what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Digital Music Pad 8.2.3.4.8 SEH Overflow
Posted Dec 29, 2010
Authored by Abhishek Lyall

Digital Music Pad version 8.2.3.4.8 SEH overflow exploit.

tags | exploit, overflow
SHA-256 | 13c61e7a043d3a036cdb75753e6390a6e098f6948d02b4ae20043fd0da07cd8a

Related Files

ImmediateCrypt 1.0
Posted Jul 8, 2012
Authored by Giacomo Drago | Site code.google.com

ImmediateCrypt can easily encrypt and decrypt plain text messages with the AES-256 algorithm (CBC block chaining, PKCS5 padding).

Changes: This release trims Ciphertext and Plaintext before encryption, adds an "about" window, creates a portable build.xml file, adds a program icon, and adds small fixes and improvements.
tags | tool, java, encryption
SHA-256 | f4c3acded4c93c151b31bc879d681f7cb7c71ea201d5cd20639a1d305e25987c
Ubuntu Security Notice USN-1497-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1497-1 - Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. Padraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-3360, CVE-2012-3361, CVE-2012-3360, CVE-2012-3361
SHA-256 | 6e12798a2feb912d78105cce29f97f758bf35dbc4d8aa8f5c10843511e3f1435
Efficient Padding Oracle Attacks On Cryptographic Hardware
Posted Jun 27, 2012
Authored by Riccardo Focardi, Graham Steel, Joe-Kai Tsay, Lorenzo Simionato, Yusuke Kawamoto, Romain Bardou

This paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.

tags | paper
SHA-256 | 2f956e99861dabc4d9e263529db1992adcbe71b48930cc4158b998b604dc42b0
Asterisk Project Security Advisory - AST-2012-009
Posted Jun 14, 2012
Authored by Matt Jordan, Christoph Hebeisen | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server.

tags | advisory, remote, denial of service
advisories | CVE-2012-3553
SHA-256 | fd0d2c21399e574d3381cbf0d6fbf99a5bd73c0e0a594da8126262e1f90d0130
Zero Day Initiative Advisory 12-076
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. This resulting length will then be used in a memcpy operation into a statically sized buffer allocated on the heap. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0659
SHA-256 | ebbfba28118d24f1d8b399ccd10a105b73410f3d44f0dd5d1dda1152ef2b523a
Ubuntu Security Notice USN-1443-2
Posted Jun 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1443-2 - USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0949, CVE-2012-0950
SHA-256 | ca40d4ffaa1111eb7d818c773ab0a8c8febe32747e3c27eb46c7448579d6d480
Microsoft Wordpad 5.1 Null Pointer Dereference
Posted Jun 1, 2012
Authored by condis

Microsoft Wordpad version 5.1 suffers from a null pointer dereference vulnerability when handling .doc files. Proof of concept included.

tags | exploit, proof of concept
systems | linux
SHA-256 | f658d02c9b3a700c896b3777bb7470b170aca95ccaf5c375cb8266ecd8b4a3de
Ubuntu Security Notice USN-1443-1
Posted May 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1443-1 - It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2012-0948, CVE-2012-0949, CVE-2012-0948, CVE-2012-0949
SHA-256 | 6404506a03e0bd2370106f34332c5a744490330dc284ffba95740f7fd563f31a
iOS Application (In)Security
Posted May 6, 2012
Authored by Dominic Chell | Site mdsec.co.uk

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

tags | paper, vulnerability
systems | cisco, apple, iphone
SHA-256 | 334c947d960799417387ce8f1c27188fc7f859bd204b9dc50890663d07a20fba
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
SHA-256 | a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3ee
Asterisk Project Security Advisory - AST-2012-005
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

tags | advisory, overflow
SHA-256 | 135fdb3c4091f47c3bd1cc61841154a28cbda243b8fb16a579ebff1ce30c23ef
Secunia Security Advisory 48273
Posted Mar 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in phpLDAPadmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 2c5a2f0c9993830a1010d269563adc286aad384f5a7fa8cfa269fb46a0dab7c4
Secunia Security Advisory 48065
Posted Feb 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Cookpad for Android and Cookpad Noseru for Android, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | b408152a697d21f00fcd4ca0d2c7b38824e21a6f52c9b1be1855f22ef584e48d
Mandriva Linux Security Advisory 2012-020
Posted Feb 16, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-020 - Cross-site scripting vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, php, xss
systems | linux, mandriva
advisories | CVE-2012-0834
SHA-256 | fc18383c444f0e98e5338fd2381568e3cdd1de6806ac1ac555dc336f0a02fe3f
Secunia Security Advisory 47852
Posted Feb 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - coolpixgnu has discovered a vulnerability in phpLDAPadmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | a1e7f92a9d5bd7c6537c8c617a404414f6481c8f02aebf37598b235e98601a0c
phpldapadmin 1.2.2 Cross Site Scripting
Posted Feb 2, 2012
Authored by andsarmiento

phpldapadmin versions 1.2.2 and Debian build 1.2.0.5 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systems | linux, debian
SHA-256 | 7cfe6ebd8017974a319f808c28e972c8fe247ed242b748dafce3d9cac4112c36
Red Hat Security Advisory 2012-0086-01
Posted Feb 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0086-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4576, CVE-2011-4619
SHA-256 | f32422af624aca0e8358af4e1be4d6b04182fcdfd359eb13369111bdeb1e0c03
Red Hat Security Advisory 2012-0060-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0060-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
SHA-256 | 626386dc502d12fc29e4780f91473a6509e4ce82830fd07413d30317383f9ba0
Red Hat Security Advisory 2012-0059-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619
SHA-256 | 637d4b3792e367e77118dadf6e654fba56f63a5136cbc78f5b4bd3c1b6efa812
McAfee SaaS MyCioScan ShowReport Remote Command Execution
Posted Jan 18, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.

tags | exploit, remote, arbitrary, local, activex
systems | windows
advisories | OSVDB-78310
SHA-256 | debeb437470fa8e3b3a3c92cf587bcdbed8db74bfac9bf2f8a818ac7dc6ffb9d
Mandriva Linux Security Advisory 2012-007
Posted Jan 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-007 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service via crafted data from a TLS client. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027
SHA-256 | 33297fff20727775628ebfb8e80a51c11d2cb085c4af9ee958c7cbcbd758dc6e
Mandriva Linux Security Advisory 2012-006
Posted Jan 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-006 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
SHA-256 | 8546d8cc7082077b12848e834cf179f04e50bc8754ce2f0344bad607506f77b0
Debian Security Advisory 2390-1
Posted Jan 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4619
SHA-256 | 1bd9dd54ebd2b8dd8949d61a5c6e4677ff00eb13c0570952b6ac1337b614615a
Paddelberg Topsite Script Insecure Cookie
Posted Jan 9, 2012
Authored by Christian Inci

Paddelberg Topsite Script version 1.2.3 suffers from an authentication bypass vulnerability due to insecure cookie handling.

tags | exploit, bypass, insecure cookie handling
SHA-256 | 01a4d20a678fdeeadd7b1e958b70c5cb9c259861d031adfc774c469e7bab3b37
Secunia Security Advisory 46990
Posted Nov 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for phpldapadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
systems | linux, fedora
SHA-256 | ce4d69c9271027903bf32ccdea788f9aa506c04f8d4732ccdc0f809f913ff2d6
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    7 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close