exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 58 RSS Feed

Files Date: 2010-01-11 to 2010-01-12

2^6 TCP Control Bit Fuzzer
Posted Jan 11, 2010
Authored by ShadowHatesYou

2^6 TCP control bit fuzzer (no ECN or CWR).

tags | tcp, fuzzer
SHA-256 | acfc236162c8e9847ca2d395fb48be29cbbc9dc349fb97ccdf40724996d73882
Mandriva Linux Security Advisory 2009-241
Posted Jan 11, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-241 - The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-2855
SHA-256 | 359a6ed0952583c3522734705aa8adefa5ddc6a19111b88b259ec4d12fd8f36c
Active Calendar 1.2.0 Cross Site Scripting
Posted Jan 11, 2010
Authored by Martin Barbella

Active Calendar version 1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 22b45e544fd05c068437c2e96a47768aa9fe4bb3cbef216acb4e06ce2b7e0327
Mandriva Linux Security Advisory 2009-293
Posted Jan 11, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-293 - Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, remote, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3700, CVE-2009-3826
SHA-256 | 4136321399907bc27e64746ae43e0f3db81f16e01b27c8114f06d8ed2998ba88
Nginx, Varnish, Cherokee, etc Log Injection
Posted Jan 11, 2010
Authored by Francesco Ongaro, Alessandro Tanasi, Giovanni Pellerano | Site ush.it

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496
SHA-256 | ca929167a6a430b66650857a093ae76e47f6db643eb8bafffa59b6ebc10896d0
TCP Session Hijacking
Posted Jan 11, 2010
Authored by Cheese | Site mycheese.org

This is a brief whitepaper discussing TCP session hijacking.

tags | paper, tcp
SHA-256 | 29ad65fefcde17cae95eb16aa1b853b78890e0c39b7905adca97de024a792b97
Mozilla Firefox 3.5.7 Crash Exploit
Posted Jan 11, 2010
Authored by Securitylab Security Research | Site securitylab.ir

Mozilla Firefox version 3.5.7 remote crash exploit.

tags | exploit, remote, denial of service
SHA-256 | 0ee8c1b77978f10aa3bb91fbd53df9ea66760430b290072c3eb2f0d7a763ca49
Safari 4 Remote Crash Code
Posted Jan 11, 2010
Authored by Securitylab Security Research | Site securitylab.ir

Safari version 4 remote crash exploit.

tags | exploit, remote, denial of service
SHA-256 | 8b5b84302b19ed6951e03060c869c34fe06f9e5e32f07adf654a44f1848a62de
Mandriva Linux Security Advisory 2009-316
Posted Jan 11, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The previous (MDVSA-2009:316-2) updates provided packages for 2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased release number which prevented the packages from hitting the mirrors.

tags | advisory, denial of service, perl, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3560
SHA-256 | 65a319ba6e69c9835b128c925cf1694bfae7fe20c0b9a69df9bd5a8c82228cc1
HP StorageWork 1/8 G2 Tape Autoloader Privilege Escalation
Posted Jan 11, 2010
Authored by Sh2kerr, Elazar Broad | Site dsecrg.com

HP StorageWorks 1/8 G2 Tape Autoloader suffers from denial of service and privilege escalation vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2009-2680
SHA-256 | 1796e1effd5dcca9f3b5760999cef870ea8e8cc8bf86fbd5442cd59e0b319642
SSL Sniffing
Posted Jan 11, 2010
Authored by Aokan | Site knyksl.com

Whitepaper called SSL Sniffing. It discusses the basic use of SSL and what types of attack tools and methodologies exist.

tags | paper
SHA-256 | de3b2e24d4c45610d923e09653831838fc578281e0df75ef9fab4c92d3ab4e77
HTMLDOC .html Buffer Overflow
Posted Jan 11, 2010
Authored by fl0 fl0w

HTMLDOC version 1.9.x-r1629 local .html buffer overflow exploit for Win32.

tags | exploit, overflow, local
systems | windows
SHA-256 | 095175a7d02b2fe4657634cc64a4193d580ca5d0b32384de942458135879443f
Tincan LTD SQL Injection
Posted Jan 11, 2010
Authored by altbta

Tincan LTD suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fec0ae445e50e798e33a2cd81299849658d864990587e84346e1b562a2cde925
Terminal Server License Bypass
Posted Jan 11, 2010
Authored by Zorzan Urban Pawel | Site pawelzorzan.eu

This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.

tags | registry, bypass
systems | windows
SHA-256 | 9cec54ca3bf48377115aba5d8a681eeb8b070d26a3b7949518b42ec39e09b6cb
Joomla Dashboard Directory Traversal
Posted Jan 11, 2010
Authored by Fl0riX

The Joomla Dashboard component suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | c8dc4afa32db2c7fff9538abedf0a82b39026af0143e94a5ff17421ea64f5b54
Mandriva Linux Security Advisory 2009-227
Posted Jan 11, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-227 - The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3111
SHA-256 | b9e443db5e40a60f2453ff51932c75cc3434451f8eaece99ee58302b7f954628
Image Hosting Script Shell Upload
Posted Jan 11, 2010
Authored by R3d-D3v!L

Image Hosting Script suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | d6d3adf51db6e7b299b1f8c419f01679a7a6b16c0b735b570ec7f7ef6950fad4
ALPHA3 Shellcode Encoder
Posted Jan 11, 2010
Authored by SkyLined | Site code.google.com

ALPHA3 is an alphanumeric shellcode encoder.

tags | shellcode
SHA-256 | ce340cf911a3c7c4b4d3e13db65c19e98a5ba76465416bba9e7ded0b446353e5
CMScontrol 7.x Shell Upload
Posted Jan 11, 2010
Authored by Cyber_945

CMScontrol version 7.x suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | ef3f8d17c66f71b88c5efa2af8a406c9dd74eea1b0c695c976f46886dc96b11e
tagcloud.swf Cross Site Scripting
Posted Jan 11, 2010
Authored by MustLive

Approximately 34 million tagcloud.swf files on the Internet suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a08201662495412c103ae59c8fb8e98c443eed4b23c61bb8f3041cb0b3eaf03e
vBulletin adminCP Cross Site Scripting
Posted Jan 11, 2010
Authored by Ashiyane Digital Security Members

vBulletin adminCP version 3.8.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d4e3644091f7c2cc7eafc68997c66ed25f03e37287f5dc7b72bc3b5a95c94aba
Surge-FTP Cross Site Scripting
Posted Jan 11, 2010
Authored by FB1H2S

Surge-FTP suffers from an administrative web interface cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 3647c9dbf6a9fe304ceceda29eece4259647eb66d41dcee1ea92100a3f07a88d
JunOS Malformed TCP Options Denial Of Service
Posted Jan 11, 2010
Authored by Jeremy L. Gaddis | Site evilrouters.net

JunOS malformed TCP options remote denial of service exploit.

tags | exploit, remote, denial of service, tcp
SHA-256 | 4a02ff0a157e6b665f0d093d25f8dbc8bcdc06da82a4c13c576b752c9a18a7fb
easyAdmin2Pro Cross Site Scripting
Posted Jan 11, 2010
Authored by lossless | Site secworm.net

easyAdmin2Pro suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | ba74bafb4196e0b1a769cca4fedf7fec8e5ee97f9da06d6b0be472c2e6ab6ab4
Mandriva Linux Security Advisory 2010-000
Posted Jan 11, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-000 - The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Additionally, some packages which require so, have been rebuilt and are being provided as updates.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
SHA-256 | 938d074ddb448c4a301e309d29f8b3bd05108a8a5b85998c158cd629fa6afcd1
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close