what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 57 RSS Feed

Files Date: 2010-03-09 to 2010-03-10

Technical Cyber Security Alert 2010-68A
Posted Mar 9, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.

tags | advisory, vulnerability
systems | windows
SHA-256 | 35b14483edb6eb4c24deb70dea668722ee686b5cf981df519d2d85f0133835ba
Tor-ramdisk i686 UClibc-based Linux Distribution 20100309
Posted Mar 9, 2010
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.

Changes: Tor was updated to 0.2.1.24 and busybox to 1.15.3. The build scripts now allow the option of creating images with a fully featured busybox for debugging and a minimally configured busybox for production.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | deee336e5fd0b8201a5922b8eeef8b3c102c45e8a040e67d5f22b203c85707f9
Core Security Technologies Advisory 2009.1103
Posted Mar 9, 2010
Authored by Core Security Technologies, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0264
SHA-256 | 7467a687c181b918d29055d813fdff2b35ff940ae1ff53bb67f0cc1fd65c64a0
Core Security Technologies Advisory 2009.0813
Posted Mar 9, 2010
Authored by Core Security Technologies, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution.

tags | advisory, remote, code execution
systems | windows
advisories | CVE-2010-0265
SHA-256 | 3ec9f74a6f8a7195243bbca53f5c261bb5ca7143376fade47aec9053e7b0c338
River CMS 1.0 SQL Injection
Posted Mar 9, 2010
Authored by Pouya Daneshmand

River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | eceaf0c5520ec0d47cf564935d3b7f14931412c77ad6575a55d21f8156f74d86
Mandriva Linux Security Advisory 2010-058
Posted Mar 9, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

tags | advisory, php, vulnerability
systems | linux, mandriva
SHA-256 | f7a85c3296d43faf3336a98acae9b827c5b8b25593c162960dd5abc90f5ef88c
NUs Newssystem 1.02 SQL Injection
Posted Mar 9, 2010
Authored by n3w7u

NUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 148116ce4e0a89b3feec62e659dc4ccda6cb5f0f9b5bfe169f2a0e30e6210116
Jevci Siparis Formu Scripti Database Disclosure
Posted Mar 9, 2010
Authored by indoushka

Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 898a9ec1e2686e42887fd8c47d82318e10ea7256c1f71177529701f29b1d0738
Zero Day Initiative Advisory 10-026
Posted Mar 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.

tags | advisory, remote, web, arbitrary
advisories | CVE-2010-0447
SHA-256 | cdc2165cbfbcfb0227cf704cdc43b1b691c05a0e17030005b9e81dcc9d32683e
Mhproducts Kleinanzeigenmarkt SQL Injection
Posted Mar 9, 2010
Authored by Easy Laster

Mhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7a6b3638ceaf0b3171d2f2aa2d310335bb5d0330aa6ff2372afefa8e1a8fdcd5
Easy~FTP Server v1.7.0.2 CWD Command Buffer Overflow
Posted Mar 9, 2010
Authored by Blake | Site metasploit.com

This Metasploit module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability.

tags | exploit, overflow
SHA-256 | cfd458989a8afba7f91cf2e94e4d8e76b599cdf51bb3698d539c553eb90282e3
HP Security Bulletin HPSBMA02489 SSRT090065
Posted Mar 9, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands.

tags | advisory, arbitrary
advisories | CVE-2010-0447
SHA-256 | b0ea5f4bb7a1369ae935731ba537cffabd9aa60351797d73cf034f9815c87364
Energizer DUO Trojan Code Execution
Posted Mar 9, 2010
Authored by H D Moore | Site metasploit.com

This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger.

tags | exploit, arbitrary, trojan
advisories | CVE-2010-0103
SHA-256 | a1bf3f27171f32dee29233cb205cbdc4a03991a5c16306ba50e72d267e4f12e0
Orbital Viewer ORB File Parsing Buffer Overflow
Posted Mar 9, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in David Manthey's Orbital Viewer. When processing .ORB files, data is read from file into a fixed-size stack buffer using the fscanf function. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an ORB file.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-0688
SHA-256 | 46ef3749fafdda88696ed761f5421d74f5a63031de7f9f8a7eedcc6d42bda3cd
Rsstatic SQL Injection
Posted Mar 9, 2010
Authored by ItSecTeam

Rsstatic suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 40e5ad5b8ab22b136411b1d6305a2131e5e2bebd4eb01ba990c79c42b34b60f0
Uebimiau Webmail 3.2.0-2.0 Email Disclosure
Posted Mar 9, 2010
Authored by R4vax, Z3r0c0re

Uebimiau Webmail version 3.2.0-2.0 suffers from a remote email disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | ea0bc6af067b507336b4a9504121ccc06cd53f5e26033bc9cf839f9d8229fd21
AEF 1.0.8 Cross Site Scripting
Posted Mar 9, 2010
Authored by ItSecTeam

AEF version 1.0.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d42c5711ebe70de5d5ae838aaac8eb94bda8740e2ebcdedd8b1a91850c9b4241
IBM ENOVIA SmarTeam 5 Cross Site Scripting
Posted Mar 9, 2010
Authored by Yaniv Miron

IBM ENOVIA SmarTeam version 5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2a2209931b1ffd42b7662b43ba4d47eb79ceb56b8533c08525649d627220dac8
WILD CMS SQL Injection
Posted Mar 9, 2010
Authored by Ariko-Security

WILD CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2ef6c6de7c512df15ecf788b46eb2ceca160c07482a93e71cab5df460b0302bc
Eleanor CMS Rc5.1 Cross Site Scripting
Posted Mar 9, 2010
Authored by ItSecTeam

Eleanor CMS version Rc5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3634b70921125932d5f632ed5bd3991d6e3c8cee48cb8ea8a6bfe0c026537297
DDL CMS 2.1 Cross Site Scripting
Posted Mar 9, 2010
Authored by ItSecTeam

DDL CMS version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 53746c2ef685bace801e81607293aff50b9af3c096f8e80faf59c70f1f7e0284
Zero Day Initiative Advisory 10-025
Posted Mar 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0263
SHA-256 | 1e660607e5dfc124dfdf68aab869103d377209e3444d29b0dbe23acd0c6e32ac
Joomla HezaContent 1.0 SQL Injection
Posted Mar 9, 2010
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla HezaContent component version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a0033e451e7d959946757d05c2315efa3a4b689b43157c271606cf913679feee
Reverberation UDP Echo Denial Of Service Tool
Posted Mar 9, 2010
Authored by l0om | Site excluded.org

Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers.

tags | denial of service, udp, proof of concept
SHA-256 | 14699b1e6d5e32f01ee4e0376b52b221fce84d7267f7896bf740da0191cc46ba
Introduction To Win32 Shellcoding
Posted Mar 9, 2010
Authored by Peter Van Eeckhoutte | Site corelan.be

Introduction to Win32 shellcoding. Part 9 in a series of tutorials.

tags | paper, shellcode
systems | windows
SHA-256 | c348962751540735326efe86583d329a1d5165a9eee59075a9f4cc774b7a452e
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close