Exploit the possiblities
Showing 1 - 25 of 53 RSS Feed

Files Date: 2011-03-07

Mandriva Linux Security Advisory 2011-042
Posted Mar 7, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-042 - Security issues were identified and fixed in mozilla-thunderbird. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-0053, CVE-2011-0061, CVE-2011-0062, CVE-2010-1585
MD5 | c18745e5601f0337f61235867e05194f
Ubuntu Security Notice USN-1049-2
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062, CVE-2011-0056
MD5 | ed6a0c6776f2067a9a92b34fb4bbce08
STARTTLS Plaintext Injection
Posted Mar 7, 2011
Authored by Wietse Venema

Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.

tags | advisory
advisories | CVE-2011-0411
MD5 | 1b04af43139f06389239140f5ad5fb22
BMForum Myna 6.0 SQL Injection
Posted Mar 7, 2011
Authored by Stephan Sattler

BMForum Myna version 6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 35240961b5f40f0bd10e367084f16c64
Hashkill 0.2.4
Posted Mar 7, 2011
Authored by gat3way | Site gat3way.eu

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.

Changes: The most important new feature is GPU-based cracking. The GPU kernels are highly optimized to deliver very fast speeds. Various other bug fixes and feature enhancements added.
tags | cracker
systems | linux, unix
MD5 | 1bd25a7df7544f3653eba97b5b15d85c
Mutt SMTP TLS Verification Failure
Posted Mar 7, 2011
Authored by dave b

It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.

tags | advisory
MD5 | c194da6cc8894df5a3eff430bb2d9280
Metasploit Framework 3.6.0
Posted Mar 7, 2011
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: This release adds 15 new exploits for a total of 64 new modules since version 3.5.1. Includes Post Exploitation modules that provide local exploits and additional data gathering capabilities.
tags | tool, ruby
systems | unix
MD5 | c40cd0b56a666316e91718d72ebec86c
RECON 2011 Call For Papers
Posted Mar 7, 2011
Authored by RECON 2011 | Site recon.cx

RECON 2011 Call For Papers - RECON is a security conference taking place in downtown Montreal from July 8th through the 10th.

tags | paper, conference
MD5 | 7ec97d56cee0974e0732ac83a21af9e0
Ubuntu Security Notice USN-1085-1
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1085-1 - Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597, CVE-2010-2598, CVE-2010-2630, CVE-2010-3087, CVE-2011-0191, CVE-2011-0192
MD5 | 98206d281f78cc5326593ab95451050c
Ubuntu Security Notice USN-1084-1
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1084-1 - It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.

tags | advisory, remote, denial of service, udp
systems | linux, ubuntu
advisories | CVE-2011-1002
MD5 | cf624d65b1068aa3b6ce89b93fe69472
Apple iPhone 4 Passphrase Disclosure
Posted Mar 7, 2011
Site tehtri-security.com

Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.

tags | advisory, local
systems | apple, iphone
MD5 | 5806a00d78c413e35d82e31be0490810
ARP-Scan ARP Generation Tool 1.8
Posted Mar 7, 2011
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: The IEEE OUI and IAB files were updated. Support was added for trailer ARP replies. Support for LLC/SNAP packets with the 802.1Q tag was added. Full help output is no longer displayed for usage errors. Apple Mac OS X Tiger, Leopard, and Snow Leopard are now supported. The license was changed from GPL v2 to v3. A DoS warning was added to the manpage and help output. New arp fingerprints were added. gcc compiler security options were enabled. "make check" tests were added. The Perl scripts were modified to work on systems where the perl executable is not in /usr/bin. Various minor bugfixes and improvements were made.
tags | tool, scanner, protocol
systems | unix
MD5 | be8826574ec566217eb7ca040fe472f9
Softman Admin SQL Injection
Posted Mar 7, 2011
Authored by eXeSoul

The Softman administrative login page suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 09b607b1e78b5790c4848784017eca7b
Kodak Insite 5.5.2 Cross Site Scripting
Posted Mar 7, 2011
Authored by Dionach

Kodak InSite version 5.5.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f1ed2a800ad6b74c542f6b67476c0c6c
KingView 6.5.3 SCADA Active-X
Posted Mar 7, 2011
Authored by Carlos Mario Penagos Hollmann

KingView version 6.5.3 SCADA related active-x exploit.

tags | exploit, activex
MD5 | cf490f30ef094c615198e25a615d832e
Bacula-Web 1.3.x Cross Site Scripting / SQL Injection
Posted Mar 7, 2011
Authored by b0telh0 | Site gotgeek.com.br

Bacula-Web version 1.3.x suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
MD5 | e3756be1d26d06db5f1e2707950eb0bd
Weborf 0.12.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Weborf version 0.12.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | c8515c8da97ba8879ad224b987ff300f
Hiawatha WebServer 7.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Hiawatha WebServer version 7.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | a6a50f7d3a5db91c593cafb0bdbad9b4
Mutare Software EVM 2.2.9 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 7, 2011
Authored by Travis Lee

Mutare Software EVM version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 726f81101b40c99683eb37dcf0d25b4a
SMTP Verification Tool
Posted Mar 7, 2011
Authored by Confirm

This script is a simple SMTP verification tool to send mail.

tags | tool
systems | unix
MD5 | b8ebd77f77c5baca23a5e6eed2ef6fd7
Secunia Security Advisory 43634
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 6dc2835453b8170e7ca17db64d4b370d
Secunia Security Advisory 43617
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for q. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, fedora
MD5 | 6d2ee0acf32dfb21979ed6958a5203ba
Secunia Security Advisory 43665
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, fedora
MD5 | b64e63efd7783d74622ab286f78e314b
Secunia Security Advisory 43630
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in InterPhoto Gallery, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 304fce4ff9a9c1e661a511dec7eb87f2
Secunia Security Advisory 43645
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two security issues have been reported in GNU TeXmacs, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | cdf111ba0ef3e1686b06d26f90047b7c
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close