exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 55 RSS Feed

Files Date: 2009-04-22 to 2009-04-23

SUSE Security Announcement - Code Execution
Posted Apr 22, 2009
Site suse.com

SUSE Security Announcement - Multiple vulnerabilities were resolved in the CUPS system. These range from various integer and buffer overflows.

tags | advisory, overflow, vulnerability
systems | linux, suse
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183
SHA-256 | 93909dc15080e00a19c372dbcf5e50d9d1de6d8a3def0b16ef4afb39f2ddbc3d
FreeBSD Security Advisory - db Issue
Posted Apr 22, 2009
Site security.freebsd.org

FreeBSD Security Advisory - Some data structures used by the database interface code are not properly initialized when allocated. Programs using the db(3) interface to create Berkeley database files may "leak" sensitive information into database files. If those files can be read by other users, this may result in the disclosure of sensitive information such as login credentials.

tags | advisory
systems | freebsd
SHA-256 | f19636fcc9f3672265dbfa020957a9cea9463d7bdf766613e2c355245a911789
FreeBSD Security Advisory - OpenSSL
Posted Apr 22, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of OpenSSL accessing invalid memory locations. This could be used by an attacker to crash a remote application.

tags | advisory, remote
systems | freebsd
advisories | CVE-2009-0590
SHA-256 | 0af558312bdb0b2a378db3fb4f4e5a435365f4ea7532b84431ff7fb7a55aec6e
SQLMAP - Automatic SQL Injection Tool
Posted Apr 22, 2009
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: New features as described at the presentation given at Black Hat Europe.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | facfe914f0de39c5a38ffe08fd1294e7b88ddeab5eeeaa9496833b49f71fa5b8
Joomla rsmonials Cross Site Scripting
Posted Apr 22, 2009
Authored by jdc

The Joomla RSMonials component suffers cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
SHA-256 | 4fc014b32cc57f62ef9f6b33a42e8e0cda3de3b140b326ce033b9025cccb2b39
WebPortal CMS 0.8beta Remote/Local File Inclusion
Posted Apr 22, 2009
Authored by ahmadbady

WebPortal CMS version 0.8 beta suffers from multiple local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | c9eb52a201c1fe9cc406ebf75cc4cdd7b192a67b78543520c4c04bdf5685b67c
Sun Java Remote Code Execution
Posted Apr 22, 2009
Authored by Thierry Zoller

Sun Java VM versions 6 update 1 and 6 update 2 are susceptible to a remote code execution vulnerability.

tags | advisory, java, remote, code execution
SHA-256 | cc9f245448e9d2a35b3c826e7f61f75d2e36861758f1b13f2c26789140c20c84
Dokeos LMS 1.8.5 Code Execution
Posted Apr 22, 2009
Authored by StAkeR

Dokeos LMS versions 1.8.5 and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 584e9c9177950ed4da6042062cf94c76c7970a655f991c438239afb234bb2919
Counter Strike Source ManiAdminPlugin Remote Crash
Posted Apr 22, 2009
Authored by M4rt1n

Counter Strike Source Mani Admin Plugin version 2 remote crash exploit.

tags | exploit, remote
SHA-256 | 9cab4dec592234e2112c9ed34f856522f4828c2e7fadd59aa3e3625ad4726096
DirectAdmin Local File Overwrite
Posted Apr 22, 2009
Authored by anonymous

DirectAdmin versions below 1.33.4 suffer from a local file overwrite and local root escalation vulnerabilities.

tags | exploit, local, root, vulnerability
SHA-256 | 2fdd4977d213bb5c2935ac3f55fed30ddd739101b5af3e32b4eaf8b45c8688f5
Debian Linux Security Advisory 1778-1
Posted Apr 22, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1778-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting (XSS) attacks because of missing input sanitization of the introduction text field in user profiles and any text field in a user view.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2009-0664
SHA-256 | 8e0d38429163229befdfea8c53107cdf16af82d127ee36f91ccf85c90f4dcf64
Mandriva Linux Security Advisory 2009-094
Posted Apr 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-094 - Multiple vulnerabilities ranging from cross site scripting to denial of service have been fixed in MySQL.

tags | advisory, denial of service, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456
SHA-256 | efe4a9edeb912ca4ab3cdf28f677cd6bbd838e39a3223c60330cb558ed501a11
Mandriva Linux Security Advisory 2009-093
Posted Apr 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-093 - Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute some of these details are obtained from third party information. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-1301
SHA-256 | 7ca24be1927654b44ebed1520ee65a169f5be5f13e784eb0b819508048825518
Flat Calendar Bypass / Cross Site Scripting
Posted Apr 22, 2009
Authored by ZoRLu

Flat Calendar suffers from authentication bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
SHA-256 | cbc69addea41ff9758b302bae6c202c55df4b4738aa3a1d7c37c0ad8bb2e5be9
Xitami Web Server 5.0 Denial Of Service
Posted Apr 22, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Xitami HTTP Server versions 5.0 and below remote denial of service exploit.

tags | exploit, remote, web, denial of service
SHA-256 | 35cb32d7e8deb076c7ece655c1ebee2fc47db30abc7a63c579587e00b7a55c23
OpenNHRP NBMA Next Hop Resolution 0.10.1
Posted Apr 22, 2009
Authored by Timo Teras | Site sourceforge.net

OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.

Changes: This release fixes (most of) the embarrassing bugs in 0.10 that were introduced from the build system rewrite and c-ares integration.
tags | encryption, protocol
systems | cisco, linux
SHA-256 | b9e8e6873e5cfc0b5bff94d7ca06bd1dc5e88d370673299d89b8b8d890b81afa
Complemento Penetration Tools
Posted Apr 22, 2009
Authored by crossbower | Site complemento.sourceforge.net

Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

Changes: Major improvements were made in all tools. LetDown now supports Python scripting for multistage protocols. ReverseRaider has many new DNS features. HttSquash has been rewritten.
tags | tool, web, tcp, rootkit
systems | unix
SHA-256 | 0fc520b857f3d367a876deab158b90287f0d8020981d24071511ca1b200f4d86
Femitter FTP Server 1.03 File Disclosure
Posted Apr 22, 2009
Authored by Stack | Site v4-team.com

Femitter FTP server version 1.03 arbitrary file disclosure exploit.

tags | exploit, arbitrary, info disclosure
SHA-256 | a006235c6dda92824eb6bd609e21ff6c1f93973fc99d70a9f676bcb23525cb77
elkagroup Image Gallery 1.0 File Upload
Posted Apr 22, 2009
Authored by Securitylab Security Research | Site securitylab.ir

elkagroup Image Gallery version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | f0f7b321c3b0c43fd9189968f2bfc9b7776d2ec36be0b6e0ae6e677f32393e5e
5Star Rating 1.0 SQL Injection
Posted Apr 22, 2009
Authored by zer0day

5 Star Rating version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | c8c529137daa99e9cefe0714b795c5e0b5f258c7c75b19e65d467073563ed093
010 Editor Buffer Overflows
Posted Apr 22, 2009
Authored by Le Duc Anh | Site security.bkis.vn

The 010 Editor suffers from multiple buffer overflow vulnerabilities. Proof of concept code included. Versions 3.0.4 and below are affected.

tags | exploit, overflow, vulnerability, proof of concept
SHA-256 | 165db10eef69616281f6faafac84e71c5debd62fb333ccb52ef94a16099b5f08
Secunia Security Advisory 34841
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | 8b2d325456676677887355b789df5519956df5d5b74aa1799871df88bfed599a
Secunia Security Advisory 34760
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Java System Delegated Administrator, which can be exploited by malicious people to conduct HTTP response splitting attacks.

tags | advisory, java, web
SHA-256 | 8d5e4d44cc989c01ce616f9aff073b053c6b6779fde75709ca10dd7ad192c747
Secunia Security Advisory 34843
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially compromise a user's system.

tags | advisory, spoof, vulnerability, xss, csrf
systems | linux, redhat
SHA-256 | ee2323cec18df934763886589060ccbfe8097e8285d9dfc93e3c1c0969dfff34
Secunia Security Advisory 34737
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Juan Pablo Lopez Yacubian has discovered a security issue in Trend Micro OfficeScan Client, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 38efea6a1cb8fdc8bff0381408cc1a2973d83c841e6bcf532c331ab792b8fba7
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close