what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 46 of 46 RSS Feed

Files Date: 2009-04-07 to 2009-04-08

Secunia Security Advisory 34584
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 85eefbbef65bff0b2cf5b52bff8e2e0ebdd1011e3618663679e77ba1d5ac8804
Secunia Security Advisory 34611
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in various JustSystems Ichitaro products, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | 59dc1c71475b4c2d7d809451ea6b63d62b7a0d3434a3071f52b3f90843b32175
Secunia Security Advisory 34574
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell Client, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 2235d4d573e8d3a4a573e8a9d6d7d0f9380caa7cdde3f58c73cbfb9da418b2db
Secunia Security Advisory 34525
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | e26849bab2f5a50fcf902318a0826e62646d50720e544a3258ecc78be1fa3912
Secunia Security Advisory 34610
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has acknowledged a security issue in xpdf, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, gentoo
SHA-256 | bf58aa72171cb22acc79babf9fb778d3a06e536fc2af3e94099be9adc8e91c3c
Secunia Security Advisory 34615
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | 4af155a49d88a12c489e2fe64491ab94c31dfdcd071c572bbdf07246fe642b64
Gentoo Linux Security Advisory 200904-6
Posted Apr 7, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-06 - An untrusted search path vulnerability in the Eye of GNOME might result in the execution of arbitrary code. James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerability related to CVE-2008-5983. Versions less than 2.22.3-r3 are affected.

tags | advisory, arbitrary, python
systems | linux, gentoo
advisories | CVE-2008-5983, CVE-2008-5987
SHA-256 | f361f11a9332c1aeffbeea882ecce779c48e9eefab14a74b77b88bcdabe26e14
Zero Day Initiative Advisory 09-016
Posted Apr 7, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability. The specific flaw exists within xtagent.exe during the handling of RPC messages over the XTIERRPCPIPE named pipe. Insufficient sanity checking allows remote attackers to dereference an arbitrary pointer which can be leveraged to execute code under the context of the system user.

tags | advisory, remote, arbitrary
SHA-256 | 32382292f4214f0e8c641b7bac69194ef2a7587c703d9da375e05ae3be60b12d
VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow
Posted Apr 7, 2009
Authored by Aaron Portnoy | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is stored within an AVI container file. While playing back such files the function responsible for handling ICM_DECOMPRESS driver messages implicitly trusts a size value while decompressing a frame. Specifically, the dwSize element within an Open-DML standard index RIFF chunk is used as an argument to a memcpy into a static heap buffer. This can be leveraged to execute arbitrary code on the host system under the context of the current user.

tags | advisory, remote, web, arbitrary
advisories | CVE-2009-0910
SHA-256 | 5b96d01fdf360ef9dd8367de0fb2e2fef297fd2fdbe0550ee57ba151b88773e4
VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
Posted Apr 7, 2009
Authored by Aaron Portnoy | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is essentially a recorded session of VNC's RFB protocol. In VMWare's implementation the stream consists solely of FrameBufferUpdate messages (message type 0). However, if the message type of one of these blocks is changed to any value greater than 0x03 a size assumption is made which results in faulty math being applied to a pointer used later in a memcpy. This can be leveraged to execute arbitrary code on the host system under the context of the current user.

tags | advisory, remote, web, arbitrary, protocol
advisories | CVE-2009-0909
SHA-256 | 2283928ddf12b56cdf4fc05ebcfc0623e96e9ad910c43a1a18f92dd7f71ad86f
Baby FTP 1.x Memory Consumption
Posted Apr 7, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Baby FTP server version 1.x remote memory consumption exploit.

tags | exploit, remote, denial of service
SHA-256 | e091c7901d54299f85408260618e841a824fad8f1bc2c4e049cebf959cf47f4b
Positive Technologies - VMware
Posted Apr 7, 2009
Authored by Nikita Tarakanov | Site securitylab.ru

Positive Technologies Research Team has discovered denial of service vulnerabilities in VMware products. The IOCTL handler in hcmon.sys does not properly validate buffer data associated with the Irp object, which allows local users with administrative privileges to crash the system.

tags | advisory, denial of service, local, vulnerability
advisories | CVE-2009-1146
SHA-256 | 8dfa92c260d4fac7e9d8c687edbedf3df93ac8a4ae132c58baa7bd66e23e9527
Positive Technologies - VMware
Posted Apr 7, 2009
Authored by Nikita Tarakanov | Site securitylab.ru

Positive Technologies Research Team has discovered privilege escalation vulnerabilities in VMware products. Buffer overflow vulnerability exists in vmci.sys driver. Local user with administrative privileges can execute arbitrary code with SYSTEM privileges.

tags | advisory, overflow, arbitrary, local, vulnerability
advisories | CVE-2009-1147
SHA-256 | e8d8290d8dfef07338b1189deb335ea179d581425e273da9ba47e663b96875d1
Lynis Auditing Tool 1.2.6
Posted Apr 7, 2009
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release has several new tests and test improvements, like a sudoers file permissions check, a core dumps configuration check for Linux, PHP tests, and an /etc/issue banner test.
tags | tool, scanner
systems | unix
SHA-256 | af94dfcc8909152ca95b233d89bbea2d65c0563b10addf2e84893f8312e82303
Pirelli Discus DRG A225 Vulnerability
Posted Apr 7, 2009
Authored by j0rgan | Site jorgan.users.cg.yu

Whitepaper discussing the Pirelli Discus DRG A226 wifi router WPA2PSK default algorithm vulnerability.

tags | paper
SHA-256 | 339cf90971b6f59fc1b1f8d15ffe572f55b0d908bed0446498d4c99badde656b
Preventing The Spread Of USB Malware
Posted Apr 7, 2009
Authored by Robin Bailey

Whitepaper called Preventing the spread of USB malware.

tags | paper
SHA-256 | 7d4dcd1a95d428f281d7def49c550967bc2918626791f2c8f0c360678b700630
Unsniff Network Analyzer 1.0 Overflow
Posted Apr 7, 2009
Authored by LiquidWorm | Site zeroscience.mk

Unsniff Network Analyzer version 1.0 local heap overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
SHA-256 | dd25612115197a334a40028d6f73ff0fceb6097b5b1f513979bf02ea0d85e6ae
Debian Linux Security Advisory 1763-1
Posted Apr 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1763-1 - It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.

tags | advisory, denial of service, cryptography
systems | linux, debian
advisories | CVE-2009-0590
SHA-256 | 67833f7e6d6fa9214058e01bf4e7eb29a005fff8160d3ee5e1e99b4396c1e949
UltraISO Off By One Overflow
Posted Apr 7, 2009
Authored by Stack | Site v4-team.com

UltraISO versions 9.3.3.2685 and below off by one / buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 591a66d46359b17842e0c7a8f08abfc68a72e240a0fc0ee543f1998fec937516
SQLSUS MySQL Injection Tool
Posted Apr 7, 2009
Authored by sativouf | Site sqlsus.sf.net

sqlsus is a MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure / contents, inject a SQL query, download files from the web server, upload and control a backdoor, and much more.

tags | tool, web, scanner, perl, sql injection
systems | unix
SHA-256 | 9f9cfa06e1801eb3e59dddda7388354b856f69c8267bd68453ece6e43888dcd4
Arcadwy Games CMS SQL Injection
Posted Apr 7, 2009
Authored by PLATEN

Arcadwy Games CMS suffers from a remote SQL injection vulnerability that allows for an authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | b48ba1562c34dd99ce653f2a7ebe282362308c592645d7b6cf1f55e2ef060d4b
Page 2 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close