exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 52 RSS Feed

Files Date: 2011-03-24 to 2011-03-25

Secunia Security Advisory 43587
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - BalaBit has acknowledged multiple vulnerabilities in syslog-ng Premium Edition, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 7993f2a607d002e6ccf07ad8f9f6e0207845ea5c871b7cfc770decd83712482e
Secunia Security Advisory 43615
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in phpWebSite, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2efa0549d990f8f13ec5e74083d04ff48a7cfc69b625e95c2d21dfc10d6c65d5
Secunia Security Advisory 43569
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose certain system and potentially sensitive information, bypass certain security restrictions, and gain escalated privileges and by malicious people to cause a DoS.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | dbb42094392c6f95f4649e3f9db193f2ab142410c5729f89783e4b84a49811f4
Secunia Security Advisory 43567
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system.

tags | advisory, vulnerability, csrf
systems | linux, redhat
SHA-256 | a852bcfb308125485c156bff3e4476cbf41210d21dd2b508ccc48c29d2ea6e5f
Secunia Security Advisory 43568
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and to disclose system information and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | 09856abba8616780365b4bd3436d2c2edb9bb134efd83927d4817aeee15da10f
Secunia Security Advisory 43435
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux and linux-ec2. This fixes multiple weaknesses, a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose certain system and potentially sensitive information, bypass certain security restrictions, and gain escalated privileges and by malicious people to cause a DoS.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | ae65e9fbe16f23f548aa76d0842ff3cad347dd7e2376a084cdc1afcb157e0e57
Secunia Security Advisory 43561
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | b08ab0a2877d63aebe81c8bb14e83f96302877424acd78391e2a8da8a94e0919
Secunia Security Advisory 43579
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | fd56abb4d0f01b0a6d992e3724732bfbd7c41349acd776384f7bca0298d87710
Secunia Security Advisory 43570
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting or cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 7f830be82d4d1b8761d1db641b044a54c387f5a2b4e61dc85147f3d26256d14b
Secunia Security Advisory 43588
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniPCX Enterprise, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 46a709ba3f91b7476cfc861dade775b8b6cbaf4e8bb4089a2db8193a89776015
Secunia Security Advisory 43522
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | 7063cca7aa1f553c5e08dea0aaf68461ca0efc3d40d7846fbed9ae58aa6cb904
Secunia Security Advisory 43559
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for pango1.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 333f0efa6b347682ae22b82d4f85491d15777bdf00d554c179fb19f352c69c07
Secunia Security Advisory 43546
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability, xss
systems | linux, suse
SHA-256 | 6376172b2996ac84b4a0c6c03e4cfe91602744d9d05a1924c2c1901a0f29dea5
Secunia Security Advisory 43793
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MediaScripts Social Media, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 4e04b51a26e0d3ede9bdf9ca282cd9838ab036c4ee7b9cbb8fa0c33fe33a4a23
Secunia Security Advisory 43874
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.

tags | advisory
systems | linux, fedora
SHA-256 | 630c57d691c4fd95539872730181b23452d306ca4cb22cd3e557b4d506c9e205
Secunia Security Advisory 43875
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mhonarc. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
systems | linux, fedora
SHA-256 | 5044b0154d027e59ef1f9904f815c7f0dd062722218057171d05ddb6ca78eb6c
Secunia Security Advisory 43826
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 3344d2419ac8862b10c20a2a353489b7fce69763a6fdcd0c72ccdc1e84b8f519
Secunia Security Advisory 43827
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Nokia E75, which can be exploited by malicious people with physical access to bypass certain security restrictions.

tags | advisory
SHA-256 | 8f2d7953c19b746d7c6d3b05ebeb019ced668196eb33514ac48651d128c171de
Secunia Security Advisory 43877
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ruben Santamarta has discovered a vulnerability in Advantech WebAccess, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | b7317c597d465b2c5262d28485401d3aab3352b384a3b0bc5368774e37f88266
Secunia Security Advisory 43860
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 5f194793da5838c13cda14c60dac03bdaee2aa04f5bf8711fc0d485ed2e70be5
HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow
Posted Mar 24, 2011
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the option parsing function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. Reaching the vulnerable code requires a 'POST' request with an 'arg' parameter that, when combined with a some static text, exceeds 10240 bytes. The parameter must begin with a dash. It is important to note that this vulnerability must be exploited by overwriting SEH. This is since overflowing the buffer with controllable data always triggers an access violation when attempting to write static text beyond the end of the stack. Exploiting this issue is a bit tricky due to a restrictive character set. In order to accomplish arbitrary code execution, a double-backward jump is used in combination with the Alpha2 encoder.

tags | exploit, overflow, arbitrary, cgi, code execution
advisories | CVE-2010-1960, OSVDB-65427
SHA-256 | 776b4fe0d9851d0c1cbfd43336360be9b50d1f85d6ab691a9d9e621ecb22aa34
HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow
Posted Mar 24, 2011
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. It is interesting to note that this vulnerability cannot be exploited by overwriting SEH, since attempting to would trigger CVE-2010-1964. The vulnerable code is within a sub-function called from "main" within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. This function contains a 256 byte stack buffer which is passed to the "getProxiedStorageAddress" function within ovutil.dll. When processing the address results in an error, the buffer is overflowed in a call to sprintf_new. There are no stack cookies present, so exploitation is easily achieved by overwriting the saved return address. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1961, OSVDB-65428
SHA-256 | 5582013e7dde303149edfe7da48c08313b51ded046619d9bfba33ef02981baa8
HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
Posted Mar 24, 2011
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. The buffer being written to is 1024 bytes in size. It is important to note that this vulnerability must be exploited by overwriting SEH. Otherwise, CVE-2010-1961 is triggered! The vulnerable code is within the "main" function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. There are no stack cookies, so exploitation is easily achieved by overwriting SEH structures. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1964, OSVDB-65552
SHA-256 | 6b4d95471d68cca9d3ef11a5eae191b4a98a078054233598f568e7012765400b
HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow
Posted Mar 24, 2011
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits NNM's nnmRptConfig.exe. Similar to other NNM CGI bugs, the overflow occurs during a ov.sprintf_new() call, which allows an attacker to overwrite data on the stack, and gain arbitrary code execution.

tags | exploit, overflow, arbitrary, cgi, code execution
advisories | CVE-2011-0267
SHA-256 | afac3550398fcdd4661e55f613d7be338e41b1ddad70329e7911c3925f72091a
HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
Posted Mar 24, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted ICount parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1554
SHA-256 | 4c22f86bdf3b46260576ea5cf66c91a1e70361023d657dd8cabdade506e19c3c
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close