exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2010-10-29 to 2010-10-30

Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Posted Oct 29, 2010
Authored by Kees Cook

Linux kernel arbitrary write memory write via v4l1 compat ioctl exploit.

tags | exploit, arbitrary, kernel
systems | linux
advisories | CVE-2010-2963
SHA-256 | 0fb3fe6114ef493e4fab7053e8a06ac577d72940a2bdde07d3c8602f119bf555
SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Posted Oct 29, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2010-2583
SHA-256 | bda7d9a6037b717f828fe03148093d6578e44697389fab80cebbcb196eeacc52
Adobe Shockwave Player "DEMX" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2582
SHA-256 | 0520606f6722058230d81d2805a4528a191ff0ab419df32cfb2367dc2efaca0c
Adobe Shockwave Player "pamm" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-2581
SHA-256 | a3e29c613af64c8ecff2b697ddfc189577bbb6d153195c683e72b4cc58a495ab
Ubuntu Security Notice 1011-3
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1011-3 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3765
SHA-256 | ea538fb7a396cad06d7b022df27a6427f3c3f3de5e776aa2b925db67faeff274
Free Adult Script 2 SQL Injection
Posted Oct 29, 2010
Authored by HeRoTuRK

Free Adult Script version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 81fac11dffeb02afbb8b0750c18da13d04fd1eb4279664c0e05eb7e7e54980c8
Joomla Jcars SQL Injection
Posted Oct 29, 2010
Authored by Fl0riX

The Joomla Jcars component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 65c3bc4dc09d59cb0feb75ac4a731007657b09eb9a143ff1fa451bc83d47ffb6
Adobe Shockwave Director pamm Chunk Memory Corruption
Posted Oct 29, 2010
Authored by TELUS Security Labs | Site telussecuritylabs.com

A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-4084
SHA-256 | 52321373bf2a0653fb086d290321ba798dc5e0c8bffe3c1b5a613be0afe0213f
Ubuntu Security Notice 1010-1
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.

tags | advisory, java, web, local, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574
SHA-256 | dbf842de06300f7667099150cb0e617a4a3656e900e4a73d6bc01c5ed06a9df2
Firefox Memory Corruption
Posted Oct 29, 2010

This is a simplified memory corruption proof of concept exploit for Firefox.

tags | exploit, proof of concept
advisories | CVE-2010-3765
SHA-256 | 84f1b73f392b7d5cac24e6fbbd2c87adfae94e7b77462a12739e5959d7c4e4e3
mygamingladder MGL Combo System 7.5 SQL Injection
Posted Oct 29, 2010
Authored by Easy Laster

mygamingladder MGL Combo System versions 7.5 and below remote SQL injection exploit that leverages game.php.

tags | exploit, remote, php, sql injection
SHA-256 | 692212f64021295c87957567cdc84aeef8aedd138fe9c25560ff5921bfc6d989
PHPKit 1.6.1 R2 SQL Injection
Posted Oct 29, 2010
Authored by Easy Laster

PHPKit versions 1.6.1 R2 and below remote SQL injection exploit that leverages overview.php.

tags | exploit, remote, php, sql injection
SHA-256 | 60f29fc5837355fd5ef838e4225260e314c73abe5d8f82833f62aba28fcff37f
Ubuntu Security Notice 1011-2
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1011-2 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3765
SHA-256 | 80c141f74cebc113235f042dfb7cd7ed50aca7352fc34b58fdc7627cb6a710b2
Mandriva Linux Security Advisory 2010-213
Posted Oct 29, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.

tags | advisory, remote, arbitrary, javascript
systems | linux, mandriva
advisories | CVE-2010-3765
SHA-256 | 4cdfd6730622b7459b8ae41be37d6808924aa067a1e95a69d2c972df23792f1f
Feindura CMS 1.0rc Cross Site Scripting / Local File Inclusion
Posted Oct 29, 2010
Authored by Wireghoul | Site justanotherhacker.com

Feindura CMS versions 1.0rc and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | 364e10b51df7e626af9e31c02f0fd1b74762c2df9327f0e6c321824c0b173d53
nSense Vulnerability Research Security Advisory 2010-002
Posted Oct 29, 2010
Authored by Jokaim

nSense Vulnerability Research Security Advisory - Teamspeak 2 version 2.0.32.60 suffers from a remote code execution vulnerability. The specific flaw exists within the TeamSpeak.exe module teardown procedure responsible for freeing dynamically allocated application handles.

tags | advisory, remote, code execution
SHA-256 | 4d8e9182c0ec20a67fe4eed4f3b148ceb19bf7b43682b701517e967385d3e755
Home FTP Server 1.10.3 / 1.11.1 Directory Traversal
Posted Oct 29, 2010
Authored by chr1x

Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149) both suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 9d81ecb61b5e435a53bf11a418f751e73163b649c341f2fb52a0397841218a0e
XBMC 9.04.1r20672 Buffer Overflow
Posted Oct 29, 2010
Authored by n00b

XBMC version 9.04.1r20672 soap_action_name post upnp sscanf buffer overflow exploit with windows bindshell code.

tags | exploit, overflow
systems | windows
SHA-256 | 216d6860483a52a2efb4bf88bcd4db93daea540f99880b822a68ceaf94f00786
Secunia Security Advisory 41952
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 9e548959c53d9df31528868848e54e4674085694b0edaebc92d5dac00e55cd92
Secunia Security Advisory 42020
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, fedora
SHA-256 | 79a31d9ffe87fb001702e0e6de17c6c372a4a6533dd2240e55e862abaeeb7f91
Secunia Security Advisory 40590
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 95bd95bd686c49818c3cc8b930ddab537752ecb5ca782071e3551b116f94343a
Secunia Security Advisory 42011
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | cisco
SHA-256 | da18a4d2d37e73098e152efb1a50d5c8372bbc862146d784897254720ee7ac8c
Secunia Security Advisory 42013
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.

tags | advisory, vulnerability
SHA-256 | 929452614c534f73f864f4574ac52ee9b8ad64e4eda7b16b18891072db69fd5a
Secunia Security Advisory 42027
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

tags | advisory, web, denial of service, vulnerability
SHA-256 | b59bd4ade60bbd62822339118827c175a2a3f920e1d3c54c0c44e9e733a0613d
Secunia Security Advisory 41975
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 24b81b1f91002255b2aa8f6138ecce1d206ed8cdd9da9bf0879e7bda5d301e39
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close