ignore security and it'll go away
Showing 1 - 25 of 41 RSS Feed

Files Date: 2011-02-10

Core Security Technologies Advisory 2011.0103
Posted Feb 10, 2011
Authored by Core Security Technologies, Ernesto Alvarez | Site coresecurity.com

Core Security Technologies Advisory - ManageEngine ADSelfService Plus version 4.4 suffers from authentication bypass, protection mechanism failure, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2010-3272, CVE-2010-3273, CVE-2010-3274
MD5 | ed1b7ed715db4bf307f5da51a62dee33
Debian Security Advisory 2159-1
Posted Feb 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2159-1 - Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2011-0531
MD5 | 3c5741b3f35101fd886b39fe20dca990
Apache Continuum Cross Site Request Forgery
Posted Feb 10, 2011
Authored by Brett Porter | Site continuum.apache.org

Apache Continuum versions 1.3.6 and 1.4.0 Beta suffer from a cross site request forgery vulnerability. Earlier unsupported versions are also vulnerable.

tags | advisory, csrf
advisories | CVE-2010-3449
MD5 | 2bd9d355e5cecdbba70d5b3f29382f8d
Internet Explorer CSS Recursive Import Use After Free
Posted Feb 10, 2011
Authored by jduck, d0c_s4vage, passerby | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-3971, OSVDB-69796
MD5 | f182bbd7b03a7d95847c78307969365d
OpenSSL Toolkit 1.0.0d
Posted Feb 10, 2011
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Parsing of the OCSP stapling ClientHello extension was fixed. This issue was reported as CVE-2011-0014. A bug in string printing code, where the escape character itself was not escaped, was fixed.
tags | encryption, protocol
systems | unix
advisories | CVE-2011-0014
MD5 | 40b6ea380cc8a5bf9734c2f8bf7e701e
Apache Continuum Cross Site Scripting
Posted Feb 10, 2011
Authored by Brett Porter | Site continuum.apache.org

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.

tags | advisory, arbitrary, javascript
advisories | CVE-2011-0533
MD5 | 09e317e35e26263a626c5d31513d7a74
XM Easy Personal FTP Server 5.8.0 Denial Of Service
Posted Feb 10, 2011
Authored by Houssam Sahli

XM Easy Personal FTP Server version 5.8.0 (TYPE) denial of service exploit.

tags | exploit, denial of service
MD5 | 01342c8a4978733684f113c678a3cb08
Ubuntu Security Notice USN-1060-1
Posted Feb 10, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1060-1 - It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS.

tags | advisory, denial of service, local, root
systems | linux, debian, ubuntu
advisories | CVE-2010-2023, CVE-2010-2024, CVE-2010-4345, CVE-2011-0017
MD5 | 45c3edcc9b8301f1a4544a7dcbb9cf4e
Microsoft Windows CreateSizeDIBSECTION Stack Buffer Overflow
Posted Feb 10, 2011
Authored by Yaniv Miron, jduck, Moti, Xu Hao | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the handling of thumbnails within .MIC files and various Office documents. When processing a thumbnail bitmap containing a negative 'biClrUsed' value, a stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to trigger the vulnerable code, the folder containing the document must be viewed using the "Thumbnails" view.

tags | exploit, overflow, arbitrary, code execution
advisories | CVE-2010-3970, OSVDB-70263
MD5 | 148aa675b1dfcf9196ba70079e237417
Drupal CAPTCHA Logic Security Flaw
Posted Feb 10, 2011
Authored by Michele Orru

This is a proof of concept to demonstrate a logic security flow in the way Drupal CAPTCHA is used to protect login forms from bruteforce. If the CAPTCHA challenge is solved, the next login attempts can be issued without solving any new CAPTCHA challenge.

tags | exploit, proof of concept
MD5 | 2c9031b926a0ce43ba7444e69b2948f0
Secunia Security Advisory 43259
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Model Agentur products, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | b13c4ffffaeb9e38448f5a9012c8ccec
Secunia Security Advisory 43296
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM WebSphere Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | a0e1de8e637b7f07837f0d0da104b9ae
Exploiting ARM Linux Systems
Posted Feb 10, 2011
Authored by Emanuele Acri

Whitepaper called Exploiting ARM Linux systems.

tags | paper
systems | linux
MD5 | ddfb3f1c86d5e1767c74ca7c1c794c86
Secunia Security Advisory 43227
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 5e661dcac85c5b0f09b12e6b58a0081e
Secunia Security Advisory 43255
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local, vulnerability
systems | windows
MD5 | 380a90c22463f9fa7044ff5fc536f404
Secunia Security Advisory 43257
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | windows
MD5 | 1f98f56690c30072193e669e6dfd4d66
Secunia Security Advisory 43253
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | windows
MD5 | 3cfb6986b663f88986cf0f4c7140272c
Secunia Security Advisory 43021
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 50bf1ce771101919fdcef151548c6eca
Secunia Security Advisory 43202
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Data Protector, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 66e176268716f1ef69768c68c757e448
Secunia Security Advisory 43236
Posted Feb 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, suse
MD5 | a44307b320439eccaf4c1f6c9983ad1c
Mandriva Linux Security Advisory 2011-025
Posted Feb 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-025 - The MIT krb5 KDC database propagation daemon is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC. The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-4022, CVE-2011-0281, CVE-2011-0282
MD5 | 7b526947f7ae90f2ca47e7ea2fd3b474
Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution
Posted Feb 10, 2011
Authored by Luigi Auriemma, Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing font structures within Director files. While processing data within the PFR1 chunk, the process trusts a size value and compares a sign-extended counter against it within a copy loop. By providing a sufficiently large value, this flaw can be abused by a remote attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0569
MD5 | e66d7433e8eed22c83409d7ce51650c6
getTorExitNode Python Script
Posted Feb 10, 2011
Authored by Sebastien Damaye

getTorExitNode is a tool that aims at providing torproxy (from tortunnel) with a valid Tor exit node. It returns one or all valid Tor exit nodes. Written in Python.

tags | tool, python, peer2peer
MD5 | 5f7482453e816c70ce83e2049c828138
Debian Security Advisory 2158-1
Posted Feb 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2158-1 - Michael Brooks (Sitewatch) discovered a reflective XSS flaw in cgiirc, a web based IRC client, which could lead to the execution of arbitrary javascript.

tags | advisory, web, arbitrary, javascript
systems | linux, debian
advisories | CVE-2011-0050
MD5 | 02c5257607f1eaa6ea60a0835361e093
Mptcp Packet Manipulator 1.6
Posted Feb 10, 2011
Authored by Khun | Site hexcodes.org

Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.

tags | tool, scanner, tcp
systems | unix
MD5 | e7016707b2853866f3d97b8247736c6f
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close