what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2010-06-18 to 2010-06-19

Mandriva Linux Security Advisory 2010-119
Posted Jun 18, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-119 - Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2063
MD5 | d0ea75c4056e70509c7375dc049bc3ae
Debian Linux Security Advisory 2063-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2063-1 - Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2010-2192
MD5 | 79e1fe5fc9f67968631518a91ab53023
Drupal FileField 6.x-3.3 Arbitrary Script Injection
Posted Jun 18, 2010
Authored by Justin C. Klein Keane

Drupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability.

tags | advisory, arbitrary
advisories | CVE-2010-1958
MD5 | 3ef3a39a5b1646bdf89894953b6a2774
BlazeDVD 5.1 Stack Buffer Overflow With ASLR/DEP Bypass
Posted Jun 18, 2010
Authored by mr_me

BlazeDVD version 5.1 stack buffer overflow proof of concept exploit with ASLR/DEP bypass.

tags | exploit, overflow, proof of concept
MD5 | b7ec919be12c9f351d2ca886c5f216d6
Mandriva Linux Security Advisory 2010-118
Posted Jun 18, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-118 - The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2010-1646
MD5 | 58a42f688efb02f1c370937e637ec5e3
setuid(0) And reboot Shellcode
Posted Jun 18, 2010
Authored by Jonathan Salwan

51 bytes small setuid(0) and reboot Linux / x86-64 shellcode.

tags | x86, shellcode
systems | linux
MD5 | 349e49b46eb8826f63e990d836b4d1e8
Gmail Checker Plus Chrome Extension Cross Site Scripting / Cross Site Request Forgery
Posted Jun 18, 2010
Authored by Lostmon | Site lostmon.blogspot.com

Gmail Checker plus Chrome suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 1eabc793751c20d5357f6aa042e02fc1
chmod 777 Polymorphic Shellcode
Posted Jun 18, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

60 bytes small chmod 777 polymorphic Linux / x86 shellcode.

tags | x86, shellcode
systems | linux
MD5 | c79f07a3ff17646ba569c5dcd07c4a27
File Sharing Wizard 1.5.0 Remote Command Execution
Posted Jun 18, 2010
Authored by b0nd

File Sharing Wizard version 1.5.0 remote command execution exploit.

tags | exploit, remote, overflow
MD5 | 93c0389f5db6a5b025e0c53cba02d6de
Firebook XSS / XSRF / Directory Traversal / Full Path Disclosure
Posted Jun 18, 2010
Authored by MustLive

Firebook suffers from cross site request forgery, cross site scripting, path disclosure, and traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | c248cd988ef4bdfd598acfe132dfda01
Havij 1.10 Cross Site Scripting
Posted Jun 18, 2010
Authored by hexon

Havij versions 1.10 and below suffer from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | 566df6d6f64c2e2a333da8e7409a4b74
Execute /bin/sh With setreuid 0,0 Shellcode
Posted Jun 18, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

45 bytes small sys_setreuid (0,0) - sys_execve("/bin/sh","","") shellcode.

tags | shellcode
MD5 | 6cd9b7a7b6e52aabadd02f039495bf23
Debian Linux Security Advisory 2062-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2062-1 - Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.

tags | advisory, root
systems | linux, debian
advisories | CVE-2010-1646
MD5 | cb3a7d8d21e607e73d94a2d172f7ef20
Planet 1.1 Cross Site Request Forgery
Posted Jun 18, 2010
Authored by G0D-F4Th3r

Planet version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 65a669afb131eccb0c64237a658da61e
Turbo FTP Server 1.20.745 Directory Traversal
Posted Jun 18, 2010
Authored by leinakesi

Turbo FTP Server version 1.20.745 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 4428d6968f2c2427d3be875bf0322f8a
TitanFtp Server 8.10.1125 Arbitrary File Download / Delete
Posted Jun 18, 2010
Authored by Bill Finlayson

TitanFtp Server version 8.10.1125 suffers from a traversal vulnerability which will allow an attacker to download and delete arbitrary files from the server.

tags | exploit, arbitrary
MD5 | 91098bb18b5f64917cca9156ba0653c5
CMS RedAks 2.0 Cross Site Scripting
Posted Jun 18, 2010
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

CMS RedAks version 2.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | c63e23f06638dbd0b34fea8a15678fd1
Netware SMB 1.0 Remote Stack Overflow
Posted Jun 18, 2010
Authored by laurent gaffie | Site stratsec.net

A vulnerability exists in the Netware CIFS.NLM driver which allows an attacker to trigger a kernel stack overflow by sending a specific 'Sessions Setup AndX' query. Successful exploitation of this issue will result in remote code execution with kernel privileges. Failed attempts may result in a remote denial of service. Netware SMB version 1.0 is vulnerable.

tags | exploit, remote, denial of service, overflow, kernel, code execution
MD5 | 6052914889052a4f8a8cc31d4c8446f6
Pithcms 0.9.5 Local File Inclusion
Posted Jun 18, 2010
Authored by sh00t0ut

Pithcms version 0.9.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a1740ed14d41b339516260796e063bee
DMSEasy 0.9.7 Arbitrary Shell Upload
Posted Jun 18, 2010
Authored by sh00t0ut

DMSEasy version 0.9.7 suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | cb6f43adac087c547d0dc2284871e487
Ananda Image Gallery SQL Injection
Posted Jun 18, 2010
Authored by L0rd CrusAd3r

Ananda Image Gallery suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 919f440acb9db7637eefb7c0c581ad24
HP Security Bulletin HPSBOV02540 SSRT090249
Posted Jun 18, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability
advisories | CVE-2008-5077, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-3245
MD5 | b134d55a57e80dbade7837d63cb7577c
THQ.com SQL Injection
Posted Jun 18, 2010

THQ.com suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 0bb8e1ce0b6d2b7651aedd8ac29a0a00
Debian Linux Security Advisory 2061-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.

tags | advisory, denial of service, arbitrary, root, protocol
systems | linux, unix, debian
advisories | CVE-2010-2063
MD5 | e31a2d8b3aecbc78a2df0e9cddf4eeb4
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close