what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 893 RSS Feed

Files Date: 2009-03-01 to 2009-03-31

Secunia Security Advisory 34515
Posted Mar 30, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in My Simple Forum, which can be exploited by malicious people to disclose sensitive information or conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 674b9f93fe44144a09e15d62d3cf015a16cf6f51eee55887cedd5c5d232a473e
Secunia Security Advisory 34508
Posted Mar 30, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for analog. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, gentoo
SHA-256 | 44b5f27d830a54aa254cb95300ed37e381a1d18a0a9082f6c9ba5f6ab87efa51
Secunia Security Advisory 34504
Posted Mar 30, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
SHA-256 | b95c7b19167b34148e3ab549d279a9e84569a8db59a50eb9a9aa9b8bf4389e04
Secunia Security Advisory 34519
Posted Mar 30, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in glFusion, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 81e01c5960d0f88c337bf5c1dd628033e80f2edd6f8a2b35252f78b869fcee63
Novell Netstorage XSS / Denial Of Service
Posted Mar 27, 2009
Authored by BugsNotHugs

Novell Netstorage suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 9eed18c6c8f4bc12af41a5a4f256eeb71124d7de5d24e27afebf1272d05f0e09
Aurora Nutritive Analysis XSS
Posted Mar 27, 2009
Authored by BugsNotHugs

The Aurora Nutritive Analysis module suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 64b55d35b08b32a03568ea6913df10a7d91b73e73ff7ddbc58f09bcad03effe7
iDEFENSE Security Advisory 2009-03-25.5
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during decompression when, to calculate the size of a heap buffer, the code manipulates several integers in the file. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap-based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s JRE version 1.6.0_11 for Windows and Linux.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, windows
SHA-256 | 45f6f1ff008d7faa9a03ca57e555cc3f216424f6906bc9343bc797edf47efefa
iDEFENSE Security Advisory 2009-03-25.4
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary PNG file to the splash logo parsing code. The vulnerability occurs when parsing a PNG file used as part of the splash screen. When parsing the image, several values are taken from the file and used in an arithmetic operation that calculates the size of a heap buffer. This calculation can overflow, which results in an undersized buffer being allocated. This buffer is later overflowed with data from the file. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, overflow, arbitrary
systems | linux, windows
SHA-256 | 2d38f70208475eab25a81127c23c1ab5bfa6f7b2fc50a6fd2c025f1f200bc126
iDEFENSE Security Advisory 2009-03-25.3
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. Values from the GIF file are used to calculate an offset to store data in a dynamic heap buffer. These values are not validated before use, which allows an attacker to store controlled data outside of the bounds of the allocated buffer. This leads to corruption of object pointers, which can be leveraged to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in Java JRE version 1.6_11. Previous versions may also be affected.

tags | advisory, java, remote, arbitrary
SHA-256 | 9d4ab7a3c8a6bb2829e143ebc1d41ab732008cbd002ad7dc56ddee22724c937f
iDEFENSE Security Advisory 2009-03-25.2
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary GIF file to the splash logo parsing code to trigger the vulnerability. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, arbitrary
systems | linux, windows
SHA-256 | 787894ddedba68df8734507477667b37055d76f5f44660bb4cc572517e2626dd
Ubuntu Security Notice 748-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-748-1 - It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service.

tags | advisory, java, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
SHA-256 | a02bfd44068b80cf235a81d4010c10c19e16ccc39c1f3402459054a13c80dcdd
Ubuntu Security Notice 747-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-747-1 - It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2008-1036
SHA-256 | 96301c92b55eb1251fa787ea679ae430a34cc3f9220925097b70d0647b24e62c
PowerCHM 5.7 Stack Overflow
Posted Mar 27, 2009
Authored by Encrypt3d.M!nd

PowerCHM version 5.7 stack overflow proof of concept exploit that creates a malicious .http file.

tags | exploit, web, overflow, proof of concept
SHA-256 | 4cd34d4935a7daecc61e65d90c9a55e20a4cf26857563d6bf7269eff524be479
XM Easy Personal FTP Server DoS
Posted Mar 27, 2009
Authored by Jonathan Salwan | Site shell-storm.org

XM Easy Personal FTP Server versions 5.7.0 and below NLST remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 21c2263d354ebbb7a28f2272d019ee4063f9333a45537cdb40a7c46b2b590569
RatProxy Security Audit Tool
Posted Mar 27, 2009
Authored by Michal Zalewski | Site code.google.com

ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.

Changes: A minor change was made to always output HTTP/1.1 headers to avoid the activation of certain Web server heuristics.
tags | tool, web, sniffer
SHA-256 | 2db436645d5c4fd4aa3e24d589a455b9080aa44753040e6cd39990256867c094
Mandriva Linux Security Advisory 2009-081
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-081 - An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code. This update provides the fix for that security issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0585
SHA-256 | 0218a675d4af22d7953ff8facbadd56fc42d0d245c1acf552ca37aaa99c6e354
Mandriva Linux Security Advisory 2009-080
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-080 - Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input. This update provide the fix for that security issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-4316
SHA-256 | 8546c2803b7d9dd0a567710d603756b33cde91e984e1d57910ee82daf034c3dc
My Simple Forum 7.1 Command Execution
Posted Mar 27, 2009
Authored by Osirys | Site y-osirys.com

My Simple Forum version 7.1 remote command execution exploit that leverages a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
SHA-256 | aecd9473523f12342ec2c7e647e527582de5aa5dbf9dda8a2f7df9a97002f58b
Moodle File Disclosure
Posted Mar 27, 2009
Authored by Christian J. Eibl

Moodle versions below 1.6.9, 1.7.7, 1.8.9, and 1.9.5 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | aa552553b545331fbe147555eb8e8e040f5ae385f870451942ee81c4f820d063
Lynis Auditing Tool 1.2.5
Posted Mar 27, 2009
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds 40+ new tests for services like Dovecot, BIND, PowerDNS, SSH, Exim, and nginx. It has support for the Solaris auditing framework and several improvements to existing tests. Many small bugfixes and output and logging improvements have been made.
tags | tool, scanner
systems | unix
SHA-256 | 8ba51a7b6deb1d0097246edab6e9b6e4f76cc8b6ad720faa23866ca5550bc528
Arcadwy Arcade Script Static XSS
Posted Mar 27, 2009
Authored by Anarchy Angel | Site hha.zapto.org

Arcadwy Arcade Script suffers from a static cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 15be6e01188e229110696aaa1f0177ee492df12302d1569348683a29832d3261
Free PHP Petition Signing Script SQL Injection
Posted Mar 27, 2009
Authored by Qabandi

Free PHP Petition Signing Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
SHA-256 | 9457c6cb0afe5c174c57bbfe49ce480ad55585093fe9b464e9402cf45b4e7bb8
Simply Classified 0.2 SQL Injection
Posted Mar 27, 2009
Authored by G4N0K

Simply Classified version 0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2b8ec0fc4ff6b5fa10d154fa922bd32d12440a9707277c4e0602d5e97daeb02c
Abee Chm Maker 1.9.5 Stack Overflow
Posted Mar 27, 2009
Authored by Encrypt3d.M!nd

Abee Chm Maker version 1.9.5 stack overflow exploit that creates a malicious .cmp file.

tags | exploit, overflow
SHA-256 | d602e21593c366d9cf7ae0532f9a79344cf3231f2cbb2479f0f40c43d6400290
FreeSSHd 1.2.1 Remote Buffer Overflow Exploit
Posted Mar 27, 2009
Authored by r0ut3r

FreeSSHd version 1.2.1 remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | d44ad769be01e8c55430cfb1a0787b3a63957bf90a2c037802a725af589a04bd
Page 3 of 36
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close