exploit the possibilities
Showing 26 - 42 of 42 RSS Feed

Files Date: 2010-09-30 to 2010-09-30

Debian Linux Security Advisory 2115-1
Posted Sep 30, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2115-1 - Several remote vulnerabilities have been discovered in Moodle, a course management system.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2010-1613, CVE-2010-1614, CVE-2010-1615, CVE-2010-1616, CVE-2010-1617, CVE-2010-1618, CVE-2010-1619, CVE-2010-2228, CVE-2010-2229, CVE-2010-2230, CVE-2010-2231
MD5 | 6f6273387a0779e868317490ac2cde52
Gentoo Linux Security Advisory 201009-9
Posted Sep 30, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-9 - fence contains multiple programs containing vulnerabilities that may allow local users to overwrite arbitrary files via a symlink attack. The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008-4580) programs contain symlink vulnerabilities. Versions less than 2.03.09 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2008-4579, CVE-2008-4580
MD5 | 5c52eeacf5448ef390bbf9cc97696441
Zero Day Initiative Advisory 10-185
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FastBack server process (FastBackServer.exe) which listens by default on TCP port 11406. The process searches received packet data for a pipe character (0x7c) and then sends the remaining portion of the string to the event log without sanitization. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | 13b8da3385c874c021a51a2adf57cdd0
HP Security Bulletin HPSBUX02587 SSRT100215
Posted Sep 30, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified in HP-UX Directory Server and Red Hat Directory Server for HP-UX. The vulnerability could be exploited locally resulting in information disclosure and privilege escalation.

tags | advisory, info disclosure
systems | linux, redhat, hpux
advisories | CVE-2010-3282
MD5 | efae0d4db8235f027fa59be8f9c17422
Pluck 4.6.3 Cross Site Scripting
Posted Sep 30, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

Pluck version 4.6.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b70ccd27bf0b3d19381fec3bbbd4fab1
GetSimple CMS 2.01 Cross Site Scripting
Posted Sep 30, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

GetSimple CMS version 2.01 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a1cf1dc38dfaac03e77d4f9ad7e6307e
Zimplit 3.0 Local File Inclusion
Posted Sep 30, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

Zimplit version 3.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 0e31e99e980d7186dbc447998687e057
Zero Day Initiative Advisory 10-184
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on TCP port 11460. The issue is due to a strcat of user supplied data to a fixed length buffer located on the stack. By providing sufficiently large values for a group, workgroup, or domain name this buffer can be overflowed. Successful exploitation leads to remote code execution under the context of the fastback server.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
MD5 | 70e6710f6e4b62bb3123fc8a478e77cf
Zero Day Initiative Advisory 10-183
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-183 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The flaw exists within FastBackServer.exe which listens by default on TCP port 11460. The issue is due to a strcpy of user supplied data and length to a fixed size buffer located on the stack. Specifically, this issue can be triggered by providing a large enough user_path variable. Successful exploitation leads to remote code execution under the context of the fastback server.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | e746bde45b397a5ac821bcba14b7a48b
Zero Day Initiative Advisory 10-182
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on TCP port 11460. The vulnerable function uses values directly from a received packet as the size and data to several memcpy calls. By providing crafted values this issue can lead to remote code execution under the context of the fastback server.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | 07b7ece6cab847a02afa3fe855944352
Zero Day Initiative Advisory 10-181
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on tcp port 11406. The issue is due to a memcpy within the _AGI_S_ActivateLTScriptReply function. The process trusts a user-supplied length and copies user-supplied data to a fixed length buffer located on the stack. Successful exploitation leads to remote code execution under the context of the fastback server.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | aeced14a41fb33eccf6e3c4fa6f427d4
Zero Day Initiative Advisory 10-180
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on tcp port 11406. The issue is due to an unsafe copy to a buffer located on the stack. This buffer is used to build a formatted event log message for the AGI_SendToLog method. Successful exploitation leads to remote code execution under the context of the fastback server.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | 190b4c3aab671ffc0e129c9b505a53c1
Zero Day Initiative Advisory 10-179
Posted Sep 30, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Mount service (FastBackMount.exe). This process listens by default on UDP port 30005. This process writes the value 0x01 to the address specified by the second DWORD from a packet received to it's UDP port. An attacker can exploit this behavior to execute arbitrary code by making several requests to this service.

tags | advisory, remote, arbitrary, udp
MD5 | 54558efe464901a9a59a45984abbe458
Turtle FreeBSD Rootkit
Posted Sep 30, 2010
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

tags | tool, kernel, rootkit
systems | unix, freebsd
MD5 | 475ca0337888d26fa3386bf01720a210
Quick Player 1.3 Unicode SEH Exploit
Posted Sep 30, 2010
Authored by Abhishek Lyall

Quick Player version 1.3 unicode SEH exploit.

tags | exploit
MD5 | a0bc3bae18fd9c79c338c01bab333a9c
Mandos Encrypted File System Unattended Reboot Utility 1.2
Posted Sep 30, 2010
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: The client has a new "plymouth" plugin to ask for a password using the Plymouth graphical boot system. The server uses a new D-Bus API. The following new control utilities were added using the new D-Bus API: mandos-ctl, a command-line based utility; and mandos-monitor, a text-based GUI interface.
tags | remote, root
systems | linux
MD5 | 41dc619b509ae626795dcaaa794eebde
XFS Deleted Inode Information Disclosure
Posted Sep 30, 2010
Authored by David Chinner

Local information disclosure exploit that makes use of an XFS filesystem vulnerability.

tags | exploit, local, info disclosure
advisories | CVE-2010-2943
MD5 | 761edc6224c0cf1326a2bc394b1c99d2
Page 2 of 2
Back12Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close