what you don't know can hurt you
Showing 1 - 25 of 34 RSS Feed

Files Date: 2011-04-29

Ubuntu Security Notice USN-1126-1
Posted Apr 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1126-1 - Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file. Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Various other issues with PHP 5 were also identified and resolved.

tags | advisory, denial of service, overflow, arbitrary, local, php
systems | linux, ubuntu
advisories | CVE-2011-1144, CVE-2006-7243, CVE-2010-4697, CVE-2010-4698, CVE-2011-0420, CVE-2011-0421, CVE-2011-0441, CVE-2011-0708, CVE-2011-1072, CVE-2011-1092, CVE-2011-1144, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
SHA-256 | 0d1f20dac678d851bff44d385515866f5fb9db107a028a3a3bb2ee850d32fc53
Zero Day Initiative Advisory 11-153
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-153 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the database service, ibserver.exe, which binds to TCP port 3050. When a specially crafted "connect" (opcode 0x01) message is sent a stack-based buffer overflow can occur. If properly exploited this can lead to remote compromise of the system with SYSTEM credentials.

tags | advisory, remote, overflow, arbitrary, tcp, vulnerability
SHA-256 | 6998af38db39a41c7fb4bfb3c7941487043533cc3ecff125324c154c472a424e
Zero Day Initiative Advisory 11-152
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-1736
SHA-256 | 2514d40e784d9e3504ea151179d5fc7573ad319a0d55d5878f2ec662b6ced711
Mac OS X / Intel Reverse TCP Shell Shellcode
Posted Apr 29, 2011
Authored by Jacob Hammack

131 bytes small Mac OS X / Intel reverse TCP shell shellcode for x86_64.

tags | shell, tcp, shellcode
systems | apple, osx
SHA-256 | 5bbb1086a1d5f4b19b20f5dc928fa031945f9bd33b9ca2d304044ad49918ddcc
Microsoft Office Excel Buffer Overflow
Posted Apr 29, 2011
Authored by webDEViL

Microsoft Office Excel Axis properties record parsing buffer overflow proof of concept exploit that leverages the issue discussed in MS11-021.

tags | exploit, overflow, proof of concept
advisories | CVE-2011-0978
SHA-256 | e2b8a20317fcb2c65a108738183b164cb42f48896b69cc8d703724161298a74a
SOOP Portal Raven 1.0b SQL Injection
Posted Apr 29, 2011
Authored by Evil-Thinker

SOOP Portal Raven version 1.0b suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 705187530713b62e4422e4a4b7cc4b3e15ab53f6245be6f4069d6c04b129a08d
Zero Day Initiative Advisory 11-151
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed bm message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1735
SHA-256 | 6d31a098164340ae2f97a5602f4d924769cb97e286999b4cd725cb195a75bc0e
Zero Day Initiative Advisory 11-150
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed omniiaputil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1734
SHA-256 | 5cae608b4f061f0bdeac095e6b52bf8be9df614690be9309a49f69f71b8cbdf3
Zero Day Initiative Advisory 11-149
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed HPFGConfig message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1733
SHA-256 | 17b36d9a153ba25eb0f48fa2727ebd386363cc4c2c096bf2e33a91233b975eae
Zero Day Initiative Advisory 11-148
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed stutil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1732
SHA-256 | 14ad6b33b2133aa33a41f1b429593d7a750571285a3866cfc02b76ba1486de4f
Joomla 1.6.0 SQL Injection / PHP Execution
Posted Apr 29, 2011
Authored by James Bercegay | Site metasploit.com

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2011-1151
SHA-256 | 28c21a2ec7d950cbd9d0976d7cd73119b9bed67f6d2b34e15cc02ba5fdbc2d93
RSA Data Loss Prevention Cross Site Scripting
Posted Apr 29, 2011
Site emc.com

A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.

tags | advisory, xss
advisories | CVE-2011-1423
SHA-256 | 38cd844b80979478bd8aa20e4c0f59b355da0733e4ab4803455be0aa2f29a4f0
HP Security Bulletin HPSBMA02668 SSRT100474
Posted Apr 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02668 SSRT100474 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735, CVE-2011-1736
SHA-256 | 9c6b87ea5a51d78a49db66ccdad31b9b08c6d84e9f30b33bad4401cde966ee15
Zero Day Initiative Advisory 11-147
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1731
SHA-256 | f659da60986105d1ea92fed5ce5fbcb2bdd152491092cabd7115a457e3ac66df
Zero Day Initiative Advisory 11-146
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_SCRIPT message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1730
SHA-256 | 2a4c0b62ef746b84a16567288fb88b57249195bc7c85abb96758824c31b89e12
Zero Day Initiative Advisory 11-145
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed GET_FILE message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1729
SHA-256 | fd833be83b009804f062058c2b0dd9fb78f7a2fc22faa3a3a6071d050d5dd951
Zero Day Initiative Advisory 11-144
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_BAR message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1728
SHA-256 | 6bee93a2fbb29c75cb6a138aa635508bdafbcda530ba4894b6930385c8a568e2
Secunia Security Advisory 44365
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | bfe06d6b1b784c1c4bdfb25a05e8298f5ac717f5c05d83692ad45d3a1a061e3f
Secunia Security Advisory 44396
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alberto Ortega has discovered a vulnerability in eyeOS, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 3197bde0e8770671d93e6ab53acd785c3b4358072758d90a538ac11024fdf75e
Secunia Security Advisory 43474
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in Data Dynamics ActiveBar ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 49ba6957afe21a48b8b773ed89ac05afe62bf9844ca0f293ebbdf00c06782188
Secunia Security Advisory 44364
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in udisks, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
SHA-256 | 3c4c6054194ae6803a247de08f590bb13fe4c5f825401029a463f6dc50e79f2d
John The Ripper 1.7.7
Posted Apr 29, 2011
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: The jumbo patch has been rebased to 1.7.7. Detection of ambiguous hash encodings has been implemented. Support for larger hash tables has been added for many hash types (most notably, NTLM). The "Apache MD5" "format" has been dropped (implemented in 1.7.7 proper). The --salt-list option has been dropped. Assorted other bugfixes, enhancements, and changes have been made.
tags | cracker
systems | windows, unix, beos
SHA-256 | 0ea29fd7742bc189c46e8e52b5d32d2d9538408e6d54f8917faa308ba7954273
phpGraphy 0.9.13b Cross Site Request Forgery / Cross Site Scripting
Posted Apr 29, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

phpGraphy version 0.9.13b suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | fbdabfd29694fefa57ed099cd4597225a08e5e9e1707ccfbdac1e7569375e383
Hashdays 2011 Call For Papers
Posted Apr 29, 2011
Site hashdays.ch

Hashdays 2011 Call For Papers - Hashdays is an international security technology and research conference which is preceded by several 2-day workshops delivering IT security training. The event features many international IT security experts sharing their deep technical knowledge in an open environment and takes place October 26th to 29th, 2011 in Lucerne.

tags | paper, conference
SHA-256 | dcb002a3790a01090c44124755acb47e7a195e9cf8936a1a469eb0ca1c7e7605
PACK (Password Analysis and Cracking Kit) 0.0.2
Posted Apr 29, 2011
Authored by Peter Kacherginsky

PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.

tags | cracker
SHA-256 | ff93ff3bc2e213ba87c967ebf9806f960ae887519d602d85fa66e3386b058dae
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close