what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 82 RSS Feed

Files Date: 2008-09-11 to 2008-09-12

adobe9-dos.txt
Posted Sep 11, 2008
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Adobe Acrobat 9 Active-X remote denial of service exploit.

tags | exploit, remote, denial of service, activex
SHA-256 | 29206898c3ad3c1835b2c4a69f7bf0bf07b1702196dc7b9710141b2e40b9c419
unrealclient.tgz
Posted Sep 11, 2008
Authored by Luigi Auriemma | Site aluigi.org

The Unreal engine is affected by some format string vulnerabilities which can be exploited by a malicious server when the victim client connects to it. The main format string can be exploited through a malformed CLASS parameter of the DLMGR command but another one seems to be exploitable through the forcing of the download of a malformed package (PKG). Some older games instead can be exploited through a malformed LEVEL parameter of the WELCOME command. The bug is caused by the calling of _vsnwprintf_s or _vsnwprintf for building an error message to visualize to the user (for example for a missing class) using a max size of 4 kilobytes and, naturally, without passing the needed format argument. All related exploit code is included in this tarball.

tags | exploit, vulnerability
SHA-256 | 863f67850b55e9c9c3297e5e56a9c2c5c4cb9c1adea759190bb77fe1d9feaa1b
ut3sticle.zip
Posted Sep 11, 2008
Authored by Luigi Auriemma | Site aluigi.org

Unreal engine 3 remote denial of service exploit that leverages a failed memory allocation vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 085f6e99f790ab5b50851dcc299a7b582152c776dedb75e44dd63093bef86737
ut3sticle.txt
Posted Sep 11, 2008
Authored by Luigi Auriemma | Site aluigi.org

Unreal engine 3 suffers from a server termination vulnerability caused by a failed memory allocation.

tags | advisory
SHA-256 | 7d2de8733f445ecde7f731e17762ca9fc06c12184cbd79efce6473c27ea63a39
Ubuntu Security Notice 644-1
Posted Sep 11, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 644-1 - It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-3281, CVE-2008-3281
SHA-256 | 9139e43fe95cb79654a777a5abce41c875cabcb649f86a564afc749503aed326
Ubuntu Security Notice 643-1
Posted Sep 11, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 643-1 - Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 92fa750f501d9838dabc54d77709b4f63b5f2d0348bb483e0510e3894c95d74f
Secunia Security Advisory 31705
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Vastal I-Tech Mag Zone, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 7368c40ce0be62cdcf7361eed440b16de179ebd484fb3cdeb0ba4405adba4edf
n.runs-SA-2008.007.txt
Posted Sep 11, 2008
Authored by Alexios Fakos | Site nruns.com

The Horde project relies on code similar to Popoon's externalinput.php to filter out potential cross site scripting attacks on user-supplied input. Other projects are using the same code base. Therefore this vulnerability affects also the popular Cake-PHP framework. Hence, all users that rely on the externalinput sanitization functionality are affected by this vulnerability, as in addition to many other unrelated, open source projects.

tags | advisory, php, xss
advisories | CVE-2008-3824
SHA-256 | 21fcfc2eb2dfbc50c7d42dd8d19fdf5f77e420370c183904809c229552d63d54
n.runs-SA-2008.006.txt
Posted Sep 11, 2008
Authored by Alexios Fakos | Site nruns.com

Horde versions 3.2 through 3.2.1 suffer from a cross site scripting vulnerability due to the handling of MIME attachments.

tags | advisory, xss
advisories | CVE-2008-3823
SHA-256 | c2a3082c148d60c17ee794b27d8f58dbea9dcafc37b3a98ef6dc4162c3890507
Secunia Security Advisory 31835
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in various Tor World CGI Scripts, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, cgi, vulnerability, xss
SHA-256 | 6f51dae57e3945137611913579c2fb11d049852268255b8a5e681290f504df85
joomla-weakpassword.txt
Posted Sep 11, 2008
Authored by Stefan Esser | Site sektioneins.de

Joomla versions 1.5.7 and below suffer form a weak random password reset token vulnerability.

tags | advisory
SHA-256 | f3a05de176b98357326a615c8a735e3cceca49d45366d2ac92f9ebe2230f981f
dynamicmp3-xss.txt
Posted Sep 11, 2008
Authored by Xylitol | Site xylitol.free.fr

dynamic MP3 lister version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | df7b2506b62275b6860f38e092091a71a2c51b4aabc8c9b9941f025f8ecc8bef
paranews-xss.txt
Posted Sep 11, 2008
Authored by Xylitol | Site xylitol.free.fr

Paranew version 3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 107bb8cd556298c7b0d97e02b0c0defe13933e90af2dc29813cdf6b55defee2f
unicode-fun.txt
Posted Sep 11, 2008
Authored by Gary O'Leary-Steele | Site sec-1.com

Ruby Script to generate URL encoded Unicode UTF-8 URL.

tags | web, ruby
SHA-256 | 3716b2b24def26545bf37991157e555c96d9f13dc08744a8b8168ccd6d3bd237
Secunia Security Advisory 31769
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | d77b95b9805fd363e34b088730483c86e4741f017eee5e7d658fee7a7b4371c0
Secunia Security Advisory 31810
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Cyb3r-1sT has reported a vulnerability in AvailScript Jobs Portal Script, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | cf97cb28468987e2657e3fa6abecfa359f91eae2ea02563399c55ca74688c0af
Secunia Security Advisory 31818
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IRCRASH has discovered multiple vulnerabilities in Stash, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | d79b57469418af32edf9b43d25b20f67f4fec567f95b18f8ef75cbf42b2f6460
graffiti-sql.txt
Posted Sep 11, 2008
Authored by SirGod | Site insecurity.ro

Graffiti Forums version 1.0 suffers from remote SQL injection and HTML injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 8dad2f720993bebaaea124e50cd07a174ac9ad967b4df7a63b715d7b31429017
discussionboard-lfi.txt
Posted Sep 11, 2008
Authored by SirGod | Site insecurity.ro

D-iscussion Board version 3.01 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 00dee0bec6e54535d08c2f09294254d26ac6fa7cfa2b271f38cc2fef89e89800
zonealarm-overflow.txt
Posted Sep 11, 2008
Authored by Juan Pablo Lopez Yacubian

ZoneAlarm Security Suite suffers from a buffer overflow condition.

tags | advisory, overflow
SHA-256 | b9752e4371506f7c4fd130c903d13e79aa3338413ce9d17aa137ae345801ebe8
Secunia Security Advisory 31704
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stack has reported a vulnerability in Vastal I-Tech MMORPG Zone, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | e040939253c30e0599e3a17f540aca180dc93e7bfbe55b462b4f061488add7ff
Secunia Security Advisory 31799
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for freetype. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 5504db7acfdb99e11cb7dbb6586607a33e9b62981fdcd128008c96cb47179977
sportsclubs-lfi.txt
Posted Sep 11, 2008
Authored by StAkeR

Sports Clubs Web Panel version 0.0.1 suffers from a local file inclusion vulnerability.

tags | exploit, web, local, file inclusion
SHA-256 | ce43c9102e39b9349230cfca30dbc5f65027068f2f89bddfd486773bcf480dc9
Debian Linux Security Advisory 1636-1
Posted Sep 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1636-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2008-3272, CVE-2008-3275, CVE-2008-3276, CVE-2008-3526
SHA-256 | dd179712a3c5f49c7817972099a42d0a2e5e7cc5f684981c7e60c71b4cda6539
razorcommerce-sql.txt
Posted Sep 11, 2008
Authored by r45c4l | Site darkc0de.com

Razor Commerce suffers from a remote SQL injection vulnerability in category_search.php.

tags | exploit, remote, php, sql injection
SHA-256 | d26d9f0eee1ab0f9d3bd85c17b8586e15e92d24948cbf4494cd34751c7dd1c89
Page 1 of 4
Back1234Next

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close