exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2009-03-30 to 2009-03-31

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Mar 30, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: New server-side EAP RADIUS plugin. A vulnerability in Dead Peer Detection has been fixed. Other tweaks have been implemented.
tags | kernel, encryption
systems | linux
advisories | CVE-2009-0790
SHA-256 | 4ceadb0aa155d910f1986bd9f636d87644d75b68308d787fad07689d7bc0817f
Mobius Forensic Toolkit
Posted Mar 30, 2009
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: The part catalogue now imports and exports catalogues. Minor bugs were fixed.
tags | tool, python, forensics
SHA-256 | 7e2fdb114fdda4db65235e7225e982619612a6afd7c3a6a4a586fb161b731524
OpenSSL Toolkit
Posted Mar 30, 2009
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Three security flaws of moderate severity were fixed - Printing the contents of an ASN1 certificate with an illegal encoded length could cause an application crash. CMS verification could cause an invalid set of signed attributes to appear valid. A malformed ASN1 structure could cause invalid memory access. Further minor modifications were made.
tags | encryption, protocol
advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789
SHA-256 | 7e7cd4f3974199b729e6e3a0af08bd4279fde0370a1120c1a3b351ab090c6101
Openswan / Strongswan Denial Of Service
Posted Mar 30, 2009
Authored by Paul Wouters

Openswan versions 2.6.20 and below and Strongswan versions 4.2.13 and below suffer from a Dead Peer Detection denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2009-0790
SHA-256 | f54e2eb6a321fda0ffc703dd3f3a2af930e2a7924acef3fa72d65f80e868505a
Check Point Firewall-1 Overflow
Posted Mar 30, 2009
Authored by BugsNotHugs

The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable.

tags | exploit, remote, web, overflow, tcp
SHA-256 | ea492653b5ddebab2e708e8a2df04435b7732133b138456f88f95f23c8ba7185
Mandriva Linux Security Advisory 2009-082
Posted Mar 30, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-082 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. This update provides the fix for that security issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-0845
SHA-256 | 08666e7e6b60d6b837a8680a4e05b500d3abb5e40bc34fc37b8233a475928d59
Debian Linux Security Advisory 1757-1
Posted Mar 30, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1757-1 - It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings.

tags | advisory, sql injection
systems | linux, debian
SHA-256 | 1aa037a98e4dd482e99803730defb061f52e97425d3687e21fc8475bf2045303
Family Connection 1.8.1 SQL Injection
Posted Mar 30, 2009
Authored by Salvatore Fresta

Family Connection version 1.8.1 suffers from a create administrative user vulnerability and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 01a4307f57757f12e3f098abed9abaf0ec8655ca93b42e400fdaa7e4618dfebf
JobHut 1.2 SQL Injection
Posted Mar 30, 2009
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

JobHut versions 1.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 350407369ebdca498e2c12a2c3d959956fa3ed4ca776eb55a8be91c00d55db10
Sami HTTP Server 2.x Denial Of Service
Posted Mar 30, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Sami HTTP Server 2.x remote denial of service with HEAD request exploit.

tags | exploit, remote, web, denial of service
SHA-256 | 3491b722a328db818b14cf139bde10245e73c3741e29b8e0d33bbbc37717be57
Technical Cyber Security Alert 2009-88A
Posted Mar 30, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.

tags | advisory, worm
systems | windows
SHA-256 | 889abea95838642c06f272a52a5487dbaad89f603f848630737ddad4c4d9c103
Gentoo Linux Security Advisory 200903-40
Posted Mar 30, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-40 - A Denial of Service vulnerability was discovered in Analog. Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). Versions less than 6.0-r2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2008-1372
SHA-256 | fe2d46b320cc6611e1f75812fadd347ac5c1fbc3aa4aee8eeb456f574e74bea7
Wine 1.0.1 Buffer Overflow
Posted Mar 30, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Linux Wine version 1.0.1 local buffer overflow proof of concept code.

tags | exploit, overflow, local, proof of concept
systems | linux
SHA-256 | 686cf5036fb7321dce4cddb7d8f0953a31f042cef03c513ca0aeaab2afbf7757
From Win32 User-Land Through Native API To Kernel
Posted Mar 30, 2009
Authored by cross | Site x1machine.com

Whitepaper called From Win32 User-Land through Native API to Kernel. Includes demonstration code.

tags | paper, kernel
systems | windows
SHA-256 | 18fd0091452628f5c03cd9eae9a9c0258c233d7e9a68d3cbbca2ca70514b9c73
iWare CMS 5.0.4 SQL Injection
Posted Mar 30, 2009
Authored by boom3rang | Site khq-crew.ws

iWare CMS version 5.0.4 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 3edf5c7a65ae8f283e49c0fdb70c62593437e9cab56ce585b87448e8d64e716a
Arcadwy Arcade Script Authentication Bypass
Posted Mar 30, 2009
Authored by ZoRLu

Arcadwy Arcade Script suffers from an authentication bypass vulnerability due to insecure cookie handling.

tags | exploit, bypass, insecure cookie handling
SHA-256 | 0e849d9748ecd380e5565c962459543b165a2d4c115f319d09661878179acad9
Amaya 11.1 Stack Overflow
Posted Mar 30, 2009
Authored by Alfons Luja

Proof of concept exploit for a stack overflow in the W3C editor/browser in Amaya 11.1.

tags | exploit, overflow, proof of concept
SHA-256 | c8cc993bdbfb58dd0acbd2801ee0c7692ef7f2bcc6f6136385d5c3918f42cc12
Firefox 3.0.x XML Parser Memory Corruption
Posted Mar 30, 2009
Authored by Wojciech Pawlikowski

Firefox version 3.0.x XML parser memory corruption denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 0395d7c13f2091d44dc8327dd50f32f6ee8020768eb9f808521bb02a4c5eeff6
Nokia Siemens FlexiISN GGSN Authentication Bypass
Posted Mar 30, 2009
Authored by TaMBaRuS

Nokia Siemens FlexiISN GGSN suffers from multiple authentication bypass vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | 3f6d661f3e0e6a2850206b9b7b87744bce1ee96dbfaced21a483b0fee3bcd0ec
L-Forum 2.4.0 SQL Injection / Command Execution
Posted Mar 30, 2009
Authored by Osirys | Site y-osirys.com

L-Forum version 2.4.0 local file inclusion and command injection via SQL injection exploit.

tags | exploit, local, sql injection, file inclusion
SHA-256 | 5700d2ecc7227e2a744509a398a139df728096cdbfa4c24e4a833f7b99debea8
X-Forum 0.6.2 Authentication Bypass
Posted Mar 30, 2009
Authored by Osirys | Site y-osirys.com

X-Forum version 0.6.2 remote command execution exploit that performs authentication bypass via a cookie handling vulnerability. SQL injection vulnerabilities also exist.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | d9183587e4ad9215c1a97cac3e4f9677d61baa356ee16ea1106f8ac7be7a2200
Debian Linux Security Advisory 1756-1
Posted Mar 30, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1756-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-1169, CVE-2009-1044
SHA-256 | 25ae987122b9503b07f7231a697f4f52d1aa0dd70a0fbd140f45e0412035da2e
glFusion 1.1.2 SQL Injection
Posted Mar 30, 2009
Authored by Nine:Situations:Group | Site retrogod.altervista.org

glFusion versions 1.1.2 and below COM_applyFilter()/order SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 0d052959a67255c2e45321b7cf1bd2b09df0473ac3c5ee52fd046ce1cf9e3042
Ubuntu Security Notice 745-1
Posted Mar 30, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-745-1 - It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1044, CVE-2009-1169
SHA-256 | 0163025e9b14eb8932b5e588c489caff43377a23cfbe2530118a9d37258afaa3
Gravy Media CMS 1.07 SQL Injection
Posted Mar 30, 2009
Authored by X0r

Gravy Media CMS version 1.07 suffers from file download and SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | c8b7135225a7be7fa4f23da834f53af67ec8a7d2061240a4e090a169d79cca7b
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close