what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2011-10-04

Ubuntu Security Notice USN-1226-2
Posted Oct 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1226-2 - Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1678, CVE-2011-2724
MD5 | 7c0ac19cfa14571314dadee567959060
Ubuntu Security Notice USN-1226-1
Posted Oct 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1226-1 - Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1678, CVE-2011-2724, CVE-2011-3585
MD5 | 08ee2079bd791465caba06ce4ad47511
Bypassing IDS With Return Oriented Programming
Posted Oct 4, 2011
Authored by Jonathan Salwan

Whitepaper called Bypassing IDS with Return Oriented Programming. It heavily discusses and shows the point of leveraging polymorphic shellcode in order to bypass detection.

tags | paper, shellcode
MD5 | 28f53d8ad007672928e4dc56784e256d
ExploitPack Security Framework
Posted Oct 4, 2011
Authored by Juan Sacco

Exploit Pack is an open source security framework that combines the benefits of a Java GUI, Python as an Engine, and well-known exploits in the wild. It has an IDE to make the task of developing new exploits easier, instant search, and XML-based modules.

tags | tool, java, python
systems | unix
MD5 | a43f4d847ec2f9b0a92b8c056efdacba
Prosieben Web Services SQL Injection
Posted Oct 4, 2011
Site vulnerability-lab.com

The Prosieben Tvtotal website at tvtotal.prosieben.de suffered from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 55e21f6d5a78fe3d97bdad80287ae280
CanadianISP.ca SQL Injection
Posted Oct 4, 2011
Site vulnerability-lab.com

CanadianISP.ca suffered from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c02e767495420bc10aff07e329395a57
SonicWall NSA 4500 Cross Site Scripting / Session Hijacking
Posted Oct 4, 2011
Authored by Hugo Vazquez Carames | Site pentest.es

The SonicWall NSA 4500 suffers from cross site scripting and session id hijacking vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ca9d2e34a9426ac2a84c63da0a9662d4
Google Chrome PDF File Handling Memory Corruption
Posted Oct 4, 2011
Authored by Mario Gomes

Google Chrome versions prior to 14.0.835.163 suffer from a PDF file handling memory corruption vulnerability. Full advisory and proof of concept pdf and code included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2011-2841
MD5 | c15ae3350d48b65817b382ea2653957c
vTiger CRM 5.2.1 Cross Site Scripting
Posted Oct 4, 2011
Authored by Aung Khant | Site yehg.net

vTiger CRM versions 5.2.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b70b0448ef88c697d545003f71ed8cc3
GotoCode Online Bookstore Privilege Escalation / Database Disclosure
Posted Oct 4, 2011
Authored by Nathaniel Carew

GotoCode Online Bookstore suffers from remote privilege escalation and database disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
MD5 | 47552a5c5ac8655c57110cd5106862e8
CF Image Hosting Script 1.3.82 File Disclosure
Posted Oct 4, 2011
Authored by bd0rk

CF Image Hosting Script version 1.3.82 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 4eb5cd013d50481ca5b4fe426f7c5d28
Easy Hosting Control Panel Authentication Bypass
Posted Oct 4, 2011
Authored by Jasman

Easy Hosting Control Panel suffers from an administrative authentication bypass vulnerability. Versions 0.29.10 through 0.29.13 are affected.

tags | exploit, bypass
MD5 | 1dbfa4a6c3611d6d39b84b46512b665c
Concrete5 5.4.2.1 Cross Site Scripting / SQL Injection
Posted Oct 4, 2011
Authored by Ryan Dewhurst

Concrete5 versions 5.4.2.1 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | d3d9b37d294c4e408fe6d66bb3403841
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Posted Oct 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.

tags | exploit, arbitrary, sql injection
advisories | CVE-2011-1653, OSVDB-74968
MD5 | 6a356255e93f9eb4c38b4f05b060dede
Ubuntu Security Notice USN-1225-1
Posted Oct 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1225-1 - Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2011-1776, CVE-2011-2213, CVE-2011-2497, CVE-2011-2699, CVE-2011-2928, CVE-2011-3191
MD5 | acb95aef3b6381d82c427d9a5779e6ea
GenStat 14.1.0.5943 Array / Heap Overflows
Posted Oct 4, 2011
Authored by Luigi Auriemma | Site aluigi.altervista.org

GenStat versions 14.1.0.5943 and below suffer from an array overflow with write2 and a heap overflow. Proof of concept code included.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | 7035146a73dc406ba921ccb610e5b139
Cytel Studio: StatXact / LogXact / CrossOver 9.0.0 Overflows
Posted Oct 4, 2011
Authored by Luigi Auriemma | Site aluigi.altervista.org

Cytel Studio: StatXact / LogXact / CrossOver versions 9.0.0 and below suffer from multiple stack and integer overflows. Proof of concept code included.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | 5707135ebec0baf7efe8e3b6b85ed840
Secunia Security Advisory 46254
Posted Oct 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in ThinVNC Pro, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | d55cb2fc8c18eb9673d3debbbf15c788
Secunia Security Advisory 46294
Posted Oct 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sitewatch has discovered a vulnerability in the Web Minimalist theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
MD5 | e75ba1d2418a2d444413e6e25d7c60f6
Secunia Security Advisory 46161
Posted Oct 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Sunway pNetPower, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
MD5 | 69e7ec87aad7a21a9e5f56f0eb6c030a
Secunia Security Advisory 46243
Posted Oct 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for puppet. This fixes multiple security issues and a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious users to compromise a vulnerable system.

tags | advisory, local
systems | linux, debian
MD5 | 1790765ae4d023720e28413ad0550e45
Secunia Security Advisory 46157
Posted Oct 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in KDE, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 6a87b863cc2068ddd16888a525342897
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close