what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 48 RSS Feed

Files Date: 2008-04-16 to 2008-04-17

Secunia Security Advisory 29761
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for redhat-ds-admin. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | abf883b08aaa73b70b079d814e257c4b6d73d1a5fa69c8bb7cb49eb78ee62559
Secunia Security Advisory 29785
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 9440b2f0cd70b5f428e2cdccb1167bc4da1ce41c4992e6ade2db15bc4eb0f04f
Zero Day Initiative Advisory 08-022
Posted Apr 16, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2008-1026
SHA-256 | d7226cf9fbed0e7b5e82d1dd575f6e61f1ded367886e94e1a5db1549689e7f83
cadsm-activex.txt
Posted Apr 16, 2008
Authored by Ken Williams | Site www3.ca.com

CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.

tags | advisory, remote, web, denial of service, arbitrary, activex
advisories | CVE-2008-1786
SHA-256 | b63cbfd73b81137d031f97bd4f2406b126e28b710e79acc9de05299b137471b2
carboncom-multi.txt
Posted Apr 16, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

Carbon Communities Forum versions 2.4 and below suffer from SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | ec8b6da167cb0ac04f04778c691d037a9cd993aa0d5833d3b0c4f5594180c62e
bsplayer-overflow.txt
Posted Apr 16, 2008
Authored by j0rgan | Site jorgan.users.cg.yu

BS.Player version 2.27 Build 959 .SRT file buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 8cfbd5de445f4718c1656cc8b0690b95807d0e631cd49dd835765144bcb2a3be
iDEFENSE Security Advisory 2008-04-15.1
Posted Apr 16, 2008
Authored by iDefense Labs, Joxean Koret | Site idefense.com

iDefense Security Advisory 04.15.08 - Local exploitation of a design error vulnerability in Oracle Corp.'s Application Express web application development tool allows attackers to gain elevated privileges. The vulnerability exists in "run_ddl" function within the "wwv_execute_immediate" package. This package is included in the "flows_030000" schema. This function allows attackers to execute SQL commands as any database user, such as SYS. iDefense confirmed the existence of this vulnerability in Oracle Application Express version 3.0.1.00.08, which is installed by default with Oracle Database 11g R1 (version 11.1.0.6.0). Previous versions may also be affected. However, Oracle Database 10g R2 does not install Oracle Application Express by default.

tags | advisory, web, local
advisories | CVE-2008-1811
SHA-256 | e62655ecf9cf417e237bbdfa2451137b6da01ab4c98426bae246e30ac759b70b
Cisco Security Advisory 20080416-nac
Posted Apr 16, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).

tags | advisory
systems | cisco
advisories | CVE-2008-1155
SHA-256 | 53c82c43309c5cb46dbf366870f9222e679ccdb752a2d6f78eb6b7ae7538b2c9
INFIGO-2008-04-08.txt
Posted Apr 16, 2008
Authored by Leon Juranic | Site infigo.hr

INFIGO IS's security team has identified a critical remote buffer overflow vulnerability in the latest ICQ version (ICQ 6.0).

tags | advisory, remote, overflow
SHA-256 | f15fcb7c39b1de855c85925767b7a551daaddf85fabc42a30d0971f234fc959e
oracle-hardcode.txt
Posted Apr 16, 2008
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 9i Release 1 through 10g Release 2 suffer from a hard coded password vulnerability.

tags | advisory
SHA-256 | 5a626b3f3db0d29867bfeb5c6c55255678262395a263f8d3e5ad0123e3b0aa0a
oraclesdogeom-sql.txt
Posted Apr 16, 2008
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in the SDO_GEOM package.

tags | advisory, sql injection
SHA-256 | 5c6480feed1ae87a9b01f04e8303b0822b3ea652afdbae60cea161366ac61511
oraclesdoidx-sql.txt
Posted Apr 16, 2008
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 9i Release 1 through 11g Release 1 suffer from a SQL injection vulnerability in the SDO_IDX package.

tags | advisory, sql injection
SHA-256 | d6d0053dc2be5c9cf1894ba082e60dc8f4f2aa3f839d4a47bb79a73fc0baee27
oraclesdoutil-sql.txt
Posted Apr 16, 2008
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 10g Releases 1 and 2 suffer from a SQL injection vulnerability in the SDO_UTIL package.

tags | advisory, sql injection
SHA-256 | 014f11cb69ac5e56681ff953324c818122c8520818bfd0427b2c1fb0b6b0c4d1
afick-2.11-1.tgz
Posted Apr 16, 2008
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: Some bug fixes and additions.
tags | tool, integrity
systems | windows, unix
SHA-256 | 673ffbfd010c1c40cf1b2c6602fbc592d45dc9e5540844d1d8b3d4b95dc6cdd8
xplod-sql.txt
Posted Apr 16, 2008
Authored by c02 | Site dz-secure.com

XplodPHP AutoTutorials versions 2.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | de86652c23159fe36ac35481dc7fe41b5c2e8656a4bb6abf46056f585ab7c0cd
Secunia Security Advisory 29734
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - cO2 has discovered a vulnerability in Lasernet CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | b50e6d32d5a2c6fe7ce9190caadc812e3576362e6d9197e5b9f15fc2cfda9887
Secunia Security Advisory 29780
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - securfrog has discovered a vulnerability in DivX Player, which can potentially be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 1fa7ace65af8a308c0e979a3cfa28e88c4921a4f10c857658befe3667e3dfa52
Secunia Security Advisory 29784
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to perform certain actions with escalated privileges or gain escalated privileges.

tags | advisory, local, vulnerability
SHA-256 | 283d95504a46921fe577783b216e067e3d94f2712b9696a599612ff62db2dcff
Secunia Security Advisory 29819
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Morgan ARMAND has discovered a vulnerability in DotClear, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 3f4f841cf84b2892713479e5e131bf2d41298cb9c041ec13ccc872d42a2a629f
Secunia Security Advisory 29829
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported for various Oracle products. Some vulnerabilities have unknown impacts while others can be exploited by malicious users to bypass certain security restrictions, conduct SQL injection attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability, sql injection
SHA-256 | c37bd3b2bb8d24aba55976dee3446b830d6040298ba5df01872fbab785b526fa
Secunia Security Advisory 29831
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matteo Memelli has discovered a vulnerability in BigAnt Messenger, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 156b5ae4bbdc581476c298b3d49daf911a96f6159c4a9830bf5dfdefcd85940d
Secunia Security Advisory 29832
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Felipe Sateler has discovered a security issue in Cecilia, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 7f305369490779a5f5ee3deae80ed03d6cb69850e779a6c6f9abbb91cd21e9c8
VMware Security Advisory 2008-0007
Posted Apr 16, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware has released updates for pcre, net-snmp, and OpenPegasus.

tags | advisory
advisories | CVE-2006-7228, CVE-2007-1660, CVE-2007-5846, CVE-2008-0003
SHA-256 | 05d3cc52d406c326ff1eab9dc8daa8b27e7db3e09c7914fad3295665ea9f50da
lasernetcms-sql.txt
Posted Apr 16, 2008
Authored by c02 | Site dz-secure.com

Lasernet CMS version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fc72773e3a46fb2aa6f60be12009e84b233fcdf36cbcd4f457ebe1ca79cf2957
Mandriva Linux Security Advisory 2008-086
Posted Apr 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The isdn_ioctl function in isdn_common.c in the Linux kernel prior to 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which trigger a buffer overflow. The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information. The shmem_getpage function in mm/shmem.c in the Linux kernel versions 2.6.11 through 2.6.23 did not properly clear allocated memory in certain rare circumstances related to tmps, which could possibly allow local users to read sensitive kernel data or cause a crash.

tags | advisory, denial of service, overflow, kernel, local, root
systems | linux, mandriva
advisories | CVE-2007-6151, CVE-2007-6417, CVE-2007-6206
SHA-256 | 9d45829355f0a104401e0ff0bc6eb1b4fdb73a895ecae86b1fe47a119c6a9e3b
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close