exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 54 RSS Feed

Files Date: 2008-05-20 to 2008-05-21

HP Security Bulletin 2008-00.56
Posted May 20, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges.

tags | advisory, denial of service, php, vulnerability
systems | hpux
advisories | CVE-2007-2872, CVE-2007-3378, CVE-2007-4783, CVE-2007-4840, CVE-2007-4887, CVE-2007-5898, CVE-2007-5899, CVE-2007-5900
SHA-256 | d2fd4b44ee57dd3af461a9759dea17febfe05480c61e661d1f8658421113fd53
HP Security Bulletin 2007-14.54
Posted May 20, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.

tags | advisory
systems | hpux
advisories | CVE-2008-1660
SHA-256 | e59571f2ff30cc98eb6750cfdbea17f5717f61b9beb4a3ee728e282c98df6bed
Secunia Security Advisory 29941
Posted May 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 830ca8fc187f2fa1f7e5513ec9beb3c141c230f56183802dcfe478ef4aca9a53
Secunia Security Advisory 30284
Posted May 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tan Chew Keong has reported a vulnerability in the FireFTP extension for Firefox, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 5dd02c1bcf4c9cf354b51d8ff234e25803f98441b152377eee75b1bcee5c410e
Secunia Security Advisory 30294
Posted May 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | 62c171d42aa88b19f9258546c26f81d574fb0aaea6328422d16ad15cc2663906
Secunia Security Advisory 30297
Posted May 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Stunnel, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 497e1086f03345c4ca14422869747f381a61804d51333d6ce4f145e0bce37319
Secunia Security Advisory 30312
Posted May 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Adam Zabrocki has discovered a vulnerability in Mtr, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 6d8018f88ede61aae2739484b26fac37f14278f09a4e9edeffbcfc1806abc951
HP Security Bulletin 2008-00.71
Posted May 20, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.

tags | advisory, vulnerability
advisories | CVE-2007-6026
SHA-256 | bb587d8e96bac78b086e12450434df6d5d72c587415ae18e670c875b5e37676b
mtr-overflow.txt
Posted May 20, 2008
Authored by Adam Zabrocki

Mtr suffers from a local and remote stack overflow vulnerability.

tags | advisory, remote, overflow, local
SHA-256 | b5aaeddc9d0203578469fd018747dc56aa4cb6f38fd0d0cff0a0cf01e4b890b2
Ubuntu Security Notice 612-7
Posted May 20, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 612-7 - USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.

tags | advisory, vulnerability
systems | linux, debian, ubuntu
advisories | CVE-2008-0166
SHA-256 | b8a3d7140bb40c836f0c4783f297dddf48e4e0cd26ed7af88c52cbf6f4b50bf1
Debian Linux Security Advisory 1580-1
Posted May 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1580-1 - It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2008-2064
SHA-256 | 6cb34a2f0fef9fd9f75be1b339a75f76988d21d100d00c006ae8565a6f11805e
secunia-foxit.txt
Posted May 20, 2008
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. Foxit Reader 2.3 build 2825 is affected.

tags | advisory, overflow, arbitrary, javascript
advisories | CVE-2008-1104
SHA-256 | fd57e4bfb41939ad032f32cc8e3df6d5f80854b91d50488e0adfd932f788576e
winpcap-dos.txt
Posted May 20, 2008
Authored by e.wiZz!

WinPCAP denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 1432e8c079069a6ab716069ef7c345128f3cabec56bcb1328e175a03684a451e
Zero Day Initiative Advisory 08-027
Posted May 20, 2008
Authored by Damian Put, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.

tags | advisory, remote, arbitrary
advisories | CVE-2008-2241
SHA-256 | 87cfdcbb6613e14cedaf10c5b3083bd9012df90c3f6873619469e64a0001b4c8
Zero Day Initiative Advisory 08-026
Posted May 20, 2008
Authored by Damian Put, Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux
advisories | CVE-2008-2242
SHA-256 | 5beac44d9fa93dd531a5772fb664510c95b8fb10a85ab02246b9e9235be2a914
CA-caloggerdxdr.txt
Posted May 20, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2008-2241, CVE-2008-2242
SHA-256 | 4e72f135e85d378c8daae3e615f25746727f11c302917fbfcb8e7d99f84d149b
Mandriva Linux Security Advisory 2008-103
Posted May 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-2109
SHA-256 | 0fc7725ade229d2bccc465866192b4e127fdc91e731b4bf191ffb65ab2c5a779
wildcard_attacks.pdf
Posted May 20, 2008
Authored by Ferruh Mavituna | Site portcullis-security.com

DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.

tags | paper
SHA-256 | 966761136e5dd0fc10bac9d6b273966d20386567a7bdca93ac2c13e0d89fc0e9
wpfile-exec.txt
Posted May 20, 2008
Authored by CWH Underground | Site citecclub.org

Wordpress versions 2.5.1 and below offer the ability to execute arbitrary php code via the administrative functionality. This is a bit obvious to anyone who has used Wordpress installations, but I guess it is useful to note.

tags | exploit, arbitrary, php
SHA-256 | b8c00a899b80f40e3c05f1ff4633dd5608f6424a366be2dcb8c711639fbd1703
ISVA-080516.2.txt
Posted May 20, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.

tags | advisory
SHA-256 | 234df1762e5efb593ef96dd70a17ec44fe21692085b54ea3770decbd5d36aeb3
ISVA-080516.1.txt
Posted May 20, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.

tags | advisory, sql injection
SHA-256 | 326d2fd0343a50acde785461329cd29f99ec31a55cf0fdeda6e4172d09fb8bbf
bcoos-traverse.txt
Posted May 20, 2008
Authored by Lostmon | Site lostmon.blogspot.com

Bcoos versions 1.0.13 and below suffer from an arbitrary file read vulnerability via highlight.php.

tags | exploit, arbitrary, php, file inclusion
SHA-256 | e7ab34aed9514809805b0f909f04ffd546118b7e9e4be88fdd7ef809e613ad38
msword-xss.txt
Posted May 20, 2008
Authored by Juan Pablo Lopez Yacubian

Microsoft Word versions 2003 and 2007 are susceptible to crash and cross site scripting vulnerabilities via malicious javascript execution.

tags | exploit, javascript, vulnerability, xss
SHA-256 | 9450a478f4400a7b5a60736110807c1fa7a8a05c22051c2435fab168d53fed6e
cpanel-root.txt
Posted May 20, 2008
Authored by Ali Jasbi

It appears that there is a remote compromise vulnerability in cPanel in relation to reseller accounts.

tags | exploit, remote
SHA-256 | 4745ad393ead10f2841702f3721f0bdf5e6d2f6186ef29c5113b5d64f637e24f
Debian Linux Security Advisory 1579-1
Posted May 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1579-1 - A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2008-0554
SHA-256 | b8ee4026f4a54007afd888ed6348ed7f0fc7c9728c856c873aa19b2bfae4987a
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close