exploit the possibilities
Showing 1 - 25 of 36 RSS Feed

Files Date: 2010-10-22

Mandriva Linux Security Advisory 2010-211
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-211 - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
MD5 | 066c95dd5e2f680438f6ba1acfa11596
Mandriva Linux Security Advisory 2010-210
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-210 - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
MD5 | 40c7acd7841e2b6df76e215c6484bcb6
PyProxy Proxy Hunter And Tester 9
Posted Oct 22, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

PyProxy Proxy Hunter and Tester version 9 high-level cross protocol proxy-hunter python library.

tags | protocol, python, library
MD5 | adaa66906a6c1e137a4471e0889ad7c1
W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion
Posted Oct 22, 2010
Authored by MustLive

W-Agora versions 4.2.1 and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | f51500c1216c9c3ae53075545e443161
Mandriva Linux Security Advisory 2010-209
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-209 - A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2010-2891
MD5 | 60a5770bc5953985f60282903562370d
Debian Linux Security Advisory 2122-1
Posted Oct 22, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 63caa486471c8f786f73a386441d0b72
GNU C Library Dynamic Linker Arbitrary DSO dlopen
Posted Oct 22, 2010
Authored by Tavis Ormandy

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

tags | exploit, arbitrary
advisories | CVE-2010-3856
MD5 | e7a75708a976f650e0b0463308ae23b0
HP Security Bulletin HPSBMA02593 SSRT100237
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02593 SSRT100237 - A potential security vulnerability has been identified in HP Virtual Connect Enterprise Manager (VCEM) for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-3986
MD5 | 2766c1e3ba2252b55701fb79d61f931d
Spider Player 2.4.5 Denial Of Service
Posted Oct 22, 2010
Authored by Abdi Mohamed

Spider Player version 2.4.5 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | b58a7a190ab28d83a5dfdce98711482e
Internet Explorer Cross-Origin Leak
Posted Oct 22, 2010
Authored by Chris Evans

Microsoft Internet Explorer suffers from a cross-origin leak vulnerability.

tags | advisory
MD5 | 14d1c372a570dedccc3158153e8fac77
Ubuntu Security Notice 1008-2
Posted Oct 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1008-2 - Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the 'format=' option when specifying a disk. Original advisory notes that it was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.

tags | advisory, arbitrary
systems | linux, ubuntu
MD5 | a3abfa77d3f4af0f67ad5aec2b7c560c
Secunia Security Advisory 41936
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in iWiccle, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | dd6bd721099da476dc08d28d6991cb74
Secunia Security Advisory 41931
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - J. Greil has discovered multiple vulnerabilities in Sawmill, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, vulnerability, xss
MD5 | 2c743be862bce689c04fa5ca654bf9e3
Secunia Security Advisory 41944
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Chris Evans has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
MD5 | 78517b8e5d8f89ac0e157c19485e9818
Secunia Security Advisory 41894
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.

tags | advisory, denial of service, local, vulnerability, xss
MD5 | f1e0c8006c1108a087b3876888a42ca3
Mandriva Linux Security Advisory 2010-208
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-208 - It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2010-3711
MD5 | fdc76e0420b8e8e0b81428f7d41c884f
Pecio CMS 2.0.5 Cross Site Scripting
Posted Oct 22, 2010
Authored by Antu Sanadi | Site secpod.com

Pecio CMS version 2.0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a2ccad385227c04693b4a368e58988eb
Wiccle Web Builder CMS / iWiccle CMS Community Builder Cross Site Scripting
Posted Oct 22, 2010
Authored by Veerendra G.G | Site secpod.com

Wiccle Web Builder CMS and iWiccle CMS Community Builder both suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 6519f6058d267e0a8b8ca19e282d11ab
Ubuntu Security Notice 1008-1
Posted Oct 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242
MD5 | 3bc0e9eaf9450e6aff2d1956e653cd3b
Adobe Shockwave Player Memory Corruption
Posted Oct 22, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.

tags | exploit
MD5 | 4d8cb1cad42b76e5b40a9248e227fa53
Sawmill Enterprise Code Execution / Cross Site Request Forgery / Cross Site Scripting
Posted Oct 22, 2010
Authored by Johannes Greil | Site sec-consult.com

Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.

tags | exploit, overflow, arbitrary, vulnerability, code execution, xss, csrf
MD5 | 84dae5ff07d76b46a06710399212b1ff
Squirrelcart PRO 3.0.0 Blind SQL Injection
Posted Oct 22, 2010
Authored by Salvatore Fresta

Squirrelcart PRO version 3.0.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 87db803b47bda2c5554b200cdfe7eaee
HP Security Bulletin HPSBMA02596 SSRT100271
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02596 SSRT100271 - A potential security vulnerability has been identified in HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2010-3291
MD5 | 6842e48ce049162cb8d99f0bde3780d0
HP Security Bulletin HPSBMA02592 SSRT100300
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02592 SSRT100300 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows running Adobe Flash. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), and unauthorized modification. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, hpux
advisories | CVE-2010-0209
MD5 | dedef13b571bccc6dcadaddcf4fdcb9f
HP Security Bulletin HPSBMA02591 SSRT100299
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02591 SSRT100299 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site request forgery (CSRF), cross site scripting (XSS), and privilege escalation. Revision 1 of this advisory.

tags | advisory, vulnerability, xss, csrf
systems | linux, windows, hpux
advisories | CVE-2010-3288, CVE-2010-3289, CVE-2010-3290
MD5 | 5efe3f75a1c2db4d59b2b78cfdcf9e39
Page 1 of 2
Back12Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    1 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    20 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close