exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2011-03-07

Mandriva Linux Security Advisory 2011-042
Posted Mar 7, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-042 - Security issues were identified and fixed in mozilla-thunderbird. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-0053, CVE-2011-0061, CVE-2011-0062, CVE-2010-1585
SHA-256 | d081ba2d6bcd0e827d19b280698db60d8e35a96f8ae5dd9acd818b9b360f70b1
Ubuntu Security Notice USN-1049-2
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062, CVE-2011-0056
SHA-256 | 63a521ad446cb2ddd1af1035e156678cf3b9d54a0fd09d60d70e2e2288524400
STARTTLS Plaintext Injection
Posted Mar 7, 2011
Authored by Wietse Venema

Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.

tags | advisory
advisories | CVE-2011-0411
SHA-256 | 9f712fa40e77ec9b23f56ccf53d3c72849e5a9e1a7738c614836c68c8b9595c8
BMForum Myna 6.0 SQL Injection
Posted Mar 7, 2011
Authored by Stephan Sattler

BMForum Myna version 6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f77aeee1c4e7444553edfefcfc3ddffde43185244611bfaa9e13143b243449f8
Hashkill 0.2.4
Posted Mar 7, 2011
Authored by gat3way | Site gat3way.eu

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.

Changes: The most important new feature is GPU-based cracking. The GPU kernels are highly optimized to deliver very fast speeds. Various other bug fixes and feature enhancements added.
tags | cracker
systems | linux, unix
SHA-256 | 26a6c0886046f56b50a2bf26bba2ee3a754c57452de7073dcc492e03d8e07022
Mutt SMTP TLS Verification Failure
Posted Mar 7, 2011
Authored by dave b

It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.

tags | advisory
SHA-256 | aa82f3a4387c9f1c208d243be31c7c359907af947bf457a2bf81f7f172ea4bb7
Metasploit Framework 3.6.0
Posted Mar 7, 2011
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: This release adds 15 new exploits for a total of 64 new modules since version 3.5.1. Includes Post Exploitation modules that provide local exploits and additional data gathering capabilities.
tags | tool, ruby
systems | unix
SHA-256 | a113cf9e1a499377807990e506acad83afee18845a148a02747087132fac39a7
RECON 2011 Call For Papers
Posted Mar 7, 2011
Authored by RECON 2011 | Site recon.cx

RECON 2011 Call For Papers - RECON is a security conference taking place in downtown Montreal from July 8th through the 10th.

tags | paper, conference
SHA-256 | a6e2f7e8a1fc356e8567d73e1805b3fb57c537da2219e610d9305606bc556e73
Ubuntu Security Notice USN-1085-1
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1085-1 - Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597, CVE-2010-2598, CVE-2010-2630, CVE-2010-3087, CVE-2011-0191, CVE-2011-0192
SHA-256 | e9397fa6d8f38798a98fbe7c182d72c1e10b037ec8cc64b976aec4405b72f22d
Ubuntu Security Notice USN-1084-1
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1084-1 - It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.

tags | advisory, remote, denial of service, udp
systems | linux, ubuntu
advisories | CVE-2011-1002
SHA-256 | 5e28ae80a5f0802306a3dc8f39007d0a5907c9e14b785263f2fb74042863af1d
Apple iPhone 4 Passphrase Disclosure
Posted Mar 7, 2011
Site tehtri-security.com

Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.

tags | advisory, local
systems | apple, iphone
SHA-256 | 50b3289c4489d4defcfdf5ed6c483a646482853dbb3b0aa3477ed046497aa078
ARP-Scan ARP Generation Tool 1.8
Posted Mar 7, 2011
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: The IEEE OUI and IAB files were updated. Support was added for trailer ARP replies. Support for LLC/SNAP packets with the 802.1Q tag was added. Full help output is no longer displayed for usage errors. Apple Mac OS X Tiger, Leopard, and Snow Leopard are now supported. The license was changed from GPL v2 to v3. A DoS warning was added to the manpage and help output. New arp fingerprints were added. gcc compiler security options were enabled. "make check" tests were added. The Perl scripts were modified to work on systems where the perl executable is not in /usr/bin. Various minor bugfixes and improvements were made.
tags | tool, scanner, protocol
systems | unix
SHA-256 | 3e4d2ddb0634dad07cbe7206349e0eb389e37510883b0735a450adef41df6f26
Softman Admin SQL Injection
Posted Mar 7, 2011
Authored by eXeSoul

The Softman administrative login page suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 2adc4559a62e07503ac7d0037415d005922516a9b47eb7a28d0af07eb064001b
Kodak Insite 5.5.2 Cross Site Scripting
Posted Mar 7, 2011
Authored by Dionach

Kodak InSite version 5.5.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c0819714587032a164e7969233a80d6fbf7cbce97b45f31ab343da2456c9b5ab
KingView 6.5.3 SCADA Active-X
Posted Mar 7, 2011
Authored by Carlos Mario Penagos Hollmann

KingView version 6.5.3 SCADA related active-x exploit.

tags | exploit, activex
SHA-256 | b7072d04385985d2e31f54590175039c3d89ee322da0d64430b85a6fd11f7692
Bacula-Web 1.3.x Cross Site Scripting / SQL Injection
Posted Mar 7, 2011
Authored by b0telh0 | Site gotgeek.com.br

Bacula-Web version 1.3.x suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
SHA-256 | 8520e8634856fdeac1d116ce357046e9e71e330d64c10961a630f3b20e4c18cb
Weborf 0.12.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Weborf version 0.12.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a74391cf47717ba11a1fc53abc5379b1100e6c85a4c5af8cdff811aa1a70b41b
Hiawatha WebServer 7.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Hiawatha WebServer version 7.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 80318ee6a80e3cdf8451955911b1bdd5b63a92301b713132026bb94ed35fbc6b
Mutare Software EVM 2.2.9 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 7, 2011
Authored by Travis Lee

Mutare Software EVM version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8d80f08a56b5b4caea85f6d36934daed6d1d131fbca14f5f215277f84e092267
SMTP Verification Tool
Posted Mar 7, 2011
Authored by Confirm

This script is a simple SMTP verification tool to send mail.

tags | tool
systems | unix
SHA-256 | 29691ca8cb6bda754e176a18b8693468f6a9dbe573a2dd8fc9e839a5211262d0
Secunia Security Advisory 43634
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | fd3b0735a6472ee13c34b1f93007a8db3484aeb041b59d8f457550a3b8327b15
Secunia Security Advisory 43617
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for q. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, fedora
SHA-256 | ba8fc2fbc22ea2c55a288ae95208f467b948aa2682d8c3e621d6ff29dc726269
Secunia Security Advisory 43665
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, fedora
SHA-256 | 23af9489ad68ed35bab4f4a4575dae1d31b8a435b8c1711909f6ba7776944faa
Secunia Security Advisory 43630
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in InterPhoto Gallery, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 55f5d98ffcaf62459337839131e3e72cffcb7d733508dc53a1c4c60698e1f69d
Secunia Security Advisory 43645
Posted Mar 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two security issues have been reported in GNU TeXmacs, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | c4b0a0a1a355d197b3ca8472639b7f6d259ee778ce74a4d969788df6873e739f
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close