what you don't know can hurt you
Showing 1 - 25 of 44 RSS Feed

Files Date: 2011-10-14

PROMOTIC 8.1.3 Directory Traversal / Overflows
Posted Oct 14, 2011
Authored by Luigi Auriemma | Site aluigi.org

PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.

tags | exploit, overflow, activex, proof of concept, file inclusion
systems | linux
MD5 | efe9cdd1ed6f633152785788df750146
Ubuntu Security Notice USN-1230-1
Posted Oct 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1230-1 - Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.

tags | advisory
systems | linux, ubuntu
MD5 | 8d2225166f261a7bac7783a0f4dd1668
Xenon SQL Injection
Posted Oct 14, 2011
Authored by m3rciL3Ss

Sites designed by Xenon suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | b50176620c96c49b095f2ac732ddad8f
PcVue 10.0 Function Pointer Overwrite
Posted Oct 14, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.

tags | exploit, arbitrary
MD5 | f6b70eb735e3f3aab8779a7d7fc7ff6b
Mozilla Firefox Array.reduceRight() Integer Overflow
Posted Oct 14, 2011
Authored by Chris Rohlf, Matteo Memelli, sinn3r, dookie2000ca, Yan Ivnitskiy | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2371
MD5 | 8f671993e315b396062e0dd7604ee0b8
Gentoo Linux Security Advisory 201110-11
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-11 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 10.3.183.10 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0579, CVE-2011-0589, CVE-2011-0607, CVE-2011-0608, CVE-2011-0609, CVE-2011-0611, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627, CVE-2011-0628
MD5 | 0eae469aca533572413e5eabb6fd4a05
Gentoo Linux Security Advisory 201110-10
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-10 - Insecure usage of server provided filenames may allow the creation or overwriting of local files when using wget. Versions less than 1.12-r2 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2010-2252
MD5 | 8e60f77493cc643045511a741cb0eebb
Gentoo Linux Security Advisory 201110-09
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-9 - A privilege escalation vulnerability was found in Conky. Versions less than 1.8.1-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2011-3616
MD5 | 4061ac2ce5a230685a9aeeb85b344e46
Secunia Security Advisory 46366
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
MD5 | b60c55731c745d03b7f258bcb118d344
Gentoo Linux Security Advisory 201110-08
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-8 - Multiple vulnerabilities were found in feh, the worst of which leading to remote passive code execution. Versions less than 1.12 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2010-2246, CVE-2011-0702, CVE-2011-1031
MD5 | 11f1a9331cc0d5cb0b69174aa7731cf8
WordPress Contact Form 2.7.5 SQL Injection / Patch
Posted Oct 14, 2011
Authored by Skraps

WordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.

tags | exploit, remote, sql injection
MD5 | 45618e3593eb3c3739b9db1eeab3c557
Red Hat Security Advisory 2011-1371-01
Posted Oct 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1371-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-1091, CVE-2011-3594
MD5 | ec40d34f7f644e11a184e79cb007fa6e
MS11-077 .FON Kernel-Mode Buffer Overrun
Posted Oct 14, 2011
Authored by Byoungyoung Lee

Microsoft .fon extension kernel-mode buffer overrun proof of concept exploit and write-up.

tags | exploit, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2011-2003
MD5 | 85aa828467209547b6d22d3cd4fb7cd6
Secunia Security Advisory 46388
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | 391ec4118c7d9249534176f5b39f1655
Secunia Security Advisory 46384
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | 152a0862e5ccd3818f9053b55d795e0c
Secunia Security Advisory 46441
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the eTree component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 85e85ffe4309c7f06dfa44ef5de0223f
Secunia Security Advisory 46356
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for feh. This fixes a weakness and a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a user's system.

tags | advisory, local
systems | linux, gentoo
MD5 | ae6cfdd6643a72e101fa28a5eb8b7d33
Secunia Security Advisory 46446
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in EC-CUBE, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 3a71befa84cf308a6f91c35c2587a10e
iDefense Security Advisory 10.12.11 - OfficeImport
Posted Oct 14, 2011
Authored by iDefense Labs, Tobias Klein | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, apple
advisories | CVE-2011-3260
MD5 | 5be9a2a7bd6b00e01076afcf5ce05ab9
iDefense Security Advisory 10.12.11 - MobileSafari
Posted Oct 14, 2011
Authored by iDefense Labs, Christian Matthies | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a cross site scripting vulnerability in Apple Inc.'s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, xss
systems | cisco, apple
advisories | CVE-2011-3426
MD5 | dcc98fe86d9a735efa80eeee8e14429d
Red Hat Security Advisory 2011-1369-01
Posted Oct 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1369-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
MD5 | 314dd46bea44a86e987b8cd90e0c409e
Almzn Cross Site Scripting / SQL Injection
Posted Oct 14, 2011
Authored by indoushka

Almzn suffers from cross site scripting, SQL injection, and add administrator vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | 2ca72dcc695bf4372a8ffdcaae911478
Technical Cyber Security Alert 2011-286A
Posted Oct 14, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
MD5 | b5bdf40039c7df992471394cef3fb9ec
Joomla Directory Tree SQL Injection
Posted Oct 14, 2011
Authored by Sid3 effects

The Joomla Directory Tree component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d3e8becb69ba6e07c8c05aadebdfcaf1
Ubuntu Security Notice USN-1229-1
Posted Oct 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1229-1 - It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2011-2483
MD5 | f14210cdf34645b933ff2636e8d74269
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close