exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 85 RSS Feed

Files Date: 2009-01-14 to 2009-01-15

Secunia Security Advisory 33440
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - darkjoker has reported a vulnerability in Pizzis CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 37471abeec03e68a07b34f276da3ba23234b2c908ea22b8833767e6cee3c895b
Secunia Security Advisory 33452
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in Openfire, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to conduct script insertion attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
SHA-256 | e3d23eedae5c7ae267580354b0a456a9097e04cdaa4525e87f055679ca05f808
Secunia Security Advisory 33428
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fujitsu has acknowledged a vulnerability in Interstage HTTP Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
SHA-256 | 1f5dc7c337c975ea5cfc39d82f44d0c1e8d4d1ffc61ba6305593c0832c1c0ca4
Secunia Security Advisory 33510
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, gentoo
SHA-256 | a849dadb2fb452ed3168ea3779b729b0ecb700cac81e7a8a4d81e30eb5ac8f98
Secunia Security Advisory 33498
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for zaptel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local
systems | linux, debian
SHA-256 | 30c752a94f075ddb4d3a1abd1c211a54a7c16b12feebb229af63fd43eed7e9da
Secunia Security Advisory 33513
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for pdnsd. This fixes some vulnerabilities, which can be exploited by malicious people to poison the DNS cache and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | 3eac3faa6258b411d548dff10ee1160cfc2eab42bf5d5fd27e9050be06250c5b
Secunia Security Advisory 33471
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Photobase, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 9348e5da35783fb6bbb77de5fe5c229f7aad91a9255fcb0d5b6455cf315b0084
Secunia Security Advisory 33403
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in BluePex IE-2000, which can be exploited by malicious people to hijack user sessions.

tags | advisory
SHA-256 | 8a9e43f191aedc6bc6bb2b9ce28a283ec7704016c5094d81999696ac73baf9a8
Secunia Security Advisory 33473
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in FTTSS A Free Text-To-Speech System, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 3843b1d8350642dd3c7f8bf8a0c7dd13f1babc71ec41967802eb1124fff65dda
Secunia Security Advisory 33474
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SocialEngine, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 22049b7b4de389f8682465fb4e4b2664ed08dc42a97ee0292957b29ea1fbcece
Secunia Security Advisory 33486
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - EcHoLL has reported a vulnerability in the JA Showcase component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | c3d60ff3f7ea3381eaa85204a558a74ddfe3cf131e44839b1b8a5d2a10e90a33
Secunia Security Advisory 33516
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tobias Klein has reported a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | solaris
SHA-256 | 2db7b98fc05a03611570846806a84efcd591cce461ce1118e35e1dd2523ee4a4
Secunia Security Advisory 33491
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.

tags | advisory, local, vulnerability
systems | solaris
SHA-256 | f90d6e0cdf368948ebc5c054f7fbb5082dc56adb84597b02f93057cf848641a1
Secunia Security Advisory 33499
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for gforge. This fixes a vulnerability, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
systems | linux, debian
SHA-256 | 7c285dd3f3356416ac9ca757fd42fc638f1ed9f7edae859e5a3c8884d1e2b148
Secunia Security Advisory 33511
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for ndiswrapper. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | 38184c796e1f03637dd4a16d179fc6cc7bb163a5fcd04e4be0d87a74dacd93f9
Secunia Security Advisory 33508
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has acknowledged a vulnerability in tremulous and tremulous-bin, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, gentoo
SHA-256 | ab563d4234b63e3eb800a268569746dd51ce31b423a8d205441ca3f57d22dfb4
Secunia Security Advisory 33509
Posted Jan 14, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for streamripper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | 9e95568d3c0af69745390ab8c924e092c4ba404af1c258691d9cf8a220646fc1
Technical Cyber Security Alert 2009-13A
Posted Jan 14, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-013A - Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server.

tags | advisory, vulnerability
systems | windows
SHA-256 | e75326eac91ff0879a316cad42c59c87ad8221678d44f6c8d8efb5e387f6d5e0
NGSSoftware Insight Security Research Advisory NISR13012009
Posted Jan 14, 2009
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required.

tags | advisory, sql injection
advisories | CVE-2008-3979
SHA-256 | 5121c42e5d2e8b18156a9dd21c0939cd3a695ecc1539eda09d741e19ef556402
Cisco VLAN Trunking Protocol Denial Of Service
Posted Jan 14, 2009
Authored by Showrun Lee | Site sh0wrun.blogspot.com

Denial of service exploit that leverages the Cisco VLAN trunking protocol vulnerability.

tags | exploit, denial of service, protocol
systems | cisco
SHA-256 | 819cd6e950c24628ffc5d8355a9c1b17a359e46aad41605824a5377480470d44
iDEFENSE Security Advisory 2009-01-13.2
Posted Jan 14, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 01.13.09 - Remote exploitation of an input validation vulnerability in the authentication component of Oracle Corp.'s Secure Backup Administration Server could allow an unauthenticated attacker to execute arbitrary commands in the context of the running server. The vulnerability is in a function of common.php which is called from the login.php page. The script fails to sanitize the input when verifying the user has permission to use the service. Oracle Corp.'s Secure Backup version 10.1.0.3 for Linux has been confirmed vulnerable. Other versions and other platforms may also be affected.

tags | advisory, remote, arbitrary, php
systems | linux
advisories | CVE-2008-5449
SHA-256 | 676f52505a06f7b79799cd7fe2ffc5fade5bf578746eeec70f727c0fa7100f6f
iDEFENSE Security Advisory 2009-01-13.1
Posted Jan 14, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 01.13.09 - Remote exploitation of two command injection vulnerabilities in the authentication component of Oracle Corp.'s Secure Backup Administration Server could allow an unauthenticated attacker to execute arbitrary commands in the context of the running server. In both cases, the vulnerabilities exist in PHP scripts that authenticate a user attempting to use the service. The first vulnerability is in "php/login.php". By making a login request with a specially crafted cookie value, an attacker can execute arbitrary code on the server. The second vulnerability is in "php/common.php". This function is called from the "login.php" page. A variable is used to specify a command to be run. An attacker can supply any shell command for this variable and it will be executed in the context of the web server process. Oracle Corp.'s Secure Backup version 10.2.0.2 for Linux, and Secure Backup version 10.2.0.2 for Windows have been confirmed vulnerable. Other versions and other platforms may also be affected.

tags | advisory, remote, web, arbitrary, shell, php, vulnerability
systems | linux, windows
advisories | CVE-2008-4006
SHA-256 | 1697cdfe744c84a5745ef437ce40fd26636f5d419badf01a27127a22ffea6cf5
iDEFENSE Security Advisory 2009-01-12.4
Posted Jan 14, 2009
Authored by iDefense Labs, Code Audit Labs | Site idefense.com

iDefense Security Advisory 01.12.09 - Local exploitation of an arbitrary file rewrite vulnerability in Oracle Corp.'s Oracle Database 10g Release 2 database product allows attackers to gain elevated privileges. The vulnerability exists in a function that allows a user with an authenticated session to create any file or rewrite any files to which the database account has access. iDefense has confirmed the existence of this vulnerability in Oracle Database 10g Release 2 version 10.2.0.3.0 on 32-bit Linux platform and Windows platform. Previous versions may also be affected. Oracle Database 11g Release 1 version 11.1.0.6.0 is not affected by this vulnerability.

tags | advisory, arbitrary, local
systems | linux, windows
advisories | CVE-2008-3997
SHA-256 | 610c95b870b142b03e112907707ba9657094278aaa69f7396c8de41722da6c51
Zero Day Initiative Advisory 09-02
Posted Jan 14, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-002 - This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans2 request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution.

tags | advisory, remote, denial of service, kernel, code execution
systems | windows
advisories | CVE-2008-4835
SHA-256 | 26370c7c5def0bb511ca074bc5b3a9bc06779774b405ad92a16dfd92dbb31ccd
Zero Day Initiative Advisory 09-01
Posted Jan 14, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-001 - This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution.

tags | advisory, remote, denial of service, kernel, code execution
systems | windows
advisories | CVE-2008-4834
SHA-256 | 43e2a4c33a4beac06827e2f438c4df66966c7b9811afacb11bf1a79bf43a19c5
Page 3 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close