what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2010-12-10

RealNetworks RealPlayer MDPR Chunk Size Remote Code Execution
Posted Dec 10, 2010
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's handling of Internet Video Recording (.ivr) files. While parsing the MLTI chunk the process trusts the field responsible for denoting the size of an embedded MDPR chunk. By modifying this value in an IVR file an attacker can force a misallocation on the heap. The process can then be made to write past the bounds of the buffer, corrupting memory. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4390
MD5 | d57fc3e4f7a0ffe83480766825ffd981
LiteSpeed Web Server 4.0.17 Remote Exploit
Posted Dec 10, 2010
Authored by Kingcope

LiteSpeed Web Server version 4.0.17 with PHP remote exploit for FreeBSD that uses a reverse shell.

tags | exploit, remote, web, shell, php
systems | freebsd
MD5 | 2d3e5a784a0108ae0da72eae6ba4dc25
RealNetworks RealPlayer MLTI Stream Number Remote Code Execution
Posted Dec 10, 2010
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's handling of Internet Video Recording (.ivr) files. While parsing the MLTI chunk the process trusts the field responsible for denoting the number of streams within the chunk. By modifying this value in an IVR file, an attacker can force a processing loop to overrun and corrupt heap memory. This can be abused to execute arbitrary code under the context of the user invoking RealPlayer.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-4390
MD5 | 40b796e0a9c507eccf6cb5b364a092ac
Joomla 1.5.22 Cross Site Scripting
Posted Dec 10, 2010
Authored by MustLive

Joomla versions 1.5.22 and below suffer from abuse of functionality and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 3ad99d28dcaab530f14f64787024eb63
Ostinato Traffic Generator 0.3 Windows Binary
Posted Dec 10, 2010
Authored by Srivats P | Site code.google.com

Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the windows binary release.

Changes: IGMP, MLD, HexDump (user defined content) protocols added. Several bugfixes.
tags | tool
systems | windows
MD5 | 86214e7e79cb74a7481fd39c064a182d
Ostinato Traffic Generator 0.3 Mac OS X
Posted Dec 10, 2010
Authored by Srivats P | Site code.google.com

Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.

Changes: IGMP, MLD, HexDump (user defined content) protocols added. Several bugfixes.
tags | tool
systems | windows, apple, osx
MD5 | 346794598d118f0ddbf426fffa9ad369
Ostinato Traffic Generator 0.3 Source Code
Posted Dec 10, 2010
Authored by Srivats P | Site code.google.com

Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark.

Changes: IGMP, MLD, HexDump (user defined content) protocols added. Several bugfixes.
tags | tool
systems | windows, unix
MD5 | 49fa70276970db49b76286dab845392a
PHP 5.3.3 GD Stack Buffer Overflow
Posted Dec 10, 2010
Authored by Martin Barbella

PHP 5.3.3 suffers from a GD extension imagepstext stack buffer overflow vulnerability.

tags | exploit, overflow, php
MD5 | 7ec710c7a6f71365327f60c945a26471
RealNetworks RealPlayer SIPR Stream Frame Dimensions Remote Code Execution
Posted Dec 10, 2010
Authored by Aaron Portnoy, Logan Brown, Zef Cekaj | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the drv1.dll module. Code responsible for parsing SIPR stream metadata trusts frame width and height values from the input file. By crafting particular values an integer value used in a loop can be made to wrap negatively. The loop will subsequently overflow a static heap buffer during an inline memory copy. By crafting a malicious .rm file an attacker can exploit this vulnerability remotely using the RealPlayer ActiveX control.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2010-4385
MD5 | b540a62fc52d5db7294384161939d54a
Joomla Redirect Local File Inclusion
Posted Dec 10, 2010
Authored by jos_ali_joe

The Joomla Redirect component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | c3f444be12101783765a0a81c8b25eb9
CMS Articles NA 1.4 SQL Injection
Posted Dec 10, 2010
Authored by jos_ali_joe

CMS Articles NA version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 053e86dacbf1dd8f0b978721a5fd3524
Novell Vibe 3 BETA OnPrem Stored Cross Site Scripting
Posted Dec 10, 2010
Authored by Rob Kraus, Paul Petefish | Site solutionary.com

Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2010-4322
MD5 | 0adf2e6995648c6c875ed90eec59aec1
PHP 5.3.3 Integer Overflow
Posted Dec 10, 2010
Authored by Maksymilian Arciemowicz

PHP version 5.3.3 suffers from a NumberFormatter::getSymbol integer overflow vulnerability.

tags | exploit, overflow, php
advisories | CVE-2010-4409
MD5 | c68f61c21b06e8a65aa26539e2b00396
slickMsg 0.7-alpha Cross Site Scripting
Posted Dec 10, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

slickMsg version 0.7-alpha suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fe3bac56114f55fc5ffa2fb07db34ebe
Sulata iSoft Local File Disclosure
Posted Dec 10, 2010
Authored by Sudden_death

Sulata iSoft suffers from a local file disclosure vulnerability in stream.php.

tags | exploit, local, php, info disclosure
MD5 | c19ec1abae9e83e4590e04e338508dda
BizDir 5.10 Cross Site Scripting
Posted Dec 10, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

BizDir version 5.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9725d5a197609e387c27755221f9651d
Joomla Billy Portfolio 1.1.2 Blind SQL Injection
Posted Dec 10, 2010
Authored by jdc

The Joomla Billy Portfolio component version 1.1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ac8c6ae39d5be9d246b772d20cf4b19e
ManageEngine EventLog Analyzer 6.1 Denial Of Service
Posted Dec 10, 2010
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

ManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.

tags | advisory, denial of service
MD5 | 50700c4e82b5c4a4d2f4678daeee5fab
Zero Day Initiative Advisory 10-263
Posted Dec 10, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-263 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA ARCserve Replication and High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "create_session_bab" SOAP operation, which is handled by the xosoapapi.asmx process that is crucial to the remote administration of both the High Availability and the Replication products. By sending a specially crafted POST request to the xosoapapi.asmx process a remote, unauthenticated attacker can trigger a buffer overflow condition that results in arbitrary code execution under the context of the SOAP server process.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2010-3984
MD5 | 74c9d6cf8c06993a5a378ebb7edf4809
Ubuntu Security Notice USN-1031-1
Posted Dec 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1031-1 - Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. In the default installation, attackers would be isolated by the clamav AppArmor profile.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
MD5 | 23bfe27bef4cf91e312438f34fccb9c6
Ubuntu Security Notice USN-1020-1
Posted Dec 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3768, CVE-2010-3776, CVE-2010-3777, CVE-2010-3778
MD5 | 27bbdcee48ac62006261faacf5f3c59f
Mandriva Linux Security Advisory 2010-251
Posted Dec 10, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-251 - Security issues were identified and fixed in firefox. Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. Mozilla security researcher moz_bug_r_a4 reported that the fix for could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges. Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that JavaScript arrays were vulnerable to an integer overflow vulnerability. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript
systems | linux, mandriva
advisories | CVE-2010-3770, CVE-2010-3774, CVE-2010-3773, CVE-2010-3767, CVE-2010-3766, CVE-2010-3775, CVE-2010-3768, CVE-2010-3772, CVE-2010-3771, CVE-2010-3769, CVE-2010-3776, CVE-2010-3777
MD5 | c4aa2eb6987477b821420bbc43858fc7
Zero Day Initiative Advisory 10-265
Posted Dec 10, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-265 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's management of the JSSLOT_ARRAY_COUNT annotation. This value represents the number of items filled within a given Array object. If an attacker creates an array to a high enough value, an initialization routine can be made to mis-allocate a buffer. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3767
MD5 | e0312be2eef4bc2b936dd5cfe202c10a
Zero Day Initiative Advisory 10-264
Posted Dec 10, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the NodeIterator API used for element traversal. Due to a particular element not implementing functionality required by the API, a use-after free vulnerability can be forced to occur. This can be used to achieve code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-3766
MD5 | 4f32245a4b8962601037e2cd20739110
Mandriva Linux Security Advisory 2010-250
Posted Dec 10, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-250 - The multipart_init function in Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2010-2761
MD5 | 709220f8801cc245849629a8a244431f
Page 1 of 2
Back12Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close