exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2010-06-18 to 2010-06-19

Mandriva Linux Security Advisory 2010-119
Posted Jun 18, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-119 - Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2063
SHA-256 | 35bc65dccb7f463465758b2a11096042af60b3b67233ab5e89d267a59fe5c0a7
Debian Linux Security Advisory 2063-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2063-1 - Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2010-2192
SHA-256 | 761baef39ca32ba7ae1116f922831c6252c9cd21d118a2cb25d4345a6eff3811
Drupal FileField 6.x-3.3 Arbitrary Script Injection
Posted Jun 18, 2010
Authored by Justin C. Klein Keane

Drupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability.

tags | advisory, arbitrary
advisories | CVE-2010-1958
SHA-256 | 195ac8bf25a0d707e3dc03d63a39790bd60056ef575e948ce4d41f1c34ef8240
BlazeDVD 5.1 Stack Buffer Overflow With ASLR/DEP Bypass
Posted Jun 18, 2010
Authored by mr_me

BlazeDVD version 5.1 stack buffer overflow proof of concept exploit with ASLR/DEP bypass.

tags | exploit, overflow, proof of concept
SHA-256 | 0c78513f04ffa4f0fdc87590a1b031c3939bf6ccc06e9cfaee31781fcea375de
Mandriva Linux Security Advisory 2010-118
Posted Jun 18, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-118 - The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2010-1646
SHA-256 | a6f9d68d5a98a18e9429bb668817f36a35b35d16b65840e3bd8a85b84df5552a
setuid(0) And reboot Shellcode
Posted Jun 18, 2010
Authored by Jonathan Salwan

51 bytes small setuid(0) and reboot Linux / x86-64 shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 1602d03f14b343e82fcfe012cb8800f8ea9321a5a783a20ae0f412b06b3545b0
Gmail Checker Plus Chrome Extension Cross Site Scripting / Cross Site Request Forgery
Posted Jun 18, 2010
Authored by Lostmon | Site lostmon.blogspot.com

Gmail Checker plus Chrome suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 36a68bd9e9fde10d7b5a7b1971af8b6237f36edee542649eae9f1bc1b13f7a19
chmod 777 Polymorphic Shellcode
Posted Jun 18, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

60 bytes small chmod 777 polymorphic Linux / x86 shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 79a66ffbf90a8d76a2e4b52c97eb49dcd08d33eba78f494b73e514af2c5b5f6b
File Sharing Wizard 1.5.0 Remote Command Execution
Posted Jun 18, 2010
Authored by b0nd

File Sharing Wizard version 1.5.0 remote command execution exploit.

tags | exploit, remote, overflow
SHA-256 | ea6ea1bdfffb88d3d3250cbef2b0361200b39031cf979d407ec6cf1b646d9fc0
Firebook XSS / XSRF / Directory Traversal / Full Path Disclosure
Posted Jun 18, 2010
Authored by MustLive

Firebook suffers from cross site request forgery, cross site scripting, path disclosure, and traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | bf67a4a43d72b880003c39c391dd2d035157abef58ea446dcaf063054f7f631d
Havij 1.10 Cross Site Scripting
Posted Jun 18, 2010
Authored by hexon

Havij versions 1.10 and below suffer from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 8884f63ec088af60798135e54cda1c1dadd059b01a17959a7f977f0519c2ed24
Execute /bin/sh With setreuid 0,0 Shellcode
Posted Jun 18, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

45 bytes small sys_setreuid (0,0) - sys_execve("/bin/sh","","") shellcode.

tags | shellcode
SHA-256 | ac9e9d9b529104fbb0798b88d11a8ced3644df6e75a4cd5b49d2b004d456172e
Debian Linux Security Advisory 2062-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2062-1 - Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.

tags | advisory, root
systems | linux, debian
advisories | CVE-2010-1646
SHA-256 | 1445828e2f6519ef6217dac523b9973bc9ec175522f36db6c547b17eacde8bf8
Planet 1.1 Cross Site Request Forgery
Posted Jun 18, 2010
Authored by G0D-F4Th3r

Planet version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f26496b0f11faf2f2aab122fc0408b582e7c06ff2e3feffb5a6c3f1cc91356f6
Turbo FTP Server 1.20.745 Directory Traversal
Posted Jun 18, 2010
Authored by leinakesi

Turbo FTP Server version 1.20.745 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 07cff37e46ddaec3c2767dac6c1736e1c44921da1dce5c2ce5d3195290544dbf
TitanFtp Server 8.10.1125 Arbitrary File Download / Delete
Posted Jun 18, 2010
Authored by Bill Finlayson

TitanFtp Server version 8.10.1125 suffers from a traversal vulnerability which will allow an attacker to download and delete arbitrary files from the server.

tags | exploit, arbitrary
SHA-256 | 542717b6d2e3c0e4b688d642623cc0b6686e08ca7ef7eadf4b6a38ba28b04e3e
CMS RedAks 2.0 Cross Site Scripting
Posted Jun 18, 2010
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

CMS RedAks version 2.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 2dc45df9d209fbc36e7e5b7dfafe7b1a2ba8d07e612a2e5114c283a9df7d0c30
Netware SMB 1.0 Remote Stack Overflow
Posted Jun 18, 2010
Authored by laurent gaffie | Site stratsec.net

A vulnerability exists in the Netware CIFS.NLM driver which allows an attacker to trigger a kernel stack overflow by sending a specific 'Sessions Setup AndX' query. Successful exploitation of this issue will result in remote code execution with kernel privileges. Failed attempts may result in a remote denial of service. Netware SMB version 1.0 is vulnerable.

tags | exploit, remote, denial of service, overflow, kernel, code execution
SHA-256 | 86fccc6fafa7825b20615a1581e12b2c31b07679a3f3f3f334176b42bac87055
Pithcms 0.9.5 Local File Inclusion
Posted Jun 18, 2010
Authored by sh00t0ut

Pithcms version 0.9.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | a0b7c3d6c46c870cfb0f7e9f6d881958ba5e8941cb2be8e357e4f2fc9d1abb82
DMSEasy 0.9.7 Arbitrary Shell Upload
Posted Jun 18, 2010
Authored by sh00t0ut

DMSEasy version 0.9.7 suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 98f99fc892970049c47679c71ca0bd0f346e17e69d41f731a51eb7fee6e2bdcf
Ananda Image Gallery SQL Injection
Posted Jun 18, 2010
Authored by L0rd CrusAd3r

Ananda Image Gallery suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4804bc1e43fc8eb9fecfc74c3b936ed4dc136a4b508712de36422bc95068d630
HP Security Bulletin HPSBOV02540 SSRT090249
Posted Jun 18, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability
advisories | CVE-2008-5077, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-3245
SHA-256 | 4962704cafb19e0d8b33b253acee33bdfbeb5b80d6189aecbbfce46eafb25462
THQ.com SQL Injection
Posted Jun 18, 2010

THQ.com suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 03e07c7d92d4a120fc47d2523b9d6a53ef71eb5d3ce0bd79b08a44e66f907826
Debian Linux Security Advisory 2061-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.

tags | advisory, denial of service, arbitrary, root, protocol
systems | linux, unix, debian
advisories | CVE-2010-2063
SHA-256 | 5bbe52889b5ab6efa1f730a5287073d2e7fc6e1894b6ca2ae3107304d4641386
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close