what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 48 of 48 RSS Feed

Files Date: 2008-04-16 to 2008-04-17

divx-dos.txt
Posted Apr 16, 2008
Authored by securfrog

DIVX Player versions 6.7.0 and below .SRT file buffer overflow proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
SHA-256 | a2c4196ad2a87b326c43c3596267b0413b7ce0811516ec6293eead33e494f776
iDEFENSE Security Advisory 2008-04-14.2
Posted Apr 16, 2008
Authored by iDefense Labs, Damian Put, Thomas Pollet | Site idefense.com

iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for reading in sections within a PE binary packed with the WWPack executable compressor. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 4d031b3623c5acf6d2df2a012826f123b600e16b2467a042482a60b36cd59aab
iDEFENSE Security Advisory 2008-04-14.1
Posted Apr 16, 2008
Authored by iDefense Labs, Damian Put | Site idefense.com

iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for decompressing sections within a PE binary packed with the PeSpin executable protector. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-0314
SHA-256 | 12c041db8179f0af23b92ec5c1b92fa5e93528888fedbef1b5e18790d04781fa
iDEFENSE Security Advisory 2008-04-09.5
Posted Apr 16, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.09.08 - Local exploitation of a buffer overflow vulnerability in the db2dasrrm program, as included with IBM Corp.'s DB2 Universal Database, allows attackers to elevate privileges to root. This vulnerability exists due to insufficient validation of the length of the attacker-supplied "DASPROF" environment variable contents. By setting the variable to a specially crafted string, an attacker can cause a buffer overflow when the string is copied into a static-sized buffer stored on the stack. By overflowing the buffer, the attacker can overwrite execution control structures stored on the stack and execute arbitrary code. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with Fix Pack 4 installed on a Linux system. Versions for other supported UNIX-like systems should also be considered vulnerable. All previously released versions are suspected vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | linux, unix
advisories | CVE-2007-5758
SHA-256 | ed9da4601a3c01c8aa3d7ab4328a633cd6c16d5f038c559df222bd6ac326093f
iDEFENSE Security Advisory 2008-04-09.4
Posted Apr 16, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 04.09.08 - Local exploitation of a file creation vulnerability in the Administration Server of IBM Corp.'s DB2 Universal Database allows attackers to elevate privileges to root. This vulnerability exists due to unsafe file access from within the db2dasrrm program. When a user starts the DAS, the "db2dasrrm" process is started with root privileges. As part of the initialization, the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created with root privileges. By removing and re-creating these files as symbolic links, an attacker can create arbitrary files as root. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 release with Fix Pack 3 installed on Linux. Other versions are also suspected to be vulnerable.

tags | advisory, arbitrary, local, root
systems | linux
advisories | CVE-2007-5664
SHA-256 | dd5a634ae18370241c785ef50887abc8490a642fa48ef842bac9544bbb16e8e9
wp-saltcrack.txt
Posted Apr 16, 2008
Authored by J. Carlos Nieto | Site xiam.menteslibres.org

Wordpress version 2.5 suffers from a salt cracking vulnerability. Exploit included.

tags | exploit
SHA-256 | 257f8090d1ae9f2d4bc67d88531f37050bfb63f7bb37c505d07788bf5f40eff7
Debian Linux Security Advisory 1540-2
Posted Apr 16, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1540-2 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, did not correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections. This security update fixes a regression in the previous one, which caused SSL failures.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2008-1531
SHA-256 | 81b1709bbba7d47454bc46f62b5b29d63ad1e0d1d4ac732e92e318faebac658a
irforum-rfi.txt
Posted Apr 16, 2008
Authored by THuGM4N

Istant-Replay Forums appear susceptible to a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 573c0ba8aeadf65e16ad28677a60372aeaf356a8be7911c582ca3f6f77e1c69c
w2b-rfi.txt
Posted Apr 16, 2008
Authored by THuGM4N

W2B Online Banking appears susceptible to a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 13060104ca0d841b96bd106ed98769c95345ace7f7719f58e6bcb76651502e6d
Secunia Security Advisory 29758
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - shinnai has discovered a vulnerability in IBiz E-Banking Integrator, which can be exploited by malicious people to overwrite arbitrary files.

tags | advisory, arbitrary
SHA-256 | 7ce6d66b5968eeb105cbdf4a23b1a549df87882f774667cfa065ce44ee845928
bosnews0206-direct.txt
Posted Apr 16, 2008
Authored by H-T Team | Site no-hack.fr

BosNews versions 2002-2006 appear to allow direct user addition without authentication.

tags | exploit
SHA-256 | 78e19f2cd939715bf2b0c793c675f249d1d56722bf567907c927f2ddfe5b6d49
bosnews40-direct.txt
Posted Apr 16, 2008
Authored by H-T Team | Site no-hack.fr

BosNews version 4.0 appears to allow direct user addition without authentication.

tags | exploit
SHA-256 | 2589ceb6a2f35fe93bf57df5083da3f3a1dd0f4ccd3e274ce5c2f9ff8207e7aa
lightneasy-multi.txt
Posted Apr 16, 2008
Authored by __GiReX__ | Site girex.altervista.org

LightNEasy SQLite / no database versions 1.2.2 and below suffer from code execution, SQL injection, file disclosure, and other vulnerabilities.

tags | exploit, vulnerability, code execution, sql injection
SHA-256 | 4ae586772da13e3cd993c941d350c352d377be625415ae3185b3d5119a5dc502
gallarific-xss.txt
Posted Apr 16, 2008
Authored by Thomas Pollet

Gallarific appears susceptible to persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ae434659923a53d098c9cd586d971e9f78ffb1cda3c7df241b89ec7c108592e1
Secunia Security Advisory 29636
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for lighttpd. This fixes a security issue and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | 0164b366eff8f09832f93748506eb92b967d2a76744be69e22cd7fc935e32634
Secunia Security Advisory 29668
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in rsync, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | 8972c79d873338186e58192737b0756a2908b8761502e48d5280a5419787117a
Secunia Security Advisory 29675
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - poplix has reported some vulnerabilities in Parallels VZPP, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.

tags | advisory, vulnerability, csrf
SHA-256 | 57e7aa5b693962fbd4a1562556a8b21899590ddd1c6c188b6d214ae23fce88d6
Secunia Security Advisory 29694
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for am-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, gentoo
SHA-256 | caf7cb318264e2a6f669977eafa0e234f85dc896ea11dd421639ee74459021f0
Secunia Security Advisory 29711
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to disclose potentially sensitive information, and by malicious people to manipulate certain data or to disclose sensitive information.

tags | advisory, local, vulnerability
systems | linux, gentoo
SHA-256 | 5fca43e007a7f0c5bb389a33082514800d84ac61c1bca8b14aadf38bc24af13c
Secunia Security Advisory 29771
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges.

tags | advisory, local
SHA-256 | d90ef15278f00fb7d4d02977161c83bac86bbe7cb4b837cfc8dc6d3c47f61594
Secunia Security Advisory 29777
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | d3ebac834aaf49005fd421d2744e0efdab2f1cc3ee87f0019227b2c9ef1a7fb5
Secunia Security Advisory 29781
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | 4683f11eb4850d5a1dce58fffb11bfcb318639c12df01508353bcce5fa5b96e5
Secunia Security Advisory 29783
Posted Apr 16, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | solaris
SHA-256 | e162aed8f571085a1664e866f12d2b4575f535cf968d7576a4e8769debddefe1
Page 2 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close