what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 44 of 44 RSS Feed

Files Date: 2011-08-10 to 2011-08-11

HP Security Bulletin HPSBMU02695 SSRT100480
Posted Aug 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02695 SSRT100480 - Potential security vulnerabilities have been identified with HP OpenView Performance Insight. The vulnerabilities could be exploited remotely to execute arbitrary code by HTML injection and to gain unauthorized access. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-2406, CVE-2011-2407
SHA-256 | 2ee6d1dde849be2f52899ef4710f3b39e91e0b990b96a40002a45ea12ecca8ca
Ubuntu Security Notice USN-1188-1
Posted Aug 10, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1188-1 - Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-1831, CVE-2011-1832, CVE-2011-1833, CVE-2011-1834, CVE-2011-1835, CVE-2011-1836, CVE-2011-1837
SHA-256 | fe2f44aca4f4d78e3767514f59f7522f711afb4689ded54a89988c06b03f35e8
Red Hat Security Advisory 2011-1132-01
Posted Aug 10, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1132-01 - D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially-crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2011-2200
SHA-256 | 0cda545a6543cdc232ce13767f8c34f2e0690d0712d467c6878d4ae0d25a3356
Zero Day Initiative Advisory 11-250
Posted Aug 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. If this counter is too big it will result in a heap overflow that can cause remote code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2011-0252
SHA-256 | 581a285c35b3772d09b1038c48161dd767d3e75b5de3a44a9571abbe1fdc1e4e
Technical Cyber Security Alert 2011-221A
Posted Aug 10, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-221A - There are multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET Framework, and Microsoft Developer Tools. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | 7bc3edd86798223e1d720cd901dbbe4957dad0aadf4af55a394613bf927278ed
Free CD To MP3 Converter 3.1 Buffer Overflow
Posted Aug 10, 2011
Authored by C4SS!0 G0M3S, KedAns-Dz | Site metasploit.com

Free CD to MP3 Converter version 3.1 universal DEP bypass exploit.

tags | exploit
SHA-256 | d9b3f2964cd5ec872ea7ba3155899d3cf87c2121259b2180725481e47c36ceed
Microsoft Security Bulletin Summary For August 2011
Posted Aug 10, 2011
Site microsoft.com

This bulletin summary lists 13 Microsoft security bulletins released for August 2011. The bulletins included are MS11-057, MS11-058, MS11-059, MS11-060, MS11-061, MS11-062, MS11-063, MS11-064, MS11-065, MS11-066, MS11-067, MS11-068, and MS11-069.

tags | advisory
SHA-256 | c6f21b40c7a38683575fae0f1c8d029c279fd9db3e25fe5d75ed5f39d332561b
ZipGenius 6.3.2.3000 (.zip) Buffer Overflow
Posted Aug 10, 2011
Authored by C4SS!0 G0M3S, KedAns-Dz | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 4478ca40041d7cf95b3c3c14d49c5835b6d2c2ed232534c12aa53181799a7142
Zero Day Initiative Advisory 11-249
Posted Aug 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-249 - This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. When a new Internet Explorer process is launched it checks the Integrity of the file it is launched against. If the file is a Low Integrity file it will run the process in Low Integrity Mode. It is however possible to give the file an even lower permission: Untrusted, since this does not match the check for 'Low Integrity' the Internet Explorer will run in Medium Integrity instead of Low Integrity. This can be abused in an exploit to bypass the Protected Mode design and thus allow an attacker to escalate their privileges.

tags | advisory, remote
SHA-256 | 51bd7c3412e7fb4f8056be72e056ff829c573cc8f00f72534f63acc07cd0d6d2
Microsoft Internet Explorer 6 / 7 / 8 Race Condition
Posted Aug 10, 2011
Authored by Lostmon | Site lostmon.blogspot.com

Microsoft Internet Explorer versions 6, 7, and 8 suffer from a Window.open race condition vulnerability.

tags | advisory
advisories | CVE-2011-1257
SHA-256 | 4a638b92f5cbb38832c9ca337ac3cff9c4fd9a6386d31dbd499bae976e2eb117
HP Security Bulletin HPSBPI02698 SSRT100404
Posted Aug 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02698 SSRT100404 - A potential security vulnerability has been identified with HP Easy Printer Care Software Running on Windows. The vulnerability can be remotely exploited to write arbitrary files to the system and execute them via the browser. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2011-2404
SHA-256 | e4ab1268cf278752d17fdfb7279bbbf7a5e7a03aff160e4a0ee4c03518829499
Fastmail 2 Shell Upload
Posted Aug 10, 2011
Authored by Net.Edit0r

Fastmail version 2 suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 12e555a843c4b40bb82084fe3d2f9017aa81835a8b85e2abdb833544e25b2aba
Zero Day Initiative Advisory 11-248
Posted Aug 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-248 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for handling STYLE elements. By creating a STYLE element with an invalid behavior, an attacker can force an object of invalid type to be called, resulting in corruption of heap memory. This can be leveraged by an attacker to achieve code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1964
SHA-256 | 9eb2dfda180769f65780f31f14c72642a804c72ddbb88f6572507e71448979f2
Zero Day Initiative Advisory 11-247
Posted Aug 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-247 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for reloading the markup for a root document object. During reloading of the markup, the application will dispatch a notification whilst retaining a reference to the object in the function's context. This can allow an event callback to tamper with the root document object. Usage of this malformed object can then be used to achieve code execution under the context of the application.

tags | advisory, remote, arbitrary, root, code execution
advisories | CVE-2011-1963
SHA-256 | 5f63023cdf67f0cc55c441c97851754ff42c979495099b6d8ad8d090424b812b
Careernet SQL Injection
Posted Aug 10, 2011
Authored by Skote Vahshat

Careernet suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bd06651ed37143ad8fd15fd1878078c30106d74b54bc2a7d34cd0d192a80280
American Bankers Association Cross Site Scripting
Posted Aug 10, 2011
Authored by Codeine

American Bankers Association suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 24ae71d450be9e69d7651aabe878550e6e3085eea66e94aa964692fd1b4d2fba
Chezola Systems SQL Injection
Posted Aug 10, 2011
Authored by Ehsan_Hp200

Chezola Systems suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fd019886cc267e7a6f93abe5abfbffcea299e44922325d47f7bb779fdf8f09b9
Amigot Corp SQL Injection
Posted Aug 10, 2011
Authored by Ehsan_Hp200

Amigot Corp suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d70009be15094067f104d516f2eeeac40ae0b0bc2af9c95c4fe11ae3ad0f730a
Avant-Garde Technologies SQL Injection
Posted Aug 10, 2011
Authored by Ehsan_Hp200

Avant-Garde Technologies suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9a06bc4823cb910ad74c56b2b38214aa443f9b4b1a965e89b9b9034541c7671c
Page 2 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close