exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 63 RSS Feed

Files Date: 2011-03-18 to 2011-03-19

Zero Day Initiative Advisory 11-106
Posted Mar 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability. The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE command the application copies user supplied data to a fixed length stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the super user.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4228
SHA-256 | 4a790c4123f37079211c02acda9f0abd778b9936eeb84b5f19624b30e8a2976e
Zero Day Initiative Advisory 11-105
Posted Mar 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remote execute request the process does not properly authenticate the user issuing the request. Utilities are stored in the 'secure' path which enable an attacker to re-execute an arbitrary executable. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-0889
SHA-256 | 1e4abd4183303f0315edf5b1e755f6743a56265010fc2d1861f40a33b1df228e
Ubuntu Security Notice USN-1090-1
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1090-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175
SHA-256 | f12b71de6de5f81790efc389293c19f77d8bf0c68bf39e6e1e07941dfd0dc88c
Ubuntu Security Notice USN-1089-1
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1089-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4175, CVE-2010-4242
SHA-256 | 0e7ad54b2d6863235ae50c53fada14dd0585ca6742beb25fbcb08c14797c41da
Mandriva Linux Security Advisory 2011-048
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-048 - The MIT Kerberos 5 Key Distribution Center daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication capability is enabled, resulting in daemon crash or arbitrary code execution. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2011-0284
SHA-256 | 8f16e65acd90e46a20687b79671d9368ac8dab31b74ae57187de4029b78a1b7b
Mandriva Linux Security Advisory 2011-047
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-047 - Integer overflow in the mod_sftp module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service via a malformed SSH message. Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-1137
SHA-256 | 9505eefd8186096410330ca5fefa718efaedacf8687774ced3b4c91df99ea711
Windows 7/2008 Event Log Forensic And Reversing Analysis
Posted Mar 18, 2011
Authored by ar1vr

Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis.

tags | paper
systems | windows
SHA-256 | aef1648589581c22c1a58a83b6b24763434d5609c71498b324de55b9c7a27598
GNU SIP Witch Telephony Server 0.10.2
Posted Mar 18, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: cmake build was introduced. A new desktop permissions mode was added for integration between sipwitch service running as a privileged daemon and the user desktop. The utilities were reorganized and simplified.
tags | telephony
systems | unix
SHA-256 | b4b02f031240e624405bb78c70f1bf7bc072a81cb290c25606afecbe4600b6b5
AdSuck DNS Server 2.2
Posted Mar 18, 2011
Authored by Marco Peereboom | Site peereboom.us

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: This release fixes the documentation and provides more examples.
tags | tool, local, spoof
systems | linux, unix
SHA-256 | b414e6ef18929479fd85c8ac470bbcca64a069901694fe449ce4ecc38898863b
XOOPS 2.5.0 Cross Site Scripting
Posted Mar 18, 2011
Authored by Aung Khant | Site yehg.net

XOOPS versions 2.5.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c01dfc1d0404b509b1b1773d5a12a5e340bc4e3bdd3b6a0c157eb122f0a0e586
ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution
Posted Mar 18, 2011
Authored by baltazar, Todor Donev

ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit. This is a secondary version of the original and is written in Python.

tags | exploit, remote, web, root, python
SHA-256 | 41a108b19f2cd58cd1b3bf78f695f0fc0293c132dc307dfb6fe1b4b8907d2d97
Debian Security Advisory 2186-2
Posted Mar 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2186-2 - The security update DSA-2186 issued for Iceweasel caused a regression in Vimperator, an Iceweasel extension to make it have vim look and feel. vimperator in stable has been updated to 2.3.1-0+squeeze1 to restore compatibility. Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059
SHA-256 | ab5f2d14141bc3a98f962b90f03aa06afa5ccb46bc3464056310aed3a357c391
POP Peeper 3.7 SEH Overflow
Posted Mar 18, 2011
Authored by Anastasios Monachos

POP Peeper version 3.7 SEH overflow exploit that spawns calc.exe.

tags | exploit, overflow
SHA-256 | 3413b9a59970875c8a63955887434386d01a68b7d7a5c19ebd48a8fd695d4b43
Fake Webcam 6.1 Crash Proof Of Concept
Posted Mar 18, 2011
Authored by Anastasios Monachos

Fake Webcam version 6.1 local crash proof of concept exploit that creates a malicious .wmv file.

tags | exploit, denial of service, local, proof of concept
SHA-256 | c9eb8b77833984ad9045d96deb4aea3014558da376c16a7f168445ca1c3611ee
Joomla Book Library SQL Injection
Posted Mar 18, 2011
Authored by Marc Doudiet

The Joomla Book Library component version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 84916b29e86f683bb104f2f468ef51a078f1d9be31bd7839d2eb9318040fc84c
Shape Web Solutions CMS SQL Injection
Posted Mar 18, 2011
Authored by Ashiyane Digital Security Team

Shape Web Solutions suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 0de64a1e1078bcb55c45d813efacccd06681acab8e3ee4eb7c8a4f72f341a41f
SpoonFTP 1.2 Denial Of Service
Posted Mar 18, 2011
Authored by C4SS!0 G0M3S

SpoonFTP version 1.2 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 0333dd603b1e9409df09365e35fa0cde8ae676af9f432b1ca6d87301262d166b
Ftpdmin 1.0 Denial Of Service
Posted Mar 18, 2011
Authored by C4SS!0 G0M3S

Ftpdmin version 1.0 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 2429c36c35e365fe4000080e9e6ed18fae2fea69a4d1875aed00dd08ffd0df93
Recaptcha WordPress Plugin Cross Site Scripting
Posted Mar 18, 2011
Authored by Rodrigo Rubira Branco

The Recaptcha WordPress plugin suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2011-0759
SHA-256 | 3380fb0810e15ce592d4dc8554dd0382521efd3b51f666fb7fa37f371bd0984b
Related Posts WordPress Plugin Cross Site Scripting
Posted Mar 18, 2011
Authored by Rodrigo Rubira Branco

The Related Posts WordPress plugin suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2011-0760
SHA-256 | d488164a8603b819908f4998ecd1a942907c98bd27482847a44773121f115473
BlackBerry Owner Warning
Posted Mar 18, 2011
Authored by Laurent Oudot | Site tehtri-security.com

This short advisory dictates how you can do a quick security check of your BlackBerry to see if you are vulnerable against various security issues.

tags | advisory
advisories | CVE-2010-2599, CVE-2011-1290
SHA-256 | 93163bc6119f329fbf4bd60f854434065dea5ffed8fa876568b6e2956337925f
Debian Security Advisory 2194-1
Posted Mar 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2194-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service (crash) or possibly escalate privileges.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2011-1146
SHA-256 | 6fe292b2003854868045fde6bd8c3713f1b7fb591a314c499cf94b2f6001ba6d
Ubuntu Security Notice USN-1079-3
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-3 - USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
SHA-256 | c33a79c9cbb271d022cc60d25b2598bc554e7e817f3e003bca02dabf306d9ac9
W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion
Posted Mar 18, 2011
Authored by MustLive

W-Agora versions 4.2.1 and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | 3790b0e8d8bef762ed566e3aca3ca5f5e29b3a9627f8f31cfe8ce4b297eda307
Mandriva Linux Security Advisory 2011-046
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-046 - A security flaw was discovered in pure-ftpd which allows plaintext command injection over TLS.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0411
SHA-256 | c79c0998d50cb9fdb22adc00fc447d479980cc0727ac9682e23c6d0d74fb19d2
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close