exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2010-01-12 to 2010-01-13

Technical Cyber Security Alert 2010-12B
Posted Jan 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-12B - Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2010-0018
SHA-256 | f028502ac6dd493464ea3f70a4b114253bffdf66a21c5f0ef3a08a8857e35f91
Zero Day Initiative Advisory 10-02
Posted Jan 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Oracle Secure Backup Services daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2010-0072
SHA-256 | eaab05ade537567d886353e24666c9cfbc4f2f7641f54907b4f4d494d750b97c
HITB Magazine Volume 1 Issue 1
Posted Jan 12, 2010
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 1 Issue 1 -This issue covers LDAP injection, DLL injection, malware obfuscation, and more.

tags | magazine
SHA-256 | 319e8e5f21288a3ea68e38d69615dda7eee252b5dab391cc4f315b76b4c5dfe2
Technical Cyber Security Alert 2010-12A
Posted Jan 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-12A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
SHA-256 | 66318ec5e6b50f8c7a2090961690e97fdf00ea33929d90213571a3434276fabe
Ubuntu Security Notice 881-1
Posted Jan 12, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 881-1 - It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2009-4212
SHA-256 | 31e4fb70f3ecd781baa58da93b9e3297fbb653573906b0bbf267c436cddbf97f
Google Maps Cross Site Scripting
Posted Jan 12, 2010
Authored by Gaurav Baruah, Pratul Agrawal

Google Maps suffered from a cross site scripting vulnerability. This was patched the same day as it was publicly disclosed.

tags | exploit, xss
SHA-256 | ceadd5d42578a51846404a083d2bc06590816e3f1e2797e178d4f40956bf0b98
Calendar Express 2 Cross Site Scripting
Posted Jan 12, 2010
Authored by Sora

Calendar Express 2 version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ef606f40ab468debfd3f62da5185c8d532378a1f2a6d517da4edf92600ea0a07
Apple Iphone/Ipod Denial Of Service
Posted Jan 12, 2010
Authored by mr_me

Apple Iphone/Ipod Udisk FTP Basic Edition version 1.0 suffers from a remote pre-authentication denial of service vulnerability. Proof of concept included.

tags | exploit, remote, denial of service, proof of concept
systems | apple, iphone
SHA-256 | 61c9187af88986c047247c30f3fd179106e0f4b73a5dbf9537e545fd559de528
Mandriva Linux Security Advisory 2010-003
Posted Jan 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-003 - sendmail before 8.14.4 does not properly handle a '\\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for this vulnerability.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-4565
SHA-256 | 6a0b749906bd2570fc2a1ed587e5404a72ae2b8800fbf7d9dcf16049002ad696
Mandriva Linux Security Advisory 2010-002
Posted Jan 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-002 - Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. This update provides pidgin 2.6.5, which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2010-0013
SHA-256 | ac9b6842791f7c730b551d92d7aafc5dc0382a32ff7a90cb3d3e9b3104c96f40
Mandriva Linux Security Advisory 2010-001
Posted Jan 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-001 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2009-3615, CVE-2010-0013
SHA-256 | 3df073cfcd0eb8dacde51434399435c3bc22bb5812e0f65e1f416e204318edd8
LayoutCMS 1.0 SQL Injection / Cross Site Scripting
Posted Jan 12, 2010
Authored by R3d-D3v!L

LayoutCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 1389be10504beb7eafad470b6ddf9eb21fe17c179c11fc003bb67ca3a06a4574
PhPepperShop Webshop 2.5 Cross Site Scripting
Posted Jan 12, 2010
Authored by Crux

PhPepperShop Webshop version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b26f9c3ae0fb777f296c172fe5e17f75a4827fa40abcc3c00c1698b94b5fa9aa
VisioSight Script 1.0 SQL Injection
Posted Jan 12, 2010
Authored by R3d-D3v!L

VisioSight Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 62f19aa4a79cd27fc1db462a23374b12192d65f8ccc3cbb53619c18256915ae4
Commercial CMS 1.0 Cross Site Scripting
Posted Jan 12, 2010
Authored by R3d-D3v!L

Commercial CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 83cb5553d0535b572c30c6cf66384d0a47bd12c1090a4819825893b11ab05777
Docmint CMS 1.0 Cross Site Scripting
Posted Jan 12, 2010
Authored by R3d-D3v!L

Docmint CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5ebc6d390bc32b03d7c27f2c23816ba2079974996115484fd8daf471f7d95203
SBD Directory 4.0 Cross Site Scripting
Posted Jan 12, 2010
Authored by Crux

SBD Directory version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0223518d047c0f92fcb81d523952151b68677830bd13e6946699adb43be48680
IBM Cognos 8 Business Intelligence 8.4.1 Cross Site Scripting
Posted Jan 12, 2010
Authored by Spala Ferenc

IBM Cognos 8 Business Intelligence version 8.4.1 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | a7a2a85ecc50620083d66605c904d469c0a990116e3e0f5b5a3ffc34938dbf2a
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close