seeing is believing
Showing 1 - 25 of 32 RSS Feed

Files Date: 2010-02-20 to 2010-02-21

Coppermine Photo Gallery 1.4.14 picEditor.php Command Execution
Posted Feb 20, 2010
Authored by Janek Vind aka waraxe | Site metasploit.com

This Metasploit module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed. NOTE: Use of the ImageMagick library is a non-default option. However, a user can specify its use at installation time.

tags | exploit, php
advisories | CVE-2008-0506
MD5 | 348630ab822d73fca3d6902525794666
Zero Day Initiative Advisory 10-019
Posted Feb 20, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-019 - This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.

tags | advisory, remote, javascript
advisories | CVE-2009-3988
MD5 | a7110019d9bfee490dd6f9745644817d
Symantec Antivirus Client Proxy Buffer Overflow
Posted Feb 20, 2010
Authored by Sh2kerr | Site dsecrg.com

An Active-X component in CLIproxy.dll from Symantec Antivirus Client Proxy suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2010-0108
MD5 | 1f68c2a86a81e38c5322e4127c8446d8
vBseo 3.1.0 Local File Inclusion
Posted Feb 20, 2010
Authored by ViRuSMaN

vBseo version 3.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 372aa0c7a496a2bee62b4492d386796a
Openwall Linux Kernel Patch 2.4.37.9
Posted Feb 20, 2010
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: The patch has been updated to Linux 2.4.37.9. A post-2.4.37.9 upstream fix for FAT filesystems has been added. The FAQ has been updated.
tags | overflow, kernel
systems | linux
MD5 | ea4e7d83f29a200b961dc6992e26927f
Mobius Forensic Toolkit 0.5.2
Posted Feb 20, 2010
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: The extension Datasource Solo provides support to ICS Solo III image files. Case Viewer has a toolbutton to run reports. The Mobius tutorial features a new chapter on generating and running reports. Datasource-talon supports v2.40 of the software. Minor improvements were made.
tags | tool, python, forensics
MD5 | b1fab945364bd4c43ebe36f49e64efc3
Mandriva Linux Security Advisory 2010-044
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-044 - MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions. The updated packages have been patched to correct these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2008-7247
MD5 | 77955cb0b23f22e57bf4e404d6be871c
Mandriva Linux Security Advisory 2010-043
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-043 - Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3389
MD5 | 3d19d8fc6a5c159cf6cacd8899999d90
Mandriva Linux Security Advisory 2010-042
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-042 - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type=image/svg+xml, the Content-Type is ignored and the SVG document is processed normally.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2010-0159, CVE-2010-0160, CVE-2009-1571, CVE-2009-3988, CVE-2010-0162
MD5 | d23131bea4badf0c321518e694e27d09
VideoSearchScript Pro 3.5 Cross Site Scripting
Posted Feb 20, 2010
Authored by listi kurdistani

VideoSearchScript Pro version 3.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9941f2cc175fc630645236a59b24df7c
Debian Linux Security Advisory 2002-1
Posted Feb 20, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2002-1 - Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2009-3305, CVE-2009-4413
MD5 | 5ac5f16f6e65f2e8d50ccce3e9f1a249
vBulletin 4.0.2 Cross Site Scripting
Posted Feb 20, 2010
Authored by indoushka

vBulletin version 4.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 36a5005ae53eb8772ae6e2a6f1192a52
Coupons Direct Access Bypass
Posted Feb 20, 2010
Authored by indoushka

Coupons suffers from a direct access administrative bypass vulnerability.

tags | exploit, bypass
MD5 | 5887f82eafb23b35b11b2de6d5e62b05
Symev CMS SQL Injection
Posted Feb 20, 2010
Authored by Metropolis

Symev CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0ce7c0745339ccc89ffad3c0ba5ed6bb
phpBugTracker 1.0.1 File Disclosure
Posted Feb 20, 2010
Authored by ViRuSMaN

phpBugTracker version 1.0.1 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 32cef8a0f4f80ef27d5cef18089af9b4
FlatFile Password Disclosure
Posted Feb 20, 2010
Authored by ViRuSMaN

FlatFile System suffers from a remote password disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | acfecb7f1d688db654eb1e793f527726
TimeClock Cross Site Request Forgery
Posted Feb 20, 2010
Authored by ViRuSMaN

TimeClock cross site request forgery add administrator exploit.

tags | exploit, csrf
MD5 | 3bfacf29cc5c18ec223dbb2d9eb2c3ae
phpAutoVideo Cross Site Request Forgery
Posted Feb 20, 2010
Authored by GoLdeN-z3r0

phpAutoVideo suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 4d30bc155571221a02a79eee40088322
Joomla Recipe SQL Injection
Posted Feb 20, 2010
Authored by Fl0riX

The Joomla Recipe component suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2936aa3564c4f114a551d37c12793881
Mandriva Linux Security Advisory 2010-034
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3080, CVE-2009-4005
MD5 | 749baac7f49298f41103d4dd827b0f88
Litespeed Web Server 4.0.12 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 20, 2010
Authored by d1dn0t

Litespeed Web Server version 4.0.12 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
MD5 | ce74ef87bb422bc0736a8e2839357e5f
WSC CMS SQL Injection
Posted Feb 20, 2010
Authored by Phenom

WSC CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 8e0d13e098b3311e67ede3b4f67af506
Debian Linux Security Advisory 2001-1
Posted Feb 20, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2001-1 - Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor.

tags | advisory, remote, php, vulnerability
systems | linux, debian
advisories | CVE-2009-4142, CVE-2009-4143
MD5 | c803642cec299d8db68d6e6df19f9dd2
Asterisk Project Security Advisory - AST-2010-002
Posted Feb 20, 2010
Authored by Leif Madsen | Site asterisk.org

Asterisk Project Security Advisory - A common usage of the ${EXTEN} channel variable in a dialplan with wildcard pattern matches can lead to a possible string injection vulnerability. By having a wildcard match in a dialplan, it is possible to allow unintended calls to be executed.

tags | advisory
MD5 | 8401124cbc4ef9d5182493660825c345
File(),Fgets(),Fgetc() Local File Disclosure Paper
Posted Feb 20, 2010
Authored by hexon

Whitepaper called File(), Fgets(), Fgetc() Local File Disclosure (LFD).

tags | paper, local
MD5 | bca1c3d932ed4c692c786e6cdf1cd639
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close