Exploit the possiblities
Showing 1 - 25 of 65 RSS Feed

Files Date: 2011-10-17

Red Hat Security Advisory 2011-1378-01
Posted Oct 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1378-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2483
MD5 | d429b9a9e1cdfb63709c0fe03beb0598
Red Hat Security Advisory 2011-1377-01
Posted Oct 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1377-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2483
MD5 | 106d651153f2bfa2304df0d4bf2c234a
Mandriva Linux Security Advisory 2011-155
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-155 - SystemTap 1.4 and earlier, when unprivileged mode is enabled, allows local users to cause a denial of service via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. SystemTap 1.4, when unprivileged mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2011-1769, CVE-2011-1781
MD5 | 8970f759fd1d7725c9783bfef778ffb4
Asterisk Project Security Advisory - AST-2011-012
Posted Oct 17, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - The SIP channel driver allows a remote authenticated user that ability to cause a crash with a malformed request due to an uninitialized variable.

tags | advisory, remote
advisories | CVE-2011-4063
MD5 | e24833b31352bf6b884b1638041d30c1
SAP DIAG Decompress Plugin For Wireshark 0.1b
Posted Oct 17, 2011
Authored by Alexander Anisimov | Site ptresearch.blogspot.com

SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.

tags | protocol, library
MD5 | 52da6327153df820cc84946da2b1cc51
Mandriva Linux Security Advisory 2011-154
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-154 - SystemTap 1.4 and earlier, when unprivileged mode is enabled, allows local users to cause a denial of service via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2011-1769
MD5 | f90fca5c8f8d974f774e3b7163d25612
Mandriva Linux Security Advisory 2011-153
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-153 - The LZW decompressor in the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2896. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, netbsd, freebsd, openbsd, mandriva
advisories | CVE-2011-2895
MD5 | dec74fce09c274fbef2d8deee7b11b65
Mandriva Linux Security Advisory 2011-152
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-152 - An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. The updated packages have been upgraded to the 4.2.4.4 version which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2010-0001
MD5 | 067163f97e93c8fbe77804a1877426b1
DAEMON Tools IOCTL Denial Of Service
Posted Oct 17, 2011
Authored by Satoshi TANDA

DAEMON Tools IOCTL suffers from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2011-3987
MD5 | ac918f03dc5796314daaaf6e65f5f21b
Tap In Solutions Blind SQL Injection
Posted Oct 17, 2011
Authored by poach3r

Tap In Solutions suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 337b777ba1be310a66861f08590e8b1f
iSchoolSite SQL Injection
Posted Oct 17, 2011
Authored by poach3r

iSchoolSite suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e5935675276aed5c92078f9b6525d228
Climeweb Remote SQL Injection
Posted Oct 17, 2011
Authored by poach3r

Climeweb suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 19ffe9472204c4039d365fa6eb6d6111
Clam AntiVirus Toolkit 0.97.3
Posted Oct 17, 2011
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This is a minor bugfix release and is recommended for all users.
tags | tool, virus
systems | unix
MD5 | 5cf25ed7778fa0cb6b140ad8f009befb
Real Networks Netzip Classic 7.5.1 86 Buffer Overflow
Posted Oct 17, 2011
Authored by TecR0c, C4SS!0 G0M3S | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
MD5 | 73f79d377a245b750af3ab179d1550c9
Apple Safari file:// Arbitrary Code Execution
Posted Oct 17, 2011
Authored by sinn3r, Aaron Sigel | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.

tags | exploit, java, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3230
MD5 | f95a36d638b942780d7aafe3920c0218
Gnuboard 4.33.02 SQL Injection
Posted Oct 17, 2011
Authored by flyh4t

Gnuboard versions 4.33.02 and below suffer from a remote SQL injection vulnerability in tp.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2011-4066
MD5 | 26de516cacf76afed0493c5af179280b
Dominant Creature BBG/RPG Browser Game Cross Site Scripting
Posted Oct 17, 2011
Authored by M.Jock3R

The Dominant Creature BBG/RPG browser game suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bd38be07da3dab6054d1fe3437def01a
Mandriva Linux Security Advisory 2011-151
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-151 - Multiple vulnerabilities has been discovered and corrected in libpng. The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. Buffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692
MD5 | 1e98b0dfab55ce62baccae4fe42ce35f
Security Issues In Android Custom ROMs
Posted Oct 17, 2011
Authored by Anant Shrivastava | Site anantshri.info

This is a whitepaper called Security Issues in Android Custom ROMs. This paper keeps a special focus on custom ROMs by checking for security misconfigurations that can lead to device compromise.

tags | paper
MD5 | 3a290f92711650a8b28ea2b70142886e
WordPress BackWPup 2.1.4 Code Execution
Posted Oct 17, 2011
Authored by Phil Taylor | Site senseofsecurity.com.au

WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 83f19877358f3b72066b4cf7154933e1
Jynx Kit Userland Rootkit
Posted Oct 17, 2011
Authored by ErrProne

Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.

tags | tool, shell, rootkit
systems | unix
MD5 | c4f68fd8a88e336f5630798bde50c913
Anti-Virus Cloudfare Cross Site Scripting
Posted Oct 17, 2011
Authored by Sandeep Kamble

The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability.

tags | exploit, virus, xss
MD5 | 57e69c63f62c838cebb8a83c02892754
Toshiba EStudio Multifunction Printer Authentication Bypass
Posted Oct 17, 2011
Authored by Deral Heiland | Site foofus.net

Toshiba e-Studio devices suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | df52216c8902f51973de7886caf1df12
Skype 0 Day Exploitation
Posted Oct 17, 2011
Authored by Benjamin Kunz Mejri, Pim J.F. Campers | Site vulnerability-lab.com

Various Skype VoIP vulnerabilities have been discovered and disclosed at HITB Malaysia 2011.

tags | advisory, vulnerability
MD5 | d39dfe02cbe0b14347680834a61e6936
Slackware Security Advisory - httpd Updates
Posted Oct 17, 2011
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2011-3348, CVE-2011-3192
MD5 | f9713e8716c7667a1c1d76393c825488
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close