what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2010-04-14 to 2010-04-15

Adobe Reader / Acrobat Memory Corruption
Posted Apr 14, 2010
Authored by Haifei Li, Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0194, CVE-2010-1241
SHA-256 | fc8110eba746beaeaeb312acf0c3de98f282e855acb65e89c31ceef45a4695c5
Microsoft Visio Memory Corruption
Posted Apr 14, 2010
Authored by Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Microsoft Office Visio, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0254, CVE-2010-0256
SHA-256 | 4ddb8146c2a01939e8998f706909c46588252e14afc6f4ee3ed9ebe1e339c565
Technical Cyber Security Alert 2010-103C
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103C - Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

tags | advisory, vulnerability
SHA-256 | 122d675cfc2564336cee46a233e0de2bf41adbdeb473dbc8636262213b35e267
Mandriva Linux Security Advisory 2010-071
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-071 - Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-0629
SHA-256 | 4f2e730b7e9d6e4a1620d4b0afacf275a4fb99dc0d7d71c16271806cd9c5d469
Zero Day Initiative Advisory 10-075
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-075 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes an XML request containing specific UTF-8 characters, an underlying library will raise an exception that is uncaught by the application. Due to the exception being uncaught, the application will then terminate which will cause future requests made against the service to fail. This will lead to a denial of service against the affected application.

tags | advisory, web, denial of service
advisories | CVE-2010-0897
SHA-256 | 247d31263eb05779bae84a92141bec9562b0d25a7f64ab4cf80dc8ece2d84478
Zero Day Initiative Advisory 10-074
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-074 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's LDAP implementation and can be triggered via a malformed LDAP query to the service. When the service decodes the malformed query, the application will cause a buffer overflow which can lead to code execution under the context of the service.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2010-0897
SHA-256 | 3fd51fbf66a177cb188fc7514a8364a7877e68d67997a092b77daa01c422eeee
Administrator Login Finding Script
Posted Apr 14, 2010
Authored by FuRt3X

This Ruby script scans a given site looking for administrator login pages.

tags | tool, scanner, ruby
systems | unix
SHA-256 | 4807fc91ca699c013d3390a37be1c780e241a1029fe00cbc5dffd54990d56312
Bash Scripts For Bruteforcing FTP And Looking For RFI/LFI
Posted Apr 14, 2010
Authored by FuRt3X

This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities.

tags | tool, remote, local, scanner, vulnerability, bash, file inclusion
systems | unix
SHA-256 | e19a0914b0f6880f78c49d6c67f5ecd55462ffd15303f6b5a94f170bc503365b
Technical Cyber Security Alert 2010-103B
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103B - The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
SHA-256 | 2459ad9983926671049928179a4cfcb8c882f48d67a5d3cd6f8b3044cee1bb7d
Basic Tutorial For THC-Hydra
Posted Apr 14, 2010
Authored by MDH3LL

This whitepaper is called Tutorial Basico THC-Hydra. Written in Portuguese.

tags | paper
SHA-256 | 1829b4450c17c4a90409586f07ccee48c92c1f8be2fa9da08f71d3ce3523576a
Zero Day Initiative Advisory 10-073
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-073 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes a search request with a malformed username, the application will dereference a null pointer causing any future queries made against the webserver to fail. This will lead to a denial of service against the affected service.

tags | advisory, web, denial of service
advisories | CVE-2010-0897
SHA-256 | e54c4cfdaef65c3e8ab9c3b030666f09ed92cf463631d7259e7f7143430fbe3c
Viper Corp Collection Number 0x01
Posted Apr 14, 2010
Authored by David Diego D. Firmino Siqueira, vipercorp

Viper Corp Collection Issue 0x01 - This is a Brazilian e-zine that covers exploit stack overflows on Windows, shellcoding on Linux, heap overflows, and more.

tags | overflow, magazine
systems | linux, windows
SHA-256 | 48dab11e6b3187670584cc98abf5235e4d5360c9d31dc4c4fcd6705249542204
Technical Cyber Security Alert 2010-103A
Posted Apr 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-103A - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange.

tags | advisory, vulnerability
systems | windows
SHA-256 | f7c0d2974849b72881e9d7b9ce4bae81af01d2a552a4a9ecc9657f6d1009b30b
Joelz Bulletin Board 0.9.9rc3 SQL Injection
Posted Apr 14, 2010
Authored by Easy Laster

Joelz Bulletin Board versions 0.9.9rc3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | ce146abc3416c98644313347de1b235a6d75d88e5790fae73da541db5810ff60
Zero Day Initiative Advisory 10-071
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0195
SHA-256 | a419b8807446f9d9cd84fe11e19c1479130543783894b1b6e25b11628d8c7b3c
Zero Day Initiative Advisory 10-070
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-070 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for retrieving a codec for an unknown fourCC compression code. If an embedded Windows Media Player control attempts to play a media file containing an unknown codec it makes a request to Microsoft to retrieve the necessary capability. If the control is removed from the page while attempting to do this, cleanup routines will call an already freed pointer. An attacker can leverage this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, web, arbitrary
systems | windows
advisories | CVE-2010-0268
SHA-256 | d738a45d8056ac0c0b9953e7d9cbd31ee67409a6be049bc77ac22f3cb287179c
Zero Day Initiative Advisory 10-069
Posted Apr 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-069 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible for converting files from the Publisher 97 format. While processing a TextBox item, several programming errors can be triggered allowing a maliciously created publisher file to execute arbitrary code under the context of the user opening the file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0479
SHA-256 | 3570dc640876c200308b1882b1f3d3845e18e8957ac225ec81908276c8a0f320
Mandriva Linux Security Advisory 2010-070
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-070 - Many security issues were identified and fixed in firefox. These issues range from memory corruption to stability bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-0164, CVE-2010-0165, CVE-2010-0167, CVE-2010-0168, CVE-2010-0170, CVE-2010-0172, CVE-2010-1122, CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
SHA-256 | d1dbac31fec5aaf4ccbfa6c390607e2f03c8adad158389687409d09844832819
Police Municipale Open Main Courante 1.01beta Local File Inclusion / Remote File Inclusion
Posted Apr 14, 2010
Authored by cr4wl3r

Police Municipale Open Main Courante version 1.01beta suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | bff038a87426c05991c6895890f6ea153872a91613aec5757cdf27023e3ab4f4
Openurgence Vaccin 1.03 Local File Inclusion / Remote File Inclusion
Posted Apr 14, 2010
Authored by cr4wl3r

Openurgence Vaccin version 1.03 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 7ba4ef6f5bae7f2cdf5d07112e00a288f14b75104ed0ad1e9cb86f6c9e06718c
Games Script (Galore) Backup Disclosure
Posted Apr 14, 2010
Authored by indoushka

Games Script (Galore) suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | b00f9942ca90b2856227f8ec53d594126cb7bee5b1efa6af620f5a278e9f13fd
Joomla QPersonal SQL Injection
Posted Apr 14, 2010
Authored by Valentin Hoebel

The Joomla QPersonal component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9851ddd52e5e62c0262b023274a91ac037f8a43371fd991f6cebd593a2eb2134
MyBB 1.4.11 Weak Random Numbers
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset weak random number vulnerability.

tags | advisory
SHA-256 | 76401bf313ed59fd28899756d38cace82dd2d12586e3c58956850da0f8a12cc1
MyBB 1.4.11 Password Reset
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset vulnerability.

tags | advisory
SHA-256 | eebecf174ba3f29f1d553d050fbff4e47f7d1b2b733b9981a342465b41506447
VMware Remote Console Format String
Posted Apr 14, 2010
Authored by Alexey Sintsov | Site dsecrg.com

VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.

tags | advisory, remote, web, arbitrary, code execution, activex
advisories | CVE-2009-3732
SHA-256 | 9b7e2d5d9e6d71cece7b4f8e09a5fa1063bb231718082ebea4980540a99db1c7
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close