what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 82 RSS Feed

Files Date: 2010-01-14 to 2010-01-15

Asp Vevocart Control System 3.0.4 Database Disclosure
Posted Jan 14, 2010
Authored by indoushka

Asp VevoCart Control System version 3.0.4 suffers from a database disclosure vulnerability.

tags | exploit, asp, info disclosure
SHA-256 | 6976cde132834283c3dc30393ebb2b91b84d3b0ea4919ebf35e01b483d3fe32c
Mandriva Linux Security Advisory 2010-005
Posted Jan 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-005 - The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0846, CVE-2009-0847
SHA-256 | 223f0994d0723ca2175893ca70bd32bd5f955a4de328b10243b97f36ad8d9037
Nemesis Player Denial Of Service
Posted Jan 14, 2010
Authored by Rehan Ahmed | Site rewterz.com

Nemesis Player versions 1.1 Beta and 2.2 local denial of service proof of concept exploit that creates a malicious .nsp file.

tags | exploit, denial of service, local, proof of concept
SHA-256 | 07deac516fa7221bb6813bd771b9a395740361d6f1611c8daf7f929cbc501694
Gentoo Linux Security Advisory 201001-8
Posted Jan 14, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-8 - Multiple vulnerabilities were found in SquirrelMail of which the worst results in remote code execution. Versions less than 1.4.19 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2009-1381, CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581
SHA-256 | 79b67914b106df3b61ec634b24ec4b26b65f59c9160a95eb40b09212c2f69ae2
Gentoo Linux Security Advisory 201001-7
Posted Jan 14, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.

tags | advisory, arbitrary, python
systems | linux, gentoo
advisories | CVE-2008-4863
SHA-256 | d3757185463cd9fc168c7f705922658f8d6ef78452b0a83331a107ab332746d7
Espace De Reflexion Cross Site Scripting
Posted Jan 14, 2010
Authored by ViRuSMaN

Espace De Reflexion suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3d1a505658aa7b39049df8fc2de6a5ac4d359b0c95db2a212a578d88f68514c9
Joomla Tienda Cross Site Scripting
Posted Jan 14, 2010
Authored by Fl0riX

The Joomla Tienda component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d1a783e70556e3ade23b7a99cee18874dace85f7addafb84cb0a3bc9a0e88352
Gentoo Linux Security Advisory 201001-6
Posted Jan 14, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-6 - A buffer overflow and a format string vulnerability in aria2 allow remote attackers to execute arbitrary code. Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string vulnerability in the AbstractCommand::onAbort() function in src/AbstractCommand.cc (CVE-2009-3617). Versions less than 1.6.3 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-3575, CVE-2009-3617
SHA-256 | a822c30e2007d9b78c0ec1cdfdf55abc50eba637e11d4a6e5018cd45a55e7e84
StivaSoft 1.0 Cross Site Scripting
Posted Jan 14, 2010
Authored by PaL-D3v1L

StivaSoft version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 66ee111d7c57f5073ca6a6dc9f6b6326001ccc19b82e8a9682666c91edf3f4dc
TribisurCMS Cross Site Scripting
Posted Jan 14, 2010
Authored by ViRuSMaN

TribisurCMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e8ac7484e385afbcd82e407b99c25c5013156d9f9687052673f997db03e77f94
Yoono Firefox Extension Injection
Posted Jan 14, 2010
Authored by Nick Freeman | Site security-assessment.com

Yoono Firefox extension versions prior to 6.1.1 suffer from a code injection vulnerability.

tags | advisory
SHA-256 | bfd84bf3aba12e7c69cc818f02ce6095d73f9701b829ecb83f65ad5699232b91
iDEFENSE Security Advisory 2010-01-12.1
Posted Jan 14, 2010
Authored by iDefense Labs, Code Audit Labs | Site idefense.com

iDefense Security Advisory 01.12.10 - Remote exploitation of a memory corruption vulnerability in multiple versions of Adobe Systems Inc.'s Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected. Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2009-3955
SHA-256 | 139823d91661e5fccdd9d31846177997f1dc0fdf3d4259d9e33d6b309d80589c
Technical Cyber Security Alert 2010-13A
Posted Jan 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-13A - Adobe has released Security bulletin APSB10-02, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

tags | advisory, vulnerability
SHA-256 | f4bf53ec228a26f9f042e920f4fee3fc57a22155c7ff1bed635761ece4adbf70
Debian Linux Security Advisory 1970-1
Posted Jan 14, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1970-1 - It was discovered that a significant memory leak could occur in openssl, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded.

tags | advisory, denial of service, memory leak
systems | linux, debian
advisories | CVE-2009-4355
SHA-256 | 9749f4b5342fe7276702d2012abb05c19cc70639bcbead7ea8ba625ddd558a15
Joomla Article Manager SQL Injection
Posted Jan 14, 2010
Authored by Fl0riX

The Joomla Article Manager component suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | efab829103423956ef726413bbab774b1d91c7ee9fad2e446f377258f19ee484
Powered By Traidnt UP 1.0 Insecure Cookie
Posted Jan 14, 2010
Authored by indoushka

Power By Traidnt UP version 1.0 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
SHA-256 | 926e95c2249f73e7d86c2bebce22168a8e5aa965dd549664522178c3ee03afc0
Dodo Upload 1.3 Shell Upload
Posted Jan 14, 2010
Authored by indoushka

Dodo Upload version 1.3 suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 96b41507587b2c38fc116ec546ff1d78be442ccb668311a5a00599c5cca4ed97
Gentoo Linux Security Advisory 201001-5
Posted Jan 14, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-5 - A remote attacker can bypass the tcp-wrappers client authorization in net-snmp. The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Versions less than 5.4.2.1-r1 are affected.

tags | advisory, remote, tcp
systems | linux, gentoo
advisories | CVE-2008-6123
SHA-256 | 2bc5ca3efe008eecf59b335175b33247f291233c3a8ffef898d219066709f07b
Gentoo Linux Security Advisory 201001-4
Posted Jan 14, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-4 - Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Versions less than 3.0.12 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3692, CVE-2009-3940
SHA-256 | 3606c9f3bb210a3c7c931fc18ff5f61ea8e172627b138ac29e2bb607f42a5d39
Hesk Help Desk Cross Site Request Forgery
Posted Jan 14, 2010
Authored by The.Morpheus

Hesk Help Desk suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 9874c8de3232fac3291047fe238475fb386cb0475c6c001211f36969978ef5b4
Ubuntu Security Notice 883-1
Posted Jan 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 883-1 - It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users' network connection passwords and pre-shared keys.

tags | advisory, remote, local, spoof
systems | linux, ubuntu
advisories | CVE-2009-4144, CVE-2009-4145
SHA-256 | ab33674fe5c889754644b55791e3cbfe63a0cd1b80bcb8efbe5b53f312faf956
Ubuntu Security Notice 882-1
Posted Jan 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 882-1 - Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions.

tags | advisory, remote, denial of service, php, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2009-2626, CVE-2009-4142, CVE-2009-4143
SHA-256 | cd84529d17d2626ad3cfc09945cde3a151f1ded241b92b2d05de3bbf06264243
Ofilter Player Crash
Posted Jan 14, 2010
Authored by Rehan Ahmed | Site rewterz.com

Ofilter Player crash proof of concept exploit that creates a malicious .ini file.

tags | exploit, proof of concept
SHA-256 | 703ad65b4f8426288ebddbaf3f51605f1e944c689c59eab2a902e9f221a186d1
NPlayer Heap Overflow
Posted Jan 14, 2010
Authored by Rehan Ahmed | Site rewterz.com

NPlayer local heap overflow proof of concept exploit that creates a malicious .dat file.

tags | exploit, overflow, local, proof of concept
SHA-256 | 5e6ecda17bd4819269900bfdd4cd651c585c36475d09f93d8167deaccb69c93c
Debian Linux Security Advisory 1969-1
Posted Jan 14, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1969-1 - It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.

tags | advisory, remote, arbitrary, cryptography, code execution
systems | linux, debian
advisories | CVE-2009-4212
SHA-256 | c4c0487c3ec908e26276616469e2ceb5a694e1905319464efe1257fe6f2cb47e
Page 3 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close