exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 112 RSS Feed

Files Date: 2009-07-28 to 2009-07-29

Technical Cyber Security Alert 2009-209A
Posted Jul 28, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-209A - Microsoft has released out-of-band updates to address critical vulnerabilities in Microsoft Internet Explorer running on most supported versions of Windows. The updates also help mitigate attacks against ActiveX controls developed with vulnerable versions of the Microsoft Active Template Library (ATL).

tags | advisory, vulnerability, activex
systems | windows
advisories | CVE-2008-0015
SHA-256 | ff15492f51e1c3ec3ea228997a0e2940c2a7dddf7f3bf187c4c40e15f9d53421
Mandriva Linux Security Advisory 2009-172
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-172 - ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding. This update provides fixes for this vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-1892
SHA-256 | 48e39060a642bf4ad5cb8769383ababf8543344a7f64bf54d487c6acbfd21677
Mandriva Linux Security Advisory 2009-171
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-171 - Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link. This update provides fixes for this vulnerability.

tags | advisory, local, root
systems | linux, mandriva
advisories | CVE-2009-1894
SHA-256 | 849044bfba62baf25c7bf418a0814ff3799bad71d9160681d6e575fa4b939f3e
Mandriva Linux Security Advisory 2009-170
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-170 - Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability.

tags | advisory
systems | linux, mandriva
SHA-256 | 1565d56f2db7d5eaae05cc381285e663c59788e86fc1ce87181939fa3cb5d464
Tukanas EasyClassifieds 1.0 Blind SQL Injection
Posted Jul 28, 2009
Authored by Moudi

Tukanas EasyClassifieds version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2980569ebddbaade4f399d70cfc2aa316e309a8642bfdb432ba5bc94974e7b49
Matterdaddy Market 1.2 SQL Injection / XSS
Posted Jul 28, 2009
Authored by Moudi

Matterdaddy Market version 1.2 suffers from blind SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | a9a7c4195b14ef5d85be3bb590f9b8b74ce4ed89fa26c81b767fa23d65973ac2
Open Classifieds Cross Site Scripting
Posted Jul 28, 2009
Authored by Moudi

Open Classifieds suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6623168b4187d87ea1db4ea0f67eb88781e3882af3c712e0a9696e5a60500cc0
Mandriva Linux Security Advisory 2009-169
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
SHA-256 | 90aff0a5960233fb9cd84f73ebc463ce903c3508c40dd8edf5d93294d238679a
Mandriva Linux Security Advisory 2009-168
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-168 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 51af7fbbcf69f4c39daf6a87f28edbccbdb261cd9fcbdb694531c6f7bf7e57f2
Mandriva Linux Security Advisory 2009-167
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-167 - A vulnerability has been found and corrected in PHP.

tags | advisory, php
systems | linux, mandriva
SHA-256 | 78092a6755f59a7310d2adefece6d0b397d9b47ad980db946f8c73fc3e12d8be
Mandriva Linux Security Advisory 2009-166
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-166 - Security vulnerabilities have been identified and fixed in University of Washington IMAP Toolkit.

tags | advisory, vulnerability, imap
systems | linux, mandriva
advisories | CVE-2008-5005, CVE-2008-5006, CVE-2008-5514
SHA-256 | efb93b709e59a4b2cfba40c48694f2651bf24a6b31db1a0f68125f4481c3be16
Mandriva Linux Security Advisory 2009-165
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-165 - Multiple security vulnerabilities have been identified and fixed in ghostscript.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522
SHA-256 | 5cf24eebbe56a194ea9cc2bb03c4bd19320dac24d63dee63d41a6250ab218361
Mandriva Linux Security Advisory 2009-164
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-164 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | fbcfb12e4936b56d1c5970de9f62efc23910b68cde27f78e2bbb884450d097ca
HP Security Bulletin HPSBMA02438 SSRT090092
Posted Jul 28, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with certain HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The HP ProLiant Onboard Administrator Powered by LO100i was formerly known as HP Lights Out 100.

tags | advisory, denial of service
advisories | CVE-2009-1426
SHA-256 | 5f59eec9f6f05e9e6515a2765414a272adefb5f0a4e30ab69981da6369878d4f
Linux eCryptfs parse_tag_3_packet Encrypted Key Overflow
Posted Jul 28, 2009
Authored by Ramon de C Valle | Site risesecurity.org

There exists a vulnerability within a function of Linux eCryptfs (Enterprise Cryptographic Filesystem), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability was confirmed in the Linux kernel version 2.6.30.3. Linux kernel versions 2.6.19 and later have eCryptfs support and may be also affected.

tags | advisory, kernel
systems | linux
SHA-256 | 7b90cdef75ea3af4a2047adeb9c65aac0fa6972888b9744805e91c76e8afce1a
Linux eCryptfs parse_tag_11_packet Literal Data Overflow
Posted Jul 28, 2009
Authored by Ramon de C Valle | Site risesecurity.org

There exists a vulnerability within a function of Linux eCryptfs (Enterprise Cryptographic Filesystem), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability was confirmed in the Linux kernel version 2.6.30.3. Linux kernel versions 2.6.19 and later have eCryptfs support and may be also affected.

tags | advisory, kernel
systems | linux
SHA-256 | 0f6b82fb65eaf4098684c2a395ac109857a9ba2417bbdefbbffd6286eb1d03d7
WINMOD 1.4 Stack Overflow
Posted Jul 28, 2009
Authored by corelanc0d3r

WINMOD version 1.4 local stack overflow exploit that creates a malicious .lst file. Written for XP SP3.

tags | exploit, overflow, local
SHA-256 | 8c07052e937f6acc8622a266a6820c966901dc309de2d34ea3a6b4873ef08a66
Millenium MP3 Studio 1.0 Stack Overflow
Posted Jul 28, 2009
Authored by corelanc0d3r

Millenium MP3 Studio version 1.0 local stack overflow exploit that creates a malicious .mpf file.

tags | exploit, overflow, local
SHA-256 | 0af0d3a7795f086848c3723f0f6e8f2bc1a8f4ca6627a7719a229b069ee8adc6
Ultrize TimeSheet 1.2.2 Remote File Inclusion
Posted Jul 28, 2009
Authored by NoGe

Ultrize TimeSheet version 1.2.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 814e5424aba3497032d6963446d249069f9dd5ca02dfde67713f1451e9932325
TinyBrowser 1.41.6 XSS / XSRF / Creation
Posted Jul 28, 2009
Authored by Aung Khant | Site yehg.net

TinyBrowser version 1.41.6 suffers from cross site scripting, cross site request forgery, arbitrary directory creation, and arbitrary file hosting vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, csrf
SHA-256 | cb07e4dc02943a128c2579eb1127cef6429f94fbd7ee07b41c0f56e131a5c4ee
Core Security Technologies Advisory 2009.0707
Posted Jul 28, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected 'op_connect_request' message with invalid data to the server. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
advisories | CVE-2009-2620
SHA-256 | 90ecc7675d7352bdb4c265d9a2f0486a70e7b76913144d97837f2fbf6942280f
Cisco Security Advisory 20090728-activex
Posted Jul 28, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site. Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, web, code execution
systems | cisco
SHA-256 | 89363772f5abd30f6e34ae1bd93bd50c99591046179f0aee078e2c1f7c4e3d6d
PaoLiber 1.1 Authentication Bypass
Posted Jul 28, 2009
Authored by SirGod | Site insecurity.ro

PaoLiber version 1.1 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 3e75ad6cf1570cfe4de68444472d9da08ee883e7b42ed874fc8e29ad75faaff8
PaoBacheca Guestbook 2.1 Authentication Bypass
Posted Jul 28, 2009
Authored by SirGod | Site insecurity.ro

PaoBacheca Guestbook version 2.1 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 0a63ae742abf026093faa45bcd32838b2d59e7876baef5dab44a1991b601cfd7
PaoLink 1.0 Authentication Bypass
Posted Jul 28, 2009
Authored by SirGod | Site insecurity.ro

PaoLink version 1.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 745d46c961489d8851f6fcdd38783e3446777875d8663f7f706ab6d8e1cef842
Page 1 of 5
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close