what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2010-12-16

Microsoft Internet Explorer Animation Use-after-free Vulnerability
Posted Dec 16, 2010
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when handling certain animation behaviors, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page.

tags | advisory, remote, web, arbitrary
advisories | CVE-2010-3343
SHA-256 | 330ad2faec658aa70f9c70da1561497c7262a8b59546d2216438b7b6ffe83195
Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability
Posted Dec 16, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by an array indexing error in "pubconv.dll" when processing a malformed value within a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.

tags | advisory, remote, arbitrary
advisories | CVE-2010-2571
SHA-256 | 43aac8ed8976ed13ccda0e97861b2b3709629169f2556b198b2d482442b2cbaa
Microsoft Office Publisher Record Array Indexing Vulnerability
Posted Dec 16, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by an array indexing error when processing a malformed record within a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3955
SHA-256 | 603e49d5fa7011c1d086f935bb72cb2deb90d9588947988c40c05def92caa937
Microsoft Office Publisher Size Value Heap Corruption Vulnerability
Posted Dec 16, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a heap corruption error in "pubconv.dll" while trusting a size value from a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.

tags | advisory, remote, arbitrary
advisories | CVE-2010-2569
SHA-256 | 591d6c511bb8a6f88dba0fe4856dfb099b7d1dc89c130d5503e1e15766321d24
Microsoft Office Publisher Memory Corruption Vulnerability
Posted Dec 16, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a memory corruption error when handling malformed Publisher documents, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3954
SHA-256 | 346bc82297626beb2fbe7a81582c8835f6d44e92821bfd9f647b17eefd9bbb86
Ubuntu Security Notice USN-1033-1
Posted Dec 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1033-1 - It was discovered that Eucalyptus did not verify password resets from the Admin UI correctly. An unauthenticated remote attacker could issue password reset requests to gain admin privileges in the Eucalyptus environment.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2010-3905
SHA-256 | aa93d4e58bf0f16527a4bd871d05ccec8f42aa8838181244caa4e816a8a2e784
Zero Day Initiative Advisory 10-292
Posted Dec 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-292 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when posting to the login form of the web based management web server. Proper bounds checking is not applied when parsing the Login variable which can result in an exploitable stack overflow. Successful exploitation can lead to complete system compromise under the SYSTEM credentials.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2010-4113
SHA-256 | 7603b259a27c7b72030c41173d6dcc10d07372d3faf4ab86bf2d90626588ffca
HP Security Bulletin HPSBUX02451 SSRT090137 4
Posted Dec 16, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02451 SSRT090137 4 - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 4 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2009-0696
SHA-256 | 2974503ed85abbfb35af3cc0ad6fc4f63b6d035432f9ec878a658627f540f4e4
HP Security Bulletin HPSBUX02351 SSRT080058 6
Posted Dec 16, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02351 SSRT080058 6 - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning. Revision 6 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2008-1447
SHA-256 | 6e8f4adb26ce8cc79500fd1bf1929d520aa0fc5884ea250e266b7016d1893279
Mandriva Linux Security Advisory 2010-256
Posted Dec 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-256 - A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, xss
systems | linux, mandriva
advisories | CVE-2010-3906
SHA-256 | 12cc44b1f8163524c2c9ae6870b8f546fbe57f84baf66e8584fb168f16d0fad7
HP Security Bulletin HPSBMA02617 SSRT100338
Posted Dec 16, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02617 SSRT100338 - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | windows
advisories | CVE-2010-4114
SHA-256 | 05198b3253d8ebef9f6132d98dcdb651928590311060d3a38b99ba81888e9aee
HP Security Bulletin HPSBMA02545 SSRT100139
Posted Dec 16, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02545 SSRT100139 - A potential security vulnerability has been identified with HP Power Manager (HPPM) running on Linux and Windows. The vulnerability could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | linux, windows
SHA-256 | 6e2988d31244a442c93893529f8e3f1ec635acdaceb8cb692d8eac66b7eec1da
HP Security Bulletin HPSBST02620 SSRT100356
Posted Dec 16, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02620 SSRT100356 - A potential security vulnerability has been identified with HP StorageWorks Modular Smart Array P2000 G3. This vulnerability could be exploited to allow remote unauthorized access. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2010-4115
SHA-256 | a51c5d9bff567dbf2478a76a0ada928af384ca136dab3254ac9bfffb82332c31
Altarsoft Audio Converter 1.1 Buffer Overflow
Posted Dec 16, 2010
Authored by C4SS!0 G0M3S

Altarsoft Audio Converter version 1.1 SEH overwrite buffer overflow exploit.

tags | exploit, overflow
SHA-256 | f16f0f363fef6668a5e70abd3c6a00b408121eaadcaa1a0c2e3d66990ee65a88
Internet Explorer 8 CSS Parser Exploit
Posted Dec 16, 2010
Authored by Nephi Johnson

This is a CSS parser exploit for Microsoft Internet Explorer 8.

tags | exploit
SHA-256 | bb93e5b0b97b3265146ab82a2666e6d12d20f24dd92dd3234811b9e3d14fce58
Gitweb 1.7.3.3 Cross Site Scripting
Posted Dec 16, 2010
Authored by Emanuele Gentili

Gitweb version 1.7.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3ed463648b053ada81f47d5062c2c073c26f44f5eb1e4f00a348c171ca401103
Aesop GIF Creator 2.1 Buffer Overflow
Posted Dec 16, 2010
Authored by xsploited Security

Aesop GIF Creator versions 2.1 and below buffer overflow exploit that creates a malicious .aep file.

tags | exploit, overflow
SHA-256 | 61914cba537898b62cc6712d77ea4ba353aff9349752feb03f24d19053973d1b
slickMsg 0.7-alpha Cross Site Scripting
Posted Dec 16, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

slickMsg version 0.7-alpha suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d6be37b63afeff30e7d9ca9a1ef68e86f48b4bcbc2499252f6bd6c4d3c022dce
Joomla JRadio Local File Inclusion
Posted Dec 16, 2010
Authored by Sid3 effects

The Joomla JRadio component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | aac4f7781d918cdd92d3ac53ac802b5532cc97fc3f84720acfa591ce3946d1bf
phpRS model-kits.php SQL Injection
Posted Dec 16, 2010
Authored by KnocKout

phpRS suffers from a remote SQL injection vulnerability in model-kits.php.

tags | exploit, remote, php, sql injection
SHA-256 | b387f2049ee316321f253a3374aaec7cc0a4b250856fd1fddde2f69cca339647
eWRC.cz Portal SQL Injection
Posted Dec 16, 2010
Authored by KnocKout

eWRC.cz Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0511e1957ec234062cff8993aeccf888efc4f2587a68c5e32b404cac7b9ccd8f
Swiss Cyber Storm 3 Call For Papers
Posted Dec 16, 2010
Site swisscyberstorm.com

The Call for Papers for the third Swiss Cyber Storm Security Conference in Switzerland is now open where the eminent figures in the international security industry will get together and share best practices and technology. The conference will be held at the University of Applied Sciences in Rapperswil lakeside of Lake Zurich on May 12th through the 15th, 2011.

tags | paper, conference
SHA-256 | 29233772221917a46b1f9f91794ca46ed956babee68f2500e87bce97009b4cc4
Joomla Lyftenbloggie Cross Site Scripting
Posted Dec 16, 2010
Authored by Ashiyane Digital Security Team

The Joomla Lyftenbloggie component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 74aacac0efc848b19ed3319b23dc16ab918331d64b7c64adf86d704ba0106a2b
QualDev eCommerce SQL Injection
Posted Dec 16, 2010
Authored by ErrNick

The QualDev eCommerce script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 13dcbe404016dabb654ca408e807871f75a29f71d7b84b3419b42b8e452dbceb
PHP Universal Web Messenger Cross-Domain Redirect
Posted Dec 16, 2010
Authored by ProCheckUp, Jan Fry | Site procheckup.com

PHP Universal Web Messenger suffers from a cross-domain redirect vulnerability.

tags | exploit, web, php
SHA-256 | 3d11a6d4f9d5cdf42c90ac17922caf1bba35357aa4b5bbdfd7e1d98500977074
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close