exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2009-09-29 to 2009-09-30

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Posted Sep 29, 2009
Authored by laurent gaffie

This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.

tags | exploit
systems | windows
advisories | CVE-2009-3103
SHA-256 | ea2b810d8a275178be0dfc2ccca862cb1f378b8ed6266f448f49b3fcfd6fdeb8
FlatPress Local File Inclusion / Command Execution
Posted Sep 29, 2009
Authored by Giuseppe Fuggiano

FlatPress versions 0.804 through 0.812.1 are vulnerable to a local file inclusion vulnerability that allows for remote command execution.

tags | exploit, remote, local, file inclusion
SHA-256 | 4dd1daafaed7571a46676a5c0128eb90a99e59d95cbf94db05bfc143a1943c38
OpenSCAP Libraries 0.5.3
Posted Sep 29, 2009
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.

Changes: Many improvements in OVAL support, including system characteristics and results format, memory management improvements, and the addition of most probes needed for OVAL to evaluate Linux systems. An initial XCCDF API has been added.
tags | protocol, library
SHA-256 | 0c039847d86afe125a043304d5e02d2d4b3de233c83eba9f8c616909e44f7f20
IBM Installation Manager 1.3.0 Code Execution
Posted Sep 29, 2009
Authored by Nine:Situations:Group::Bruiser | Site retrogod.altervista.org

IBM Installation Manager version 1.3.0 and below iim:// URI handler remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 4d3ad59494e57d7bedc2cfd2ca2fcbf85ee505f8f145cd2ab76b18d1c9f6c570
EMC KeyWorks KeyHelp Buffer Overflow
Posted Sep 29, 2009
Authored by Nine:Situations:Group::pyrokinesis | Site retrogod.altervista.org

Multiple EMC products remote buffer overflow exploit that takes advantage of keyhelp.ocx version 1.2.312.

tags | exploit, remote, overflow
SHA-256 | 861211011ec04b8ec31d45c7a4403ea58f6c226627dbdec4741e684a617b6b6f
Oracle Document Capture BlackIce Stack Buffer Overflow
Posted Sep 29, 2009
Authored by Nine:Situations:Group::pyrokinesis | Site retrogod.altervista.org

Oracle Document Capture BlackIce DEVMODE Active-X related remote stack-based buffer overflow exploit.

tags | exploit, remote, overflow, activex
SHA-256 | f87679f2b3d8baad72aa6db816a0125c42a2918130b43bccf764d8def1f3dd78
HP LoadRunner 9.5 File Creation
Posted Sep 29, 2009
Authored by Nine:Situations:Group::pyrokinesis | Site retrogod.altervista.org

HP LoadRunner version 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation proof of concept exploit.

tags | exploit, remote, proof of concept
SHA-256 | 768a53821af4fde79d580a63870f6f429503fd30279cee4a32400f9427e0122a
Oracle Document Capture BlackIce Command Execution
Posted Sep 29, 2009
Authored by Nine:Situations:Group::pyrokinesis | Site retrogod.altervista.org

Oracle Document Capture BlackIce DEVMODE Active-X related remote command execution exploit.

tags | exploit, remote, activex
SHA-256 | bf83d52218e9fa39a7b0bd3571b7981a25bac0078fd1ce84ec57dc0d16ffc7a2
Adobe Photoshop Elements 8.0 Privilege Escalation
Posted Sep 29, 2009
Authored by Nine:Situations:Group::pyrokinesis | Site retrogod.altervista.org

Adobe Photoshop Elements 8.0 Active File Monitor Service suffers from a bad security descriptor local elevation of privileges vulnerability.

tags | exploit, local
SHA-256 | f86b1fd7b15d1b7e7a42902dfb35784ffde8f8a5ebc4700dd28f5494a936881b
WinRAR 3.80 Filename Spoofing
Posted Sep 29, 2009
Authored by chr1x

WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability.

tags | advisory, spoof
SHA-256 | 4880f2bb7f9786ba0a35c233213dc63a64301bccc3f90b77bbd582104b13228f
Dam Burst 1.2
Posted Sep 29, 2009
Authored by Jon Oberheide | Site jon.oberheide.org

Dam Burst is a simple utility that allows an unprivileged user to disable the censorship functionality of the Green Dam Youth Escort software. Dam Burst operates by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity, effectively restoring the running application to its original uncensored state.

SHA-256 | 0673f6b2281b49995b2f6ade3bc6f690015861420aff1882e86d5ffc75e31757
Secunia Security Advisory 36890
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in IBM DB2, where one has an unknown impact and others can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | 5c7e64e3f61f81bd28c14c8a7d3d3a50e6c84d636d29a9bd2406fb4f9d9a85b1
Secunia Security Advisory 36853
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | bcd405b9cf930dd891dca271c5bde6948a78a4cbe646546f60396fbfb2199cd6
Secunia Security Advisory 36829
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Juniper JUNOS, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability, xss
systems | juniper
SHA-256 | ff336aee48286760e80863adca35d837537d0a96d522947d63390276b9b180ba
Secunia Security Advisory 36904
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service) or compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 4c2cfd3818a8f77b03e5722dad47fd062a6cc8a79dc67660feb996fd8fb8a3ce
Secunia Security Advisory 36911
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP Remote Graphics Software (RGS), which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, remote
SHA-256 | 413ea69c81359d8bf5dd6cd4cd1c7f6310008a92f13dceda0dd94a811a2e108e
Secunia Security Advisory 36880
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Maxim A. Kulakov has reported a vulnerability in multiple TrustPort products, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | f695aee2239890be2826be4832470dc877300f43266831c261e9aa13c7b05735
Secunia Security Advisory 36860
Posted Sep 29, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the FireFTP extension for Firefox, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | 579d2b36eeb19a245196f25975126d719c06817e86340b16c46b66271c575c8b
E107 eCaptcha Cross Site Scripting
Posted Sep 29, 2009
Authored by MustLive

The E107 eCaptcha plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ce9b99226830c2e16bbd2cbe66a2246d99e928fdce2ecf419bc3fe81294b059b
HP Security Bulletin HPSBMA02461 SSRT090187
Posted Sep 29, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender. The vulnerability could be exploited remotely to gain unauthorized access.

tags | advisory, remote
advisories | CVE-2009-2683
SHA-256 | 61aac50aed82ed61d95afc86a3635a160842974cdef3f4e95600038803bbfd87
Trustport Security Software Privilege Escalation
Posted Sep 29, 2009
Authored by ShineShadow

TrustPort Antivirus version 2.8.0.2265, Antivirus Business version 2.8.0.2265, PC Security version 2.0.0.1290, and PC Security Business version 2.0.0.1290 suffer from a local privilege escalation vulnerability.

tags | advisory, local
SHA-256 | a03d13ef3d07de36c52c5c404d29288885fcc3dbeddbe2d172ec9c52bed2d620
Debian Linux Security Advisory 1897-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2009-3236
SHA-256 | 74849428a088e248caf5775fc100bbbb2aa65fc2d2b0257a92f72ae1150aacd1
TOR Navigator Alpha 0.0.2
Posted Sep 29, 2009
Site tornavigator.com

TorNavigator is a Web browser dedicated to the TOR network, which allows people and groups to improve their privacy on the Internet by hiding their IP address through a network of virtual tunnels. TorNavigator includes a built-in Tor server and provides the ability to choose or ban countries in order to use an IP address from a specific country. The Privoxy local proxy is used for better privacy.

Changes: The cross platform Qt4 code should now compile under Win32 without major difficulties. Please note that specific Win32 Qt4 DLLs are expected to be found in the same directory as the TorNavigator executable. Tor 2.1.19 and Privoxy are included and are directly configured by TorNavigator, so it is no longer necessary to install them separately.
tags | tool, web, local, peer2peer
SHA-256 | 32674f1424b862fa79b632eb06f5ba44acc0791bf10685c9585f835e210c2c21
Libcap-NG Library 0.6.2
Posted Sep 29, 2009
Site people.redhat.com

The libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.

Changes: This release adds pkg-config support, cleans the prctl syscalls, and drops capabilities in pscap.
tags | library
SHA-256 | 1d230a03c7e6adf1c761730bf27cee694d6658e97581c9507e993c80a1fab0ff
Ubuntu Security Notice 838-1
Posted Sep 29, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-838-1 - It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-4577, CVE-2008-5301, CVE-2009-2632, CVE-2009-3235
SHA-256 | 5fd61a6a6d760fcf2bd0a9d66e294c6897bc30e1df8871482b661db6a9b066a1
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close