Exploit the possiblities
Showing 1 - 25 of 869 RSS Feed

Files Date: 2010-10-01 to 2010-10-31

Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Posted Oct 29, 2010
Authored by Kees Cook

Linux kernel arbitrary write memory write via v4l1 compat ioctl exploit.

tags | exploit, arbitrary, kernel
systems | linux
advisories | CVE-2010-2963
MD5 | e4406c49407ec6da26657b3fa7bbd5a9
SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Posted Oct 29, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2010-2583
MD5 | c4af04d7c30dd03dda3e8f5888336601
Adobe Shockwave Player "DEMX" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2582
MD5 | 061d0e03670a14fb830e0d5925cefc41
Adobe Shockwave Player "pamm" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-2581
MD5 | a728cd76edd25558331438f7dcb649d7
Ubuntu Security Notice 1011-3
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1011-3 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3765
MD5 | 637c75af6ed7cfc0f7633dc195d05bb4
Free Adult Script 2 SQL Injection
Posted Oct 29, 2010
Authored by HeRoTuRK

Free Adult Script version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8fdb30f112bf9bdc83784fb66bdcfcba
Joomla Jcars SQL Injection
Posted Oct 29, 2010
Authored by Fl0riX

The Joomla Jcars component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 168f1175402ee4df1cb11329bc1dc27f
Adobe Shockwave Director pamm Chunk Memory Corruption
Posted Oct 29, 2010
Authored by TELUS Security Labs | Site telussecuritylabs.com

A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-4084
MD5 | 94bbf579e7ce82be3b0c69ebe04c3417
Ubuntu Security Notice 1010-1
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.

tags | advisory, java, web, local, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574
MD5 | 73094410a6a76a0e8a4a0ffcf5b3457f
Firefox Memory Corruption
Posted Oct 29, 2010

This is a simplified memory corruption proof of concept exploit for Firefox.

tags | exploit, proof of concept
advisories | CVE-2010-3765
MD5 | 8b26f4512456a230d56e2d6f845a78a2
mygamingladder MGL Combo System 7.5 SQL Injection
Posted Oct 29, 2010
Authored by Easy Laster

mygamingladder MGL Combo System versions 7.5 and below remote SQL injection exploit that leverages game.php.

tags | exploit, remote, php, sql injection
MD5 | 61579276895b10192aca384a888d59c3
PHPKit 1.6.1 R2 SQL Injection
Posted Oct 29, 2010
Authored by Easy Laster

PHPKit versions 1.6.1 R2 and below remote SQL injection exploit that leverages overview.php.

tags | exploit, remote, php, sql injection
MD5 | 673d8c4b911aed9e80fd11dee182db63
Ubuntu Security Notice 1011-2
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1011-2 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3765
MD5 | c244a782c438ac4e72bae66a0daaeca7
Mandriva Linux Security Advisory 2010-213
Posted Oct 29, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.

tags | advisory, remote, arbitrary, javascript
systems | linux, mandriva
advisories | CVE-2010-3765
MD5 | bedf28c35a50e9cb8f7f2d68bd4533be
Feindura CMS 1.0rc Cross Site Scripting / Local File Inclusion
Posted Oct 29, 2010
Authored by Wireghoul | Site justanotherhacker.com

Feindura CMS versions 1.0rc and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 5c6228b397defd3c0cac80c8df009bc4
nSense Vulnerability Research Security Advisory 2010-002
Posted Oct 29, 2010
Authored by Jokaim

nSense Vulnerability Research Security Advisory - Teamspeak 2 version 2.0.32.60 suffers from a remote code execution vulnerability. The specific flaw exists within the TeamSpeak.exe module teardown procedure responsible for freeing dynamically allocated application handles.

tags | advisory, remote, code execution
MD5 | 6c1259bf89876a4db26f387ccbe3d915
Home FTP Server 1.10.3 / 1.11.1 Directory Traversal
Posted Oct 29, 2010
Authored by chr1x

Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149) both suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | a873431ae17f48835410c655973b0fa4
XBMC 9.04.1r20672 Buffer Overflow
Posted Oct 29, 2010
Authored by n00b

XBMC version 9.04.1r20672 soap_action_name post upnp sscanf buffer overflow exploit with windows bindshell code.

tags | exploit, overflow
systems | windows
MD5 | 121b43429b5d96e72da25f8f0482bb29
Secunia Security Advisory 41952
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | ce043d86e90d1ea68eea507736d89494
Secunia Security Advisory 42020
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, fedora
MD5 | 39c749bdfcd3f88715606712f74b6a41
Secunia Security Advisory 40590
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 3125432956b0db9c92a9ee3ae5fe4d26
Secunia Security Advisory 42011
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | cisco
MD5 | a994c58947e472104badab7c7164a618
Secunia Security Advisory 42013
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.

tags | advisory, vulnerability
MD5 | 85fe8f6c8c40fe1daf67e2b11bb954b0
Secunia Security Advisory 42027
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

tags | advisory, web, denial of service, vulnerability
MD5 | ea5dc6ac31df8683587918407bdf0a3a
Secunia Security Advisory 41975
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 50b7299f596b83dfd7b5dab4efb83cda
Page 1 of 35
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close