what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Apple Quicktime Memory Corruption
Posted Dec 17, 2010
Authored by Rodrigo Rubira Branco

The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).

tags | advisory
systems | apple
advisories | CVE-2010-3801
SHA-256 | facb84d8419ffcf0bba2fe7f89e1f2ae1bc160d4a44a1f04b6c7f18419579e90

Related Files

Slackware Security Advisory - Seamonkey Updates
Posted Jul 19, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 0e7f91ef946bc3b298a3e525bf3374f95ba16115fb231414c495eec83ec0f72a
Slackware Security Advisory - Mozilla Thunderbird Updates
Posted Jul 19, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 40aae2ac9ae928d4b5512868d380d3f44f261b48cff60ff0fa08d133476e261d
Slackware Security Advisory - Mozilla Firefox Updates
Posted Jul 19, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 0fe3a5c29502f07945a64923b1d89ec43de7af314e8be1821be25a414eba2195
URLCrazy Domain Name Typo Tool 0.5
Posted Jul 19, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Now supports Ruby1.9.1, CSV output, homoglyphs, shows the country for IPs.
tags | tool, web
systems | unix
SHA-256 | 744bfee0933dc8f1f2432528d5f7c5ce770416146ddc67b984b5117426e99dcd
Red Hat Security Advisory 2012-1098-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1098-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406
SHA-256 | a4403bcb8e6ea39cef9f81f3176ba1bb2782088e2076dfc97ee09e39f03e3438
Red Hat Security Advisory 2012-1097-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1097-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-3406
SHA-256 | 1c4404ac353004ea4bc37b5126608f16e0e060649ba8f8ba172c59bb8a07d6a2
Simple Packet Sender 3.0
Posted Jul 17, 2012
Authored by Hohlraum | Site sourceforge.net

Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.

Changes: Various additions and bug fixes.
tags | tool, udp, scanner, tcp
systems | linux, unix
SHA-256 | 3e2b136f015fae19c61b2b118d1d58402b2d75b2f9c0c22031532788387ffcbe
Slackware Security Advisory - Pidgin Updates
Posted Jul 17, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-3374
SHA-256 | a88e26046b8bc391e0c4c84f585e2c060fb72db3a90cd34e037858c1ff507966
Slackware Security Advisory - PHP Security Updates
Posted Jul 17, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
SHA-256 | 3ff04ee32668e3d12cde5cacdf554aa5ecd59402e6b6782ca20ce833c430d0c8
Google Chrome 19 metro_driver.dll Mishandling
Posted Jul 17, 2012
Authored by Moshe Zioni

Google Chrome developers, while trying to be adaptive and current, added some windows 8 helper functions to aid the development of Metro style behavior, but does not include the library file itself, thus resulting in an unqualified dynamic-link library call to 'metro_driver.dll'. A user with local disk access can carefully construct a DLL that suits the pattern that is being traversed by the client and implement it somewhere along the search path and the client will load it seamlessly.

tags | exploit, local
systems | windows
advisories | CVE-2012-2764
SHA-256 | dbb9d62577ac5b978fa6419192db9f6b4808436e28a90885a8548c968b26a7d8
Libexif 0.6.20 Overflows / Denial Of Service
Posted Jul 16, 2012
Authored by Yunho Kim, Dan Fandrich, Mateusz Jurczyk

A large amount of heap and buffer overflows along with denial of service conditions have been addressed in libexif. Versions 0.6.20 and below are affected.

tags | advisory, denial of service, overflow
advisories | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841, CVE-2012-2845
SHA-256 | 7c6eb35c0114a47e761fa33fe4d24e97391d0ae94702f7a6c5114836348d9739
Red Hat Security Advisory 2012-1081-01
Posted Jul 16, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1081-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2012-2337
SHA-256 | 2dfbfa43bde13f32ff7b638eeb910225f286b002c9fd10e5b654f6375bb16e10
Red Hat Security Advisory 2012-1080-01
Posted Jul 16, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1080-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SHA-256 | 91d7fea7aa7d7b39fe7a3a9a4e3d7288cafa175bf77962bef334da06bf3382aa
ALLMediaServer 0.8 Buffer Overflow
Posted Jul 16, 2012
Authored by modpr0be, juan vazquez, motaz reda | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability is caused due to a boundary error within the handling of HTTP request. While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't reliable across virtual (VMWare, VirtualBox) and physical environments. Because of this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default DEP is OptIn and AllMediaServer won't run with DEP.

tags | exploit, web, overflow
systems | windows
SHA-256 | cd224eb091bd83cac2f6867238fdeea0e253250295ed9b0257c0173e71de0311
Cura 1.5
Posted Jul 16, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: The modules screen is now Tabular, providing a much better user experience in which all of Cura's modules are provided as tabs on the top of the screen.
tags | exploit, remote
SHA-256 | 1701fc58dc21a0ecb6c45f4836abb5e380f5e8214af1f3d389ec0e35ee46a019
Secunia Security Advisory 49858
Posted Jul 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 394c46ea9f46bca7328b299fb6281fcd27d6ac1da51952d12333bbbe81d35ea5
Shopware 3.5 SQL Injection
Posted Jul 14, 2012
Authored by Kataklysmos

Shopware version 3.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5a6df1b8bd0a494ca93cc2d947cf380ac0ddc0a03aa982f3f7ca4cdd7b20e18c
VMware Security Advisory 2012-0012
Posted Jul 13, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0012 - VMware ESXi update addresses several security issues.

tags | advisory
advisories | CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841
SHA-256 | 5b4b01c7d05b407f2019d9dcb62997fbe3639d1b4af2d9e365e42c1b2fc8c4ac
Cura 1.4
Posted Jul 13, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: This release features a completely new UI for the Home (Login) screen where you are dropped upon launch. This is where you access/create/update/delete your server accounts, and it's had a complete do-over.
tags | tool, remote, wireless
SHA-256 | 79fd0da76674b5e455a947a43496357a83abbd086c7bf141c80764ec54afd32c
Secunia Security Advisory 49930
Posted Jul 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 93e428c53413983bf35aca0c5787aaca597fd468e44ede6570097574a3e2ecc9
WordPress Generic Plugin Shell Upload
Posted Jul 13, 2012
Authored by KedAns-Dz

This Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cf
Cisco Security Advisory 20120711-ctsman
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, protocol
systems | cisco
SHA-256 | 452844524965f84e286b89ccffc1bed14c53bc8b474602302070ba68650597c9
Cisco Security Advisory 20120711-ctms
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, protocol
systems | cisco
SHA-256 | 557ffed24e36cacc4f3361981664dc75d9334f99a5cbd59d57af8decc4ab8878
Cisco Security Advisory 20120711-cts
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence Endpoint devices contain multiple vulnerabilities. Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, web, arbitrary, vulnerability, code execution, protocol
systems | cisco
SHA-256 | 42649bcfcd3a6dd19ff048743d266c20939141c54c9347011ae3048feb8bb886
Samhain File Integrity Checker 3.0.5
Posted Jul 11, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes some issues with the Windows registry check.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 9e3d29cc126a1609f93c89cc4b178fb01f091d989e2b8cec117b79eadf7b611c
Page 4 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close