exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 66 of 66 RSS Feed

Files Date: 2010-11-09 to 2010-11-10

Zero Day Initiative Advisory 10-240
Posted Nov 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a COMMENT variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 0d5e6f9d02ae73627ffdff7b3b9a1dc22f731eef6c026b207f7c203db145b753
Zero Day Initiative Advisory 10-239
Posted Nov 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a RRULE variable it allocates memory for 0x800 bytes for the variable's contents, a list of numbers. It then proceeds to copy the numbers from the request while there are numbers to parse. By specifying a large amount of comma-separated values within an RRULE, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 02c6961f8f762fc8a11011d2564486ae91d156dbb4c0f5d99fe5933cfb271e37
Joomla Clanlist SQL Injection
Posted Nov 9, 2010
Authored by CoBRa_21

The Joomla Clanlist component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 57fc4f5adabc0d8495807194ba99ad68ac79b9f21e8045885610da8c9ae5343d
xt:Commerce Shopsoftware Arbitrary File Upload
Posted Nov 9, 2010
Authored by Net.Edit0r

xt:Commerce Shopsoftware suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 7a40fc2fd55b3ebb2732aea693b22c478228127de7c1de636183786cf600e048
Joomla Clan SQL Injection
Posted Nov 9, 2010
Authored by AtT4CKxT3rR0r1ST

The Joomla Clan component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fd56143cad69ceff772720fe01e01f53ea982ee1d4500944a5a355400993f53c
Zero Day Initiative Advisory 10-238
Posted Nov 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out string data from within it. The process does not properly check the length of these values before copying them to a fixed-length buffer. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary
SHA-256 | 22243a54416dc69d22e82bb0893abc0b292344e3e8365318f1eec8e08cb3e36c
Joomla ProDesk 1.5 Local File Inclusion
Posted Nov 9, 2010
Authored by d3v1l

It would appear that the maintainers of the Joomla ProDesk component have not patched the local file inclusion vulnerability that existed in prior versions. This affects versions 1.5 and below.

tags | exploit, local, file inclusion
SHA-256 | 1dfaf6a49cd24e7bb67b8a0e78d5a9b7009afdbb8219a6b16be4db6fe7d5fabb
Zero Day Initiative Advisory 10-237
Posted Nov 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-237 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the entities within its contents, separated by a semicolon. The process does not properly check the size of these values before copying them individually to a fixed-length stack buffer. This can be abused by an attacker to overflow the buffer and subsequently execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary
SHA-256 | ad8b2639adbe3da594d526f78009c9fba79bcccf5acd7bbba38374543c0770c7
Zero Day Initiative Advisory 10-236
Posted Nov 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-236 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Composition Environment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sapstartsrv.exe process which listens by default on ports 50013 and 50113. A malformed SOAP request (via POST) can be used to reach an unbounded copy loop which results in attacker-supplied data being written into existing function pointers. It is possible for a remote attacker to leverage this vulnerability to execute arbitrary code.

tags | advisory, remote, arbitrary
SHA-256 | d93fba5070d3002c67efddba95719dc9f56bbf5400da351eafdd592a8e7f3611
Joomla CKForms Local File Inclusion
Posted Nov 9, 2010
Authored by altbta

The Joomla CKForms component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 23fe9f09169ac712990773472bced031c0afc164ef6e9f3dfec3479511ea1c38
PunBB 1.3.4 Path Disclosure
Posted Nov 9, 2010
Authored by OverSecurityCrew, SYSTEM_OVERIDE

PunBB version 1.3.4 suffers from a path disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | 3669a410665dd6222e572be15b5d07aac3a565b1ebf4563c6b2f42eb7c3d855e
Joomla RSform 1.0.5 Local File Inclusion / SQL Injection
Posted Nov 9, 2010
Authored by jdc

The Joomla RSform component version 1.0.5 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | e4c4aa629358df1ff23b64737e6277f8b40f8d4ce961131170d4ec52d07e2562
Juniper SSL VPN Bypass / Cross Site Scripting
Posted Nov 9, 2010
Authored by Michal Zalewski

This is a list of older cross site scripting and bypass vulnerabilities associated with older Juniper IVE releases.

tags | exploit, vulnerability, xss, bypass
systems | juniper
SHA-256 | 373b779224dfe366049456b486a0f52893693761af7861f0c2f4e45a15feacc4
ASPilot Pilot Cart 7.3 Cross Site Scripting / SQL Injection
Posted Nov 9, 2010
Authored by Ariko-Security

ASPilot Pilot Cart version 7.3 suffers from cross site scripting, remote SQL injection, iframe injection and link injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 4a608d403b49bc3bfad57ed24fd8a4763cd757d47f015ea513226d3378647a97
Joomla Branch Local File Inclusion / Download
Posted Nov 9, 2010
Authored by Th3 RDX

The Joomla Branch component suffers from local file inclusion and file download vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
SHA-256 | d97aa396bbfb28b4fbe68d6be9e3ef8643985d2d4ea2a7af0861c9cd4cc510dc
Ubuntu Security Notice 1008-4
Posted Nov 9, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1008-4 - USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'host_device' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old behavior on Ubuntu 10.04 LTS. It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-2238
SHA-256 | a703c3b52b149defc693be88e89c0a6c02d09f2011f32766fcfe27409c7caa7d
Page 3 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close