exploit the possibilities
Showing 1 - 25 of 63 RSS Feed

Files Date: 2011-03-18

Zero Day Initiative Advisory 11-106
Posted Mar 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability. The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE command the application copies user supplied data to a fixed length stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the super user.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4228
MD5 | eb51a32fdbb2ccd0e74f2e33c42195cf
Zero Day Initiative Advisory 11-105
Posted Mar 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remote execute request the process does not properly authenticate the user issuing the request. Utilities are stored in the 'secure' path which enable an attacker to re-execute an arbitrary executable. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-0889
MD5 | bbfd198159eaadfbe7d8b730fed25f08
Ubuntu Security Notice USN-1090-1
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1090-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175
MD5 | 401f086f84ef1e6371dcfeb1a7aa20f6
Ubuntu Security Notice USN-1089-1
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1089-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4175, CVE-2010-4242
MD5 | 875e93d219ec0fb6720fa5c9e4fb474e
Mandriva Linux Security Advisory 2011-048
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-048 - The MIT Kerberos 5 Key Distribution Center daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication capability is enabled, resulting in daemon crash or arbitrary code execution. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2011-0284
MD5 | 8533254b516fd4c00825a7e39f1441f5
Mandriva Linux Security Advisory 2011-047
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-047 - Integer overflow in the mod_sftp module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service via a malformed SSH message. Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-1137
MD5 | 6622a71f83b464af1716ec1090fc19aa
Windows 7/2008 Event Log Forensic And Reversing Analysis
Posted Mar 18, 2011
Authored by ar1vr

Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis.

tags | paper
systems | windows, 7
MD5 | 3674019074b68ec149e014050a342204
GNU SIP Witch Telephony Server 0.10.2
Posted Mar 18, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: cmake build was introduced. A new desktop permissions mode was added for integration between sipwitch service running as a privileged daemon and the user desktop. The utilities were reorganized and simplified.
tags | telephony
systems | unix
MD5 | 7e1f80a5f8ae7634d2d8069611601742
AdSuck DNS Server 2.2
Posted Mar 18, 2011
Authored by Marco Peereboom | Site peereboom.us

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: This release fixes the documentation and provides more examples.
tags | tool, local, spoof
systems | linux, unix
MD5 | b2352b864679508f4ada3f82a3bf91ed
XOOPS 2.5.0 Cross Site Scripting
Posted Mar 18, 2011
Authored by Aung Khant | Site yehg.net

XOOPS versions 2.5.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2fb135259a2b2b7d93b9a5603b7b4596
ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution
Posted Mar 18, 2011
Authored by baltazar, Todor Donev

ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit. This is a secondary version of the original and is written in Python.

tags | exploit, remote, web, root, python
MD5 | 14d8573b3ff5757cbdebdd687dfd1002
Debian Security Advisory 2186-2
Posted Mar 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2186-2 - The security update DSA-2186 issued for Iceweasel caused a regression in Vimperator, an Iceweasel extension to make it have vim look and feel. vimperator in stable has been updated to 2.3.1-0+squeeze1 to restore compatibility. Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059
MD5 | 1fb44aaa99cba7aabc32cba6243adc58
POP Peeper 3.7 SEH Overflow
Posted Mar 18, 2011
Authored by Anastasios Monachos

POP Peeper version 3.7 SEH overflow exploit that spawns calc.exe.

tags | exploit, overflow
MD5 | 540bab0a9c15912574e8c2d893b9c193
Fake Webcam 6.1 Crash Proof Of Concept
Posted Mar 18, 2011
Authored by Anastasios Monachos

Fake Webcam version 6.1 local crash proof of concept exploit that creates a malicious .wmv file.

tags | exploit, denial of service, local, proof of concept
MD5 | 430967845230da355138662f15d540ea
Joomla Book Library SQL Injection
Posted Mar 18, 2011
Authored by Marc Doudiet

The Joomla Book Library component version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8286557e1ef83bce10795fe0a17747f3
Shape Web Solutions CMS SQL Injection
Posted Mar 18, 2011
Authored by Ashiyane Digital Security Team

Shape Web Solutions suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | f4ab09f74e1c21f1f74f38b410b0087f
SpoonFTP 1.2 Denial Of Service
Posted Mar 18, 2011
Authored by C4SS!0 G0M3S

SpoonFTP version 1.2 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 50eebe64bb2ff22dd289aae383d06866
Ftpdmin 1.0 Denial Of Service
Posted Mar 18, 2011
Authored by C4SS!0 G0M3S

Ftpdmin version 1.0 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 1f73ab4541f106992610328c672762a3
Recaptcha WordPress Plugin Cross Site Scripting
Posted Mar 18, 2011
Authored by Rodrigo Rubira Branco

The Recaptcha WordPress plugin suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2011-0759
MD5 | 64afbd44aae207b7dcbb435d274eddda
Related Posts WordPress Plugin Cross Site Scripting
Posted Mar 18, 2011
Authored by Rodrigo Rubira Branco

The Related Posts WordPress plugin suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2011-0760
MD5 | a2e8e7c14afdc649c659a26bb9976c0c
BlackBerry Owner Warning
Posted Mar 18, 2011
Authored by Laurent Oudot | Site tehtri-security.com

This short advisory dictates how you can do a quick security check of your BlackBerry to see if you are vulnerable against various security issues.

tags | advisory
advisories | CVE-2010-2599, CVE-2011-1290
MD5 | 3060163a68fd2b82c975c08aaa45eb33
Debian Security Advisory 2194-1
Posted Mar 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2194-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service (crash) or possibly escalate privileges.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2011-1146
MD5 | 6a0b13c855fe227d73c713eba2900fb7
Ubuntu Security Notice USN-1079-3
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-3 - USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
MD5 | 7fe5b4348e900358dbdced47d919377f
W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion
Posted Mar 18, 2011
Authored by MustLive

W-Agora versions 4.2.1 and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 8e7872a731d516f3acac8463a333680e
Mandriva Linux Security Advisory 2011-046
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-046 - A security flaw was discovered in pure-ftpd which allows plaintext command injection over TLS.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0411
MD5 | 7480266a083c53c50671070406db0c3e
Page 1 of 3
Back123Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close