the original cloud security
Showing 1 - 25 of 31 RSS Feed

Files Date: 2009-11-03 to 2009-11-04

PunBB Extension Attachment 1.0.2 SQL Injection
Posted Nov 3, 2009
Authored by puret_t

PunBB Extension Attachment versions 1.0.2 and below remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | 3136893c3e21b9386a98aee65020cddb
Mandriva Linux Security Advisory 2009-293
Posted Nov 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-293 - Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities.

tags | advisory, remote, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3700, CVE-2009-3826
MD5 | 6691e360fefadb563a9c153a0a89b79c
Mandriva Linux Security Advisory 2009-292
Posted Nov 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-292 - Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file. The wireshark package has been updated to fix these vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3550, CVE-2009-3829
MD5 | cb23f9dc77fe2e41a9c8ec999834c8fb
Xion Audio Player Local Buffer Overflow
Posted Nov 3, 2009
Authored by corelanc0d3r

Xion Audio Player version 1.0 build 121 local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 23e8837a0bd388f45a51407c82508d0f
Zero Day Initiative Advisory 09-075
Posted Nov 3, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-075 - This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to port 389/TCP for handling LDAP requests. When the service processes a search request with an undefined BaseDN, it will become unresponsive resulting in an inability to query or authenticate to that server.

tags | advisory, tcp
MD5 | a6207e2ddeefe8d1c1dd7db9eac8960e
QuahogCon 2010 Call For Papers
Posted Nov 3, 2009
Site quahogcon.org

QuahogCon is a new regional conference for the hacker culture in all forms. Hardware, Software, Security, Social, Eco Hacking, Zero Impact Living. Like most hacker cons, it will run Friday to Sunday. It will be held from April 23rd through the 25th, 2010 at Hotel Providence in Providence, Rhode Island.

tags | paper, conference
MD5 | e3882c4ce79abd9056ba7d7e31738bd9
Secunia Security Advisory 37196
Posted Nov 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | 133a24aa37be3586c21b8e87102f3459
Secunia Security Advisory 37191
Posted Nov 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Documentum eRoom, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 59c64cf1df11d908cc1606337e6c5a33
Kmotion Video Surveillance Front-End
Posted Nov 3, 2009
Authored by David Selby | Site kmotion.eu

kmotion is a Web based video surveillance front end to the "motion" program.

tags | web
systems | linux
MD5 | 44effa72554c34b0327e3c2e55856618
Dradis Information Sharing Tool 2.4.1
Posted Nov 3, 2009
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: This release fixes several bugs in the client and server components.
tags | web
MD5 | 1705042bdcb0f54b1a8254568b7ac06c
GRAudit Grep Auditing Tool 1.3
Posted Nov 3, 2009
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Some signatures have been added to existing databases. There are signature improvements to existing databases. JSP and ASP rulesets have been added. Testing has been improved.
systems | unix
MD5 | 71297a09bd5c378826acc91e44baceb3
Ubuntu Security Notice 850-3
Posted Nov 3, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 850-3 - USN-850-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for Ubuntu 9.10. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3603, CVE-2009-3604, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609
MD5 | 615a66e1dd4df36fda4c6abf13036f82
Obeseus Distributed Denial Of Service Detector
Posted Nov 3, 2009
Authored by Mark Osborne, Simon Ratcliffe | Site loud-fat-bloke.co.uk

Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. Firmware Routines on the card ensure that the attack is identified right down to host/port with zero load on the PCI bus. This is the pre-port to FPGA beta version written in "c" with PCAP and BPF.

tags | tool
systems | unix
MD5 | daf5294c28fe99aa650b018f14d5bb51
Symantec ConsoleUtilities ActiveX Control Metasploit Exploit
Posted Nov 3, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

This Metasploit module exploits a stack overflow in Symantec ConsoleUtilities. By sending an overly long string to the "BrowseAndSaveFile()" method located in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-3031
MD5 | af9c77caa7285c2b431af6ba1a6c948d
Symantec ConsoleUtilities ActiveX Control Buffer Overflow
Posted Nov 3, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

The Symantec ConsoleUtilities Active-X control suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2009-3031
MD5 | 54e293ec4e99e8ca8322b4f95184e2bf
ACROS Security Problem Report 2009-10-30.1
Posted Nov 3, 2009
Authored by ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2009-10-30-1 - There is an HTML Injection vulnerability in the WebLogic server version 10.3 administration console that allows the attacker to gain administrative access to the server.

tags | advisory
MD5 | 055213a8ac416be349c199eccb9b0d75
Whois Server 2.0 Cross Site Scripting
Posted Nov 3, 2009
Authored by ViRuS_HiMa

Whois Server version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f65ac534da1e6ae1755d1f9813b3467
Serv-U 9.0.0.5 WebClient Buffer Overflow
Posted Nov 3, 2009
Authored by Nikolaos Rangos

Rhinosoft.com Serv-U web client version 9.0.0.5 suffers from a remote buffer overflow vulnerability. Proof of concept code included.

tags | exploit, remote, web, overflow, proof of concept
MD5 | 3be5afefa6fef4916df79eb5c41a0972
Joomla 1.5.12 Code Execution Via TinyMCE
Posted Nov 3, 2009
Authored by Luca De Fulgentis

Remote code execution exploit for Joomla 1.5.12 using a file upload vulnerability in TinyMCE.

tags | exploit, remote, code execution, file upload
MD5 | 703dc2699c920bd5ccf7a8f7e74ceef3
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.3.5
Posted Nov 3, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv1 pluto daemon can attach SQL-based address pools to deal out virtual IP addresses as a Mode Config server in either Pull or Push mode. In addition to time based rekeying, the IKEv2 charon daemon supports IPsec SA lifetimes based on processed volume measured in bytes or number of packets.
tags | kernel, encryption
systems | linux
MD5 | 2d0d2409032116f36a0f11f845d7bd89
MapSweeper 1.0 Ping Sweeper
Posted Nov 3, 2009
Authored by 0x90

MapSweeper version 1.0 ping sweeping script.

tags | tool, scanner
systems | unix
MD5 | 52cb58dcce95f8a55f479fd797ec1e3e
Lynis Auditing Tool 1.2.7
Posted Nov 3, 2009
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds AIX support and several new tests related to SSH, logging, databases, and SMTP. Many minor issues are solved or improved.
tags | tool, scanner
systems | unix
MD5 | 62919d09a862f24dffb224f758dcdb9a
Tinc Virtual Private Network Daemon 1.0.11
Posted Nov 3, 2009
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release fixes a potential crash when the HUP signal is sent, fixes unnecessary broadcasts in switch mode, uses UDP in some cases where 1.0.10 fell back to TCP unnecessarily, and allows fast roaming of hosts between nodes in a switched VPN.
tags | encryption
MD5 | ee0b1a3366c6e379cae34be6fa5dcb15
Packet Storm New Exploits For October, 2009
Posted Nov 3, 2009
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 209 exploits added to Packet Storm in October, 2009.

tags | exploit
MD5 | bb96040080cf3c39d940b28a2097613c
Backconnect Script For NetBSD
Posted Nov 3, 2009

This is a back-connect script written for NetBSD and was made as a result of playing with /dev/tcp.

tags | tool, tcp, rootkit
systems | netbsd, unix
MD5 | 7a868f2fae6a808dfc4fb2827b757da1
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close