exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2010-12-14

OpenBSD IPSEC Backdoored
Posted Dec 14, 2010
Authored by Theo de Raadt

Theo de Raadt has received a mail stating that the IPSEC stack in OpenBSD may have been backdoored since the year 2000 thanks to the FBI.

tags | advisory
systems | openbsd
MD5 | 70875ebb23c2ed0a97e15cea229b96bf
Botan C++ Crypto Algorithms Library 1.9.12
Posted Dec 14, 2010
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: Compilation problems in the Boost.Python wrapper and in the OpenSSL plugin were fixed. The Keccak hash function, one of the five finalists in the SHA-3 contest, was added.
tags | library
systems | linux
MD5 | 1ee9230c6b19591ba32a6f83c7d6be3e
Internet Explorer CSS SetUserClip Memory Corruption
Posted Dec 14, 2010
Authored by Matteo Memelli, jduck, yuange1975 | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2010-3962, OSVDB-68987
MD5 | d8abe530c771ff9eb0b738f46b264236
USBsploit 0.5
Posted Dec 14, 2010
Authored by Xavier Poli | Site secuobs.com

USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

Changes: Various updates.
tags | tool, x86, tcp, proof of concept
systems | unix
MD5 | 283d3a1a3a762410fff49a4427277ca2
RealPlayer RA5 Data Handling Heap Overflow Vulnerability
Posted Dec 14, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

tags | advisory, remote, web, overflow, arbitrary
MD5 | ac00e56456d8fa5dc43143d1c0d1f091
BlogCFC Cross Site Scripting
Posted Dec 14, 2010
Authored by ProCheckUp, Richard Brain | Site procheckup.com

BlogCFC suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4293707b5c0efe092f4a07149b83e2ca
Google Urchin 5.7.03 Local File Inclusion
Posted Dec 14, 2010
Authored by Kristian Hermansen

Google Urchin version 5.7.03 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 2d7f8b9a45bd21ab41bb68b943645503
slickMsg 0.7-alpha Cross Site Scripting
Posted Dec 14, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

slickMsg version 0.7-alpha suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d6ce144c7cc05f486cd55f51b0f477fa
iDEFENSE Security Advisory 2010-12-14.1
Posted Dec 14, 2010
Authored by Jose Antonio Vazquez Gonzalez | Site idefense.com

iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to an uninitialized variable in the "CLayout::EnsureDispNode" method. This method is called to recalculate the location of various HTML elements within the page. This function passes a "CDispNodeInfo" object to another function, "CLayout::GetDispNodeInfo," which is supposed to initialize the object passed in; however, the function fails to properly initialize a flag's value that is used later to determine how many "extra" bytes to allocate for a heap buffer. This eventually leads to an undersized buffer being allocated to hold a "CDispClipNode" object in the "CLayout::EnsureDispNodeCore" function. The vulnerability manifests itself when the "CDispNode::SetUserClip" function attempts to use the invalid "extra size" to calculate an offset into the object and manipulate a bit at this location. This corrupts the objects VTABLE by setting the second bit to 1, which can lead to the execution of arbitrary code when this pointer is accessed later. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3962
MD5 | ff4fcb727d31ed3a0610852f475e7e54
Honggfuzz CLI Fuzzer 0.1
Posted Dec 14, 2010
Authored by Robert Swiecki | Site code.google.com

Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.

tags | fuzzer
systems | linux, freebsd, apple, osx
MD5 | 678df7f9fbdfb547763940f356d1210a
RealPlayer RealMedia Data Handling Heap Overflow
Posted Dec 14, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

tags | advisory, remote, web, overflow, arbitrary, vulnerability
MD5 | 034b9c47521dacae5b8ed5740f1c8308
ACROS Security Problem Report 2010-12-14.1
Posted Dec 14, 2010
Authored by ACROS Security, Simon Raner | Site acrossecurity.com

ACROS Security Problem Report #2010-12-14-1 - A binary planting vulnerability in Windows Address Book and Windows Contacts allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2010-3147
MD5 | 1c6c01d13d0d8a856828fef754809146
Secunia Security Advisory 42486
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 6f49f623a582313b0e36025e612c0213
Secunia Security Advisory 42626
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Lotus Mobile Connect, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 7d09540cc2c5cce61c94ff9235ec5727
Secunia Security Advisory 42580
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - R

tags | advisory, denial of service, local
MD5 | 655e788e9cad64ebba271607a0a2f339
Secunia Security Advisory 42492
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities with an unknown impact have been reported in Adobe Photoshop.

tags | advisory, vulnerability
MD5 | ab182f128db2ec70734e4ce6465e419e
Secunia Security Advisory 42346
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two weaknesses and some vulnerabilities have been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and conduct SQL injection attacks

tags | advisory, vulnerability, xss, sql injection
MD5 | 0d17f4fdced8773490232d3fb7a304ba
Secunia Security Advisory 42573
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | linux, debian
MD5 | 73c31088336eb01c53d2f8b57c44dac4
Secunia Security Advisory 42568
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | 0c4f249afc300b530032b23606c9d047
Secunia Security Advisory 42569
Posted Dec 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for firefox and xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | linux, fedora
MD5 | 3b6cf7cea550565eee17aa9969cb2788
Zero Day Initiative Advisory 10-285
Posted Dec 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-285 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpd server component which listens by default on UDP port 69. When handling the filename in a Read Request (0x01) packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the tftpd server process.

tags | advisory, remote, arbitrary, udp
MD5 | 912e377fe5533ac8098d2446abdf8c40
Zero Day Initiative Advisory 10-284
Posted Dec 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-284 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing the Console DN field of incoming requests, the process can be made to overflow a stack buffer by 2 bytes. Due to the location of the destination buffer, an attacker can abuse this to overwrite a portion of a return address and execute remote code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, udp, tcp
MD5 | 67e63c228bf98c35ba3e89dcffef4442
Zero Day Initiative Advisory 10-283
Posted Dec 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-283 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing incoming connections with specific version fields the process fails to initialize a string buffer intended to hold the name of the client. After making allocations based on the size of the uninitialized string, ZenRem32 proceeds to convert the buffer between wide-char and multi-byte data types. As the pointer is directed at uninitialized memory, this can be abused to corrupt the heap. An attacker can leverage this to execute remote code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp, tcp
MD5 | d6fe8a208a12983489529cf554ca0487
HP Security Bulletin HPSBUX02608 SSRT100333
Posted Dec 14, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02608 SSRT100333 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
MD5 | b68da525da49bdae41840630336888fa
FontForge .BDF Buffer Overflow
Posted Dec 14, 2010
Authored by Ulrik Persson

FontForge version 0.0.20100501-2 is vulnerable to a .bdf file font file stack-based buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 657a700d690c8e9e473ae4c3e3213d03
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close