745b52f3adbec6919fc2046b4df4b
Fat Player Media Player 0.6b0 Buffer Overflow
Posted Oct 20, 2010
Authored by dookie, James Fitts | Site metasploit.com

This Metasploit module exploits a buffer overflow in Fat Player 0.6b. When the application is used to import a specially crafted wav file, a buffer overflow occurs allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
MD5 | ff9b15dc97a34dbf1e22ffea5afc7854
Secunia Security Advisory 41906
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to potentially compromise a user's system.

tags | advisory, local, vulnerability
systems | linux, redhat
MD5 | c37c42b5df4e5caf7df9513bc6adaba5
Secunia Security Advisory 41908
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting, cross-site request forgery, click-jacking attacks, or compromise a user's system.

tags | advisory, vulnerability, xss, csrf
MD5 | 7b3f108e9c233f87e8669460462e10ed
Secunia Security Advisory 41901
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP AssetCenter and AssetManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 9d78064d7da387a755815bbb86c0badc
Secunia Security Advisory 41817
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in sNews, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 8748e64913c0e72e18094dcc580f187a
Secunia Security Advisory 41881
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS and potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, spoof, vulnerability
systems | linux, ubuntu
MD5 | 833b0ed0ec290fd0f1fedbdef64ae47a
Secunia Security Advisory 41921
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Explzh, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 32aaa482474ee462f0da4b458330f3e5
Secunia Security Advisory 41918
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in DeluxeBB, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | afe89f47c26e846928d4db9827238cc7
Secunia Security Advisory 41891
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in TIBCO ActiveMatrix products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 62c4494f9f315e858077f6ec02df6684
Secunia Security Advisory 41795
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tavis Ormandy has reported a weakness in the GNU C Library, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | 600c595f7ff5d44f19f45ec68bcaef20
Secunia Security Advisory 41885
Posted Oct 20, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for poppler. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, fedora
MD5 | 9bc8ef0c59e977ae2c70813913d69995
Page 1 of 2
Back12Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close