what you don't know can hurt you
Showing 1 - 25 of 50 RSS Feed

Files Date: 2011-06-16

Ubuntu Security Notice USN-1153-1
Posted Jun 16, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1153-1 - Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1944
MD5 | a3dbee21ab3ca8b12c99fa688d39abd2
Ubuntu Security Notice USN-1152-1
Posted Jun 16, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1152-1 - It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1486, CVE-2011-2178
MD5 | 86d657488cdd4910856ec07cd4342fe2
Debian Security Advisory 2261-1
Posted Jun 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2261-1 - Joernchen of Phenoelit discovered several vulnerabilities in Redmine, a project management web application.

tags | advisory, web, vulnerability
systems | linux, debian
MD5 | be63e6a6ccac8b7c69c07083edefb507
Catalog Builder Ecommerce Software Blind SQL Injection
Posted Jun 16, 2011
Authored by takeshix

Catalog Builder Ecommerce Software suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 23aa0d72e29e6aad9420bca4b678ff32
German AD-Free Blog SQL Injection
Posted Jun 16, 2011
Authored by Bl4ck.Viper

German AD-Free suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3073434d10b83066fa16ed1c08bb9844
Viper Auto-Rooting Script
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is the Viper auto-rooting script that is written for Linux, SunOS, Mac OS X, and FreeBSD.

tags | tool, root, rootkit
systems | linux, unix, solaris, freebsd, apple, osx
MD5 | 42b9bf4ca63a0ad78770421d06b6104c
Zero Day Initiative Advisory 11-222
Posted Jun 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-222 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the Shockwave 3d Asset.x32 module does not properly check a size value used as the size for a malloc. The given size will wrap, causing a small buffer to be allocated. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2113
MD5 | 30323053f0399d88555304549db89220
Zero Day Initiative Advisory 11-221
Posted Jun 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-221 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the Shockwave 3d Asset.x32 module does not properly check a size value used for a loop counter, which will cause heap memory to be overwritten. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2114
MD5 | f9662167609fc20f190a41d1e5e7bb16
Core Security Technologies Advisory 2010.1021
Posted Jun 16, 2011
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console, by enticing him to visit a malicious web page. Versions 7.0.0.11 and 7.0.0.13 are confirmed vulnerable.

tags | exploit, remote, web, csrf
advisories | CVE-2010-3271
MD5 | c6e94c1666d5f9b7df4619d5fdd8bf28
Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the dirapi.dll does not properly validate substructure elements before using them to manipulate memory. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
MD5 | cab0264450c333db088b472a47d66f6a
Adobe Shockwave Lnam Chunk Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Lnam chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly validate certain fields before using them to calculate sizes used for later memory copy operations. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2116
MD5 | 488346dc18b7bcdd44ac42fd1b658f89
Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse GIF images. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2111
MD5 | d2fd6dac2903d5b58358f9d5f7d70b6c
Boybdream Shop SQL Injection
Posted Jun 16, 2011
Authored by Bl4ck.Viper

Boybdream Shop suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3b36d11b59e0dc6fd5675f57ff416d8b
Zero Day Initiative Advisory 11-220
Posted Jun 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-220 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director (.dir) files. When handling an undocumented substructure, the code within dirapi.dll can be forced to incorrectly calculate a destination pointer if it encounters certain 1-byte opcodes within the .dir file. The assumptions made by the code can allow for malicious values to influence a size parameter that is used to calculate a memory address. This address is then written to with controlled data. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
MD5 | f59d5e71e9d1e63e71af71b371743f80
BeVivid WMS Blind SQL Injection
Posted Jun 16, 2011
Authored by RoAd_KiLlEr

BeVivid WMS suffers from remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | bf763c6137ffcc94d8de3a21022460f7
Free Simple CMS 1.0 Cross Site Scripting / Local File Inclusion
Posted Jun 16, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Free Simple CMS version 1.0 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | cab498294af568136c4c20609828d3f0
Debian Security Advisory 2262-1
Posted Jun 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2262-1 - Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning.

tags | advisory, xss, info disclosure
systems | linux, debian
MD5 | ad0a3f491e2fc085958ffcfe2d2c8a91
Ubuntu Security Notice USN-1151-1
Posted Jun 16, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1151-1 - Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-1523, CVE-2011-2179
MD5 | 7da9fb624d738d33660562981eaf8fa0
Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. When handling certain substructures, the code does not properly ensure arithmetic operations will not exceed expected values. By crafting a file with certain values this can be abused to cause memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2111
MD5 | 4b217726b50071c262dfeb215fdff666
Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Peter Vreugdenhil | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid 'rcs2' tag, the process can be forced to overflow an integer value during an arithmetic operation. The newly calculated value is then used to allocate memory on the heap. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.

tags | advisory, java, remote, overflow, arbitrary
advisories | CVE-2011-0862
MD5 | c65c3f1c8361c8de412f2616816a5bce
Adobe Shockwave iml32.dll CSWV Chunk Byte Array Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse byte arrays. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2111
MD5 | 8550437e636f78c105f8f277ebf5455d
Secunia Security Advisory 44955
Posted Jun 16, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in ClearSCADA, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
MD5 | ac87bfab40b4ad70cbe2140e41a39089
Secunia Security Advisory 44980
Posted Jun 16, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for ConsoleKit. This fixes a weakness, which can be exploited by malicious users to potentially gain escalated privileges.

tags | advisory
systems | linux, suse
MD5 | c624f7c52a196308eac3e466a93698db
Technical Cyber Security Alert 2011-166A
Posted Jun 16, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-166A - Adobe has released Security Bulletin APSB11-16, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. Adobe has released Security Bulletin APSB11-17, which describes multiple vulnerabilities affecting Adobe Shockwave Player. Adobe has released Security Bulletin APSB11-18, which describes multiple vulnerabilities affecting Adobe Flash Player.

tags | advisory, vulnerability
MD5 | d692aa1583bb75961178f62c78dea852
LFI Scanner 3.0
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target.

tags | tool, local, scanner, perl, file inclusion
systems | unix
MD5 | a06d7f5dd9ba30d7884a73d00b0afacf
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    9 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close