what you don't know can hurt you
Showing 1 - 25 of 47 RSS Feed

Files Date: 2011-04-15

IPv6 Sniffer Detection
Posted Apr 15, 2011
Authored by van Hauser

IPv6 appears to suffer from a sniffer detection issue using an ICMP echo request packet with a multicast MAC address.

tags | advisory
advisories | CVE-2010-4562, CVE-2010-4563
MD5 | a5af5738e4697b7b5eb009d3124cc684
ClubHACK Magazine Issue 15
Posted Apr 15, 2011
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 15 - Topics covered include Mozilla Firefox Internals and Attack Strategies, FireCAT, Being Invisible on the Internet, and more.

tags | magazine
MD5 | bf4c1a63015b3440658ae47408ac574e
AdSuck DNS Server 2.3
Posted Apr 15, 2011
Authored by Marco Peereboom | Site peereboom.us

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: This release fixes a buffer underflow that could result in a crash. It adds SOA when replying NXDOMAIN. It has an Additional section when spoofing to an IP address. The dhclient script has been fixed. Updated hosts files from various sources.
tags | tool, local, spoof
systems | linux, unix
MD5 | 3ddc11598ab7e397a5555cf659e64a09
SQL-Ledger 2.8.33 Local File Inclusion
Posted Apr 15, 2011
Authored by bitform

SQL-Ledger versions 2.8.33 and below suffer from a post-authentication local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 27621117a63033bc2548bb6d53138bf3
SimplyPlay Buffer Overflow
Posted Apr 15, 2011
Authored by C4SS!0 G0M3S

SimplyPlay revision 66 buffer overflow exploit that creates a malicious .pls file.

tags | exploit, overflow
MD5 | f97ff6c2b672c85fcdf45ce7ebfe5d17
Apple Safari Text Nodes Remote Use-After-Free
Posted Apr 15, 2011
Authored by Matthieu Bonetti, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

tags | advisory, remote, web, arbitrary
systems | apple
advisories | CVE-2011-1344
MD5 | bcaee404ddfe2a00e96bc624a5b9b3c9
Microsoft Windows OpenType CFF Driver Stack Overflow
Posted Apr 15, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.

tags | advisory, remote, overflow, arbitrary, local
systems | windows, xp, vista, 7
advisories | CVE-2011-0034
MD5 | 92cd55b8fe079cfffb6a7e5cdceb2fb1
Microsoft Office Excel Real Time Data Stack Overwrite
Posted Apr 15, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h), which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted Excel document.

tags | advisory
advisories | CVE-2011-0105
MD5 | 8a9b10b8c6126389ccb131f8132e76a3
TextAds 2.08 Cross Site Scripting
Posted Apr 15, 2011
Authored by Ashiyane Digital Security Team

TextAds version 2.08 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 692886526a8d9535615e1472f18216c0
Microsoft Internet Explorer Property Change Memory Corruption
Posted Apr 15, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.

tags | advisory, remote, web
advisories | CVE-2011-1345
MD5 | ff92adef9bd0b9b7640d2af16dbbfcd4
Microsoft Internet Explorer Layouts Use-After-Free
Posted Apr 15, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.

tags | advisory, remote, web
advisories | CVE-2011-0094
MD5 | e006c5a3ce099a8887f3a86c218bf841
Collaborative Passwords Manager (cPassMan) 1.82 Arbitrary File Download
Posted Apr 15, 2011
Authored by Kaan Kivilcim | Site senseofsecurity.com.au

Collaborative Passwords Manager (cPassMan) version 1.82 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | e37ec7afb2db439ef37433f1c15ac81e
Agahi Advertisement CMS SQL Injection
Posted Apr 15, 2011
Authored by Sepehr Security Team

Agahi Advertisement CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 70e018a1509b50834da0a41d6803b420
Zero Day Initiative Advisory 11-104
Posted Apr 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebKit library's implementation of a CSS style. When totaling the length of it's string elements, the library will store the result into a 32bit integer. This value will be used for an allocation and then later will be used to initialize the allocated buffer. Due to the number of elements being totaled being variable, this will allow an aggressor to provide as many elements as necessary in order to cause the integer value to wrap causing an under-allocation. Initialization of this data will then cause a heap-based buffer overflow. This can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-1290
MD5 | d8bc698025624ec72087277301953367
Zero Day Initiative Advisory 11-135
Posted Apr 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a 'removeChild' call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1344
MD5 | 467eb4a99ea411dd86f17a7f3fef7409
Mimbo Pro 2.3.1 Cross Site Scripting
Posted Apr 15, 2011
Authored by MustLive

Mimbo Pro versions 2.3.1 and below suffer from cross site scripting, denial of service, path disclosure, and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | 759bcd2b766cb31b6ef4534a7e911af6
Ubuntu Security Notice USN-1110-1
Posted Apr 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1110-1 - It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could exploit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-1094, CVE-2011-1168
MD5 | 33933c7b64bd8e2faf95e0397001403d
SaurusCMS 4.7.1 Remote File Inclusion
Posted Apr 15, 2011
Authored by KedAns-Dz

SaurusCMS versions 4.7.1 and below suffer from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 1ea6a03ddcc99a90d5ea68d2da8f4b35
RunCMS Partners Module SQL Injection
Posted Apr 15, 2011
Authored by KedAns-Dz

The Partners module in RunCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 26232f44bac80720462ea33b058af843
PhoenixCMS 1.7.0 SQL Injection
Posted Apr 15, 2011
Authored by KedAns-Dz

PhoenixCMS versions 1.7.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2007a7d178164586aa88508a797e465c
PhoenixCMS 1.7.0 Local File Inclusion
Posted Apr 15, 2011
Authored by KedAns-Dz

PhoenixCMS versions 1.7.0 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 9583c978ca5d913300a70138bbcf7164
Istgah CMS Cross Site Scripting / SQL Injection
Posted Apr 15, 2011
Authored by Ashiyane Digital Security Team

Istgah CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 316beead7075da05de075655ec7f9252
Secunia Security Advisory 44159
Posted Apr 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Messenger, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | windows
MD5 | d2e5f3e43b91b09b982290f4c9c25eb9
Secunia Security Advisory 39122
Posted Apr 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | bb9d94fae466f189b428b7e69bbb8b56
Secunia Security Advisory 39903
Posted Apr 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 224d7e23f659751eb242629758456b97
Page 1 of 2
Back12Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close