what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 61 RSS Feed

Files Date: 2009-10-12 to 2009-10-13

Redcat Media SQL Injection
Posted Oct 12, 2009
Authored by s4va | Site s4vaworld.uni.cc

Redcat Media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 984967924818b023e541fa816345649b23bbecb49df6da3062b21c7b5a816850
ProFTPd 1.3.0 mod_ctrls Local Root Exploit
Posted Oct 12, 2009
Authored by Michael Domberg | Site devtarget.org

ProFTPd version 1.3.0 mod_ctrls local stack overflow root exploit that binds a shell to port 19091.

tags | exploit, overflow, shell, local, root
SHA-256 | ddbfe7d762887600b38f4dc106d97604c67613c6e9563372c4756a28d17514cf
Community Translate Remote File Inclusion
Posted Oct 12, 2009
Authored by NoGe

Community Translate suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | eb9d8d5f7d4d5475c8d8aec5b0e9fb4b015f094541834165b3af87ba4060c8a0
Dazzle Blast Remote File Inclusion
Posted Oct 12, 2009
Authored by NoGe

Dazzle Blast suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | c0a9882a25b0baec5354b1a9aa09393eff40563e543d9a5acb3afdf2e57319a9
Femitter HTTP Server 1.03 Source Disclosure
Posted Oct 12, 2009
Authored by Dr_IDE

Femitter HTTP Server version 1.03 suffers from a remote source disclosure vulnerability.

tags | exploit, remote, web, info disclosure
SHA-256 | a11dd700693b3a09f49debd22f4c8ed5802775ea8ca7c11a855906015e2c7af2
httpdx 1.4.4 Source Disclosure
Posted Oct 12, 2009
Authored by Dr_IDE

httpdx versions 1.4.4 and below suffer from a remote source disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | d534f4b30f574c562fa9ed0edea96cb9b7807bfdc9994df7539e31609e5b333f
Debian Linux Security Advisory 1906-1
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1906-1 - Security support for clamav, an anti-virus utility for Unix, has been discontinued for the stable distribution (lenny) and the oldstable distribution (etch). Clamav Upstream has stopped supporting the releases in etch and lenny. Also, it is not easily possible to receive signature updates for the virus scanner with our released versions anymore. We recommend that all clamav users consider switching to the version in debian-volatile, which receives regular updates and security support on a best effort basis.

tags | advisory, virus
systems | linux, unix, debian
SHA-256 | 0f4de8d25aeb1bb792fe27f5653a50c3ad4752748c0e10b20659914f8d142f55
Debian Linux Security Advisory 1905-1
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1905-1 - The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library.

tags | advisory, web, denial of service, python
systems | linux, debian
SHA-256 | bbc7b5ca1f7313a8b47ce7849ddb2298f98a13a5604da52b294e7f4240252f5c
Debian Linux Security Advisory 1895-2
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1895-2 - In DSA-1895-1, the xmltooling package was updated to address several security issues. It turns out that the change related to SAML metadata processing for key constraints caused problems when applied without the matching changes in the opensaml2 and shibboleth-sp2 packages.

tags | advisory
systems | linux, debian
SHA-256 | 42ee500630c391f0bd1b867544da7addd5eb4738ae51b388ebf2e124ab0a1a35
Simple Directory Listing Cross Site Scripting
Posted Oct 12, 2009
Authored by Amol Naik

Simple Directory Listing version 2.1_beta1 suffers a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8d2ff015913796d7b4bab88f5c1731ca1a8663ba417a22927613b560dcb0e68d
Mandriva Linux Security Advisory 2009-272
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-272 - libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. This update fixes these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2007-6720, CVE-2009-0179
SHA-256 | ac59271992e5eb34115a5371afea04b609727df16b03ae54d054c02a8bba5596
Mandriva Linux Security Advisory 2009-271
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-271 - nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. This update fixes this vulnerability.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2009-0125
SHA-256 | bbcbdb518b5d8b7808f0aee015897e1c7cc54a9c8ad5c2f6ca6a9bfcd720d8a0
Mandriva Linux Security Advisory 2009-270
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-270 - Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. This update fixes this vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3241
SHA-256 | 9a1daa316c35e1baddcf70f6ae01de04b3112d18f4ea1479405f2b3f7206ee1f
Mandriva Linux Security Advisory 2009-269
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-269 - The XML HMAC signature system in mono did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0217
SHA-256 | 98f6697d9cf09bb45bb080488af86cfc2efa174ebb20dbc53a7a8d92b104c124
Mandriva Linux Security Advisory 2009-268
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-268 - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes these vulnerabilities.

tags | advisory, remote, web, arbitrary, vulnerability, xss, asp
systems | linux, mandriva
advisories | CVE-2008-3422, CVE-2009-0217
SHA-256 | 0e41155cc42ddb5a5c21302a350227e68f876395d4400da79f4e4a1a818f4720
Mandriva Linux Security Advisory 2009-267
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-267 - A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. This update fixes this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0217
SHA-256 | f7143c170e1b9f4aaddef63897e6ef985b74abe57270b1b7585b898c8eea1aea
Mandriva Linux Security Advisory 2009-266
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-266 - awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site this issue exists because of an incomplete fix for CVE-2008-3714. This update fixes this vulnerability.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2008-5080
SHA-256 | d513d6585d954aa8f9ad1097ae4518509989e56a48d4b0ae1b39238d22ee7c07
Mandriva Linux Security Advisory 2009-265
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-265 - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. This update fixes this vulnerability.

tags | advisory, remote, php, protocol, xss
systems | linux, mandriva
advisories | CVE-2008-1502
SHA-256 | 36a689eb68f1cedd3c16715e45a27e48b89433e55d508e9574667141eb5eb607
Mandriva Linux Security Advisory 2009-264
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-264 - Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. The updated packages have been patched to prevent this.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2007-3996
SHA-256 | 0c3e84909471c50a9b07d973c3ae6e1b17aca9fdb881fc457449deeb49d0b232
Mandriva Linux Security Advisory 2009-263
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-263 - sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. This update fixes this vulnerability.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-4476
SHA-256 | 0e7fcc5716e7a760122da87edbaa4584cdcdb8c3ad9270b5f2bdd7aea7d00d15
Ubuntu Security Notice 847-2
Posted Oct 12, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 847-2 - USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-2946
SHA-256 | a0c0a418e5ffcdc58b1be1ff537ea8f50f3ede9d95754dd6f137056600238dad
Security Notice For CA Anti-Virus Engine
Posted Oct 12, 2009
Authored by Ken Williams | Site www3.ca.com

CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, virus
advisories | CVE-2009-3587, CVE-2009-3588
SHA-256 | 1dc4058c8e774be29fddef6f172c726958c3daac8818e3613e4ed1638ebe3c6f
Netifera Tool Creation Platform 1.0 - Mac OS X
Posted Oct 12, 2009
Site netifera.com

Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. This is the Mac OS X release.

tags | tool
systems | unix, apple, osx
SHA-256 | 625fa7db924a919cf300b2d4ba6b35f0d214ecb0b0ae13252000931abdba399b
Netifera Tool Creation Platform 1.0 - Linux
Posted Oct 12, 2009
Site netifera.com

Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. This is the Linux release.

tags | tool
systems | linux, unix
SHA-256 | c3bf25aa379004ac4de34162364225035d128014e6380d69605b08755d0c81e5
EZsneezyCal CMS Remote File Inclusion
Posted Oct 12, 2009
Authored by kaMtiEz | Site indonesiancoder.com

EZsneezyCal CMS version 95.1 through 95.2 remote file inclusion exploit.

tags | exploit, remote, code execution, file inclusion
SHA-256 | d98f0d4acacdad8e37e4efd16be28050426b9c03e042ce8557ccd544deadfc9a
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close