what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2010-12-14

OpenBSD IPSEC Backdoored
Posted Dec 14, 2010
Authored by Theo de Raadt

Theo de Raadt has received a mail stating that the IPSEC stack in OpenBSD may have been backdoored since the year 2000 thanks to the FBI.

tags | advisory
systems | openbsd
SHA-256 | 8fe9ad852287fca32221a3cf69a2fe343de075d6442787f336fb7f5ef2265bba
Botan C++ Crypto Algorithms Library 1.9.12
Posted Dec 14, 2010
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: Compilation problems in the Boost.Python wrapper and in the OpenSSL plugin were fixed. The Keccak hash function, one of the five finalists in the SHA-3 contest, was added.
tags | library
systems | linux
SHA-256 | af165a702f2f9a749b6f53a0287ef13aee87d7343cc261526623841775b5accf
Internet Explorer CSS SetUserClip Memory Corruption
Posted Dec 14, 2010
Authored by Matteo Memelli, jduck, yuange1975 | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2010-3962, OSVDB-68987
SHA-256 | c5af90428a60eae212629d6165cc2ab369c2d3111464b63c3d7505ceda36a191
USBsploit 0.5
Posted Dec 14, 2010
Authored by Xavier Poli | Site secuobs.com

USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

Changes: Various updates.
tags | tool, x86, tcp, proof of concept
systems | unix
SHA-256 | 74de154e6346c40601af71d4ea64de7b4546327cdc860ad6a0dcf99b225c4692
RealPlayer RA5 Data Handling Heap Overflow Vulnerability
Posted Dec 14, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

tags | advisory, remote, web, overflow, arbitrary
SHA-256 | 6f509b1f5017a3048fef78a085858a29e8d684c16251cd60c9024a686c3cdd00
BlogCFC Cross Site Scripting
Posted Dec 14, 2010
Authored by ProCheckUp, Richard Brain | Site procheckup.com

BlogCFC suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4a5f358eaed72d5ca282ae8e50804475f5e28c6ce5892b58a294a6f1fbd50eca
Google Urchin 5.7.03 Local File Inclusion
Posted Dec 14, 2010
Authored by Kristian Hermansen

Google Urchin version 5.7.03 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 5e4cb1f96abd4d0dba19822c6f4cb88dbe18e99c1e9e68021ef02e64759e4502
slickMsg 0.7-alpha Cross Site Scripting
Posted Dec 14, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

slickMsg version 0.7-alpha suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c47f15d291a098777d8049b7c442a0f27bae35a13d72423b9d87eaea12757872
iDEFENSE Security Advisory 2010-12-14.1
Posted Dec 14, 2010
Authored by Jose Antonio Vazquez Gonzalez | Site idefense.com

iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to an uninitialized variable in the "CLayout::EnsureDispNode" method. This method is called to recalculate the location of various HTML elements within the page. This function passes a "CDispNodeInfo" object to another function, "CLayout::GetDispNodeInfo," which is supposed to initialize the object passed in; however, the function fails to properly initialize a flag's value that is used later to determine how many "extra" bytes to allocate for a heap buffer. This eventually leads to an undersized buffer being allocated to hold a "CDispClipNode" object in the "CLayout::EnsureDispNodeCore" function. The vulnerability manifests itself when the "CDispNode::SetUserClip" function attempts to use the invalid "extra size" to calculate an offset into the object and manipulate a bit at this location. This corrupts the objects VTABLE by setting the second bit to 1, which can lead to the execution of arbitrary code when this pointer is accessed later. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3962
SHA-256 | 71219e3d4aa0a8af4a6f70f59166543e9d763cb490d82b8b85ea2ee887b4898d
Honggfuzz CLI Fuzzer 0.1
Posted Dec 14, 2010
Authored by Robert Swiecki | Site code.google.com

Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.

tags | fuzzer
systems | linux, freebsd, apple, osx
SHA-256 | 5eabcb34e63989ed4f5642d912c8641cae186311d69337401092b6d50f806e3a
RealPlayer RealMedia Data Handling Heap Overflow
Posted Dec 14, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

tags | advisory, remote, web, overflow, arbitrary, vulnerability
SHA-256 | 3e744f583f0bb3a9b86c94fa386cfddbd0421f8807c4245fdcff1e5cb69a4a8b
ACROS Security Problem Report 2010-12-14.1
Posted Dec 14, 2010
Authored by ACROS Security, Simon Raner | Site acrossecurity.com

ACROS Security Problem Report #2010-12-14-1 - A binary planting vulnerability in Windows Address Book and Windows Contacts allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2010-3147
SHA-256 | 5d01b3714e5a1a07936f8d579e1f7f0c5b96811e39e1536e72e0ff2fd817f142
Secunia Security Advisory 42486
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 59bb62140bcea093be05c1dbd686bd9f6c70103f2f72a2d806c27770432fcadd
Secunia Security Advisory 42626
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Lotus Mobile Connect, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 85401715cf0ac0ada42352559cfc97ea1eab5025bdc99b22b85f69639e0804a4
Secunia Security Advisory 42580
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - R

tags | advisory, denial of service, local
SHA-256 | 9e42b971aa1a288eb0737f74050923329e951f22561e2bbe6e8f868a3fa95943
Secunia Security Advisory 42492
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities with an unknown impact have been reported in Adobe Photoshop.

tags | advisory, vulnerability
SHA-256 | 1c01da367357af6e3d2ae9ef591fad36ba3c14d6bf37e5486cccd56db9475cd4
Secunia Security Advisory 42346
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two weaknesses and some vulnerabilities have been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and conduct SQL injection attacks

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 92bf1c89f9077ee82bd9b34feef8e58b88fd70dae323cc9a6cf27f19b9a93b42
Secunia Security Advisory 42573
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | linux, debian
SHA-256 | 892970053aac12ea9031bbdafae6eeec4be64999d0e94476c6f55ad4e2261ade
Secunia Security Advisory 42568
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | 18d18170b497096e6e4fb614e52ae26ce9bec0cf791c4a40be04080834756879
Secunia Security Advisory 42569
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for firefox and xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | linux, fedora
SHA-256 | 0553de17f6237290198ce8435601c59d57a83815674def9e22053e2c0d299b87
Zero Day Initiative Advisory 10-285
Posted Dec 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-285 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpd server component which listens by default on UDP port 69. When handling the filename in a Read Request (0x01) packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the tftpd server process.

tags | advisory, remote, arbitrary, udp
SHA-256 | 82ccd040dbaba20699b014b47ff6ef8abe2763e1feeb146935df2c95f013eff2
Zero Day Initiative Advisory 10-284
Posted Dec 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-284 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing the Console DN field of incoming requests, the process can be made to overflow a stack buffer by 2 bytes. Due to the location of the destination buffer, an attacker can abuse this to overwrite a portion of a return address and execute remote code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, udp, tcp
SHA-256 | f769b1198961a1a95ef8fdec2b927504455807ef3244a9b9a20650b8abf2a28a
Zero Day Initiative Advisory 10-283
Posted Dec 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-283 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing incoming connections with specific version fields the process fails to initialize a string buffer intended to hold the name of the client. After making allocations based on the size of the uninitialized string, ZenRem32 proceeds to convert the buffer between wide-char and multi-byte data types. As the pointer is directed at uninitialized memory, this can be abused to corrupt the heap. An attacker can leverage this to execute remote code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp, tcp
SHA-256 | f9396dac764d7d1a9c721681fce74e2c96816fd09ecb655c0425db0a91d4c695
HP Security Bulletin HPSBUX02608 SSRT100333
Posted Dec 14, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02608 SSRT100333 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
SHA-256 | 97fdc4808f88742bed53b9c9225a0922b852aedbc8b9300b631e7e0f734fc91c
FontForge .BDF Buffer Overflow
Posted Dec 14, 2010
Authored by Ulrik Persson

FontForge version 0.0.20100501-2 is vulnerable to a .bdf file font file stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 89e18269a2ce0ac9a0deb84e3e64b9bcd74d7342f689b5a63d8c76e42afc7f22
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close