what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 60 RSS Feed

Files Date: 2011-04-12

CVE Checker 3.0
Posted Apr 12, 2011
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: MySQL is now supported. Watchlists have been added.
tags | vulnerability
systems | unix
SHA-256 | f23e5fc08f41cbc184e4b817960bba907308330aa9d1192f6a4b26468a43b2e2
Zero Day Initiative Advisory 11-125
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles an exception within the PersistDirectoryEntry records when loading a presentation. When an entry points to a container containing a Slide with a malformed record, the application will raise an exception during the loading of the record. Afterward the application will use a method off of this malformed object which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-0656
SHA-256 | c675ac0a0ed21cddb7f11c88635d0916ea7b87d329473783ea919aa6c9d99d38
Linux Exploit Development Part 2 Rev 2
Posted Apr 12, 2011
Authored by sickness

Whitepaper called Linux Exploit Development Part 2 (rev 2) - Real app demo. It demonstrates the techniques discussed in part two of the Linux Exploit Writing Tutorial Part 2.

tags | paper
systems | linux
SHA-256 | 9d8d715b6f316e9f63f14b859b152b87374e7b5a3a88cdeb44ec2675b622e5eb
Linux Exploit Writing Tutorial Part 3
Posted Apr 12, 2011
Authored by sickness

This whitepaper is the Linux Exploit Writing Tutorial Part 3 - ret2libc.

tags | paper
systems | linux
SHA-256 | 0c997f453113bbffd85c2e423fdd85827bfcc2d611e79f025ec56ad4c662c590
TOTVS ERP Microsiga Protheus 8 / 10 Memory Corruption
Posted Apr 12, 2011
Authored by Flavio do Carmo Junior | Site dclabs.com.br

TOTVS ERP Microsiga Protheus versions 8 and 10 suffer from a memory corruption vulnerability.

tags | advisory
SHA-256 | 739a661c75187b5dd4aab7954bc6aea885dd11f0eab20558c31c7a978dd933c3
Zero Day Initiative Advisory 11-124
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-124 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a record associated with animation. If a container holds a specific record type, the application will explicitly trust a length used in this record to calculate a pointer for copying floating point numbers to. This can be used to write outside of an allocated buffer and will lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-0655
SHA-256 | 83d55ae2e4a498793c9e18ef21973219314234331897aeea0c098cdf7ee1785f
Microsoft HTML Help 6.1 Stack Overflow
Posted Apr 12, 2011
Authored by Luigi Auriemma | Site aluigi.org

Microsoft HTML Help versions 6.1 and below suffer from a stack overflow vulnerability in itss.dll. Proof of concept code is included.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 63d7b93fe2cec5016dfe9a4e1e8b07fef4a558529c5ee4aa1f0072cac167cf59
Zero Day Initiative Advisory 11-123
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-123 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ppcore.dll module responsible for parsing PowerPoint (ppt) files. When parsing a malformed TimeCommandBehaviorContainer structure the process raises an exception that causes an object in memory to be freed prior to being fully parsed. Due to the lack of a check that this object has been freed, a later function references an invalid pointer element. This can be leveraged by a remote attacker to execute arbitrary code under the context of the user running PowerPoint.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0655
SHA-256 | 7c11c914a9d34b0bdfe1d4d20b357e531be0e89cec00a39507925268e6a9107f
Zero Day Initiative Advisory 11-122
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.

tags | advisory, remote, arbitrary
advisories | CVE-2011-1426
SHA-256 | ef0e590f5ed55afb4488de6c059e0efc7656db4b350484db2cc628e6e22ba8d5
Technical Cyber Security Alert 2011-102A
Posted Apr 12, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-102A - There are multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Visual Studio. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | 31a318d171ab44242a04f6f1c854874f6d08e4ffef60c0aafd91dcc8a6107f9f
Zero Day Initiative Advisory 11-121
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-121 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation. Due to the usage of the uninitialized value, with proper control of the program flow an attacker can force a length of their own choosing for the memcpy operation. This will cause a buffer overflow and can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-0105
SHA-256 | e7075028f6c8b34e4ab3e2973d2245738f8bb01d12782f2a48bff9b853eb4bda
Live Wire 2.0 For WordPress Cross Site Scripting / Denial Of Service
Posted Apr 12, 2011
Authored by MustLive

Live Wire version 2.0 and Live Wire Style version 2.3.1 for WordPress suffer from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 6036c8bc92a2a04185f7c68f4ee3d47497d6af674e96b75dbdb59c3327494067
Mandriva Linux Security Advisory 2011-074
Posted Apr 12, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-074 - It was discovered that the QT packages were affected by the fraudulent certificates problem as well, the same issue as with firefox.

tags | advisory
systems | linux, mandriva
SHA-256 | d17980ab34a916e30274e28223adcfa30182bbf4377c6bf6edf89fbeb3e38d21
Zero Day Initiative Advisory 11-120
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-120 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the methods used for RealTimeData Record Parsing. When handling a stTopic field has a bit set specifying double byte characters in the following field the value of a global pointer is improperly calculated. This pointer is later used in a memcpy operation whose source is user supplied data. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0101
SHA-256 | 4e82fe1a7e573ec69aca8fb081d13147eb8a999bd96c9fc626b5431ce16dae9e
Zero Day Initiative Advisory 11-119
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-119 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles onPropertyChange function calls. When the onPropertyChange event handler is set to an object's attribute collection, it fails to keep an accurate reference counter to the event object. The effect of this can be that the program frees the event object while there are still references to it. This can result in remote code execution under the content of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1345
SHA-256 | e67a52de6ec025ab20d910a5f2a4e8186c54e64c29dd8f3dec7e8bbbdd244224
WebsiteBaker 2.8.1 Path Disclosure / SQL Injection
Posted Apr 12, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WebsiteBaker version 2.8.1 suffers from path disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 46c008e9effe213e0102a1db792b1c48c5ac55ac19956fb3f10ace06cfb68858
HP Security Bulletin HPSBPI02656 SSRT090262
Posted Apr 12, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02656 SSRT090262 - Potential security vulnerabilities have been identified with certain HP Photosmart printers. These vulnerabilities could be exploited remotely for cross site scripting (XSS) or to gain unauthorized access to data or printer configuration information. Revision 1 of this advisory.

tags | advisory, vulnerability, xss
advisories | CVE-2011-1531, CVE-2011-1532, CVE-2011-1533
SHA-256 | 7d5eec351fbb429fcd4c9082b4e1d6a803040e5bc99eff399168e781df86310a
Plogger 1.0 RC1 Cross Site Scripting / Path Disclosure
Posted Apr 12, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Plogger version 1.0 RC1 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 287eaef057d48105634eae53370c85aa6381ff414b134b158e8b2fc7c56e1608
BugCON 2011 Call For Papers
Posted Apr 12, 2011
Site bugcon.org

The BugCON 2011 call for papers has been announced. BugCON will take place from October 5th through the 7th, 2011 in Mexico City.

tags | paper, conference
SHA-256 | 757016b4c32e67636972ea58d26c5acb4cb0b0dd3c15589785989eb6c88d769f
WebCalendar 1.2.3 Cross Site Scripting
Posted Apr 12, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WebCalendar version 1.2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cc50f45d26914d1e5e5db8ac0c00866e08c0a6f927f67fe2c6ece1fb11f66ac2
Webjaxe 1.02 Cross Site Request Forgery
Posted Apr 12, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Webjaxe version 1.02 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | e2e110ace28fa6857b55e68d8a950c831e068d65df2e05977534e9f8a7030984
Konqueror 4.4.x / 4.5.x / 4.6.x HTML Injection
Posted Apr 12, 2011
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20110321) - Konqueror versions 4.4.x, 4.5.x, and 4.6.x suffer from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2011-1168
SHA-256 | 14701c32ce4712f4d97a1de84cde5b129f9c273f5594ab66798fa5bbe15018db
Joomla Virtuemart Featureprod Remote File Inclusion
Posted Apr 12, 2011
Authored by KedAns-Dz

The Joomla Virtuemart Featureprod module suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ccf199f924614ce7472fe8357a34eb330f1752829bfc322c56c26270a9e25ca2
Joomla Virtuemart Latestprod Remote File Inclusion
Posted Apr 12, 2011
Authored by KedAns-Dz

The Joomla Virtuemart Latestprod module suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 1ca3411efd084cc65809180a7acfa4077dc11aff1d125398b80f901c0ea4668c
Debian Security Advisory 2218-1
Posted Apr 12, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2218-1 - Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player.

tags | advisory, overflow, arbitrary
systems | linux, debian
SHA-256 | c8adbc06f6e2fd87eb7ffec3f0699e8fd5b855245664ee31d7e93046210c0e47
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close