exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 57 RSS Feed

Files Date: 2009-04-15

Technical Cyber Security Alert 2009-105A
Posted Apr 15, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-105A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
SHA-256 | 94105afd3b535cdfbefb6dcced0c507848f22cf6a98ab82edfcc63bac48889b8
Debian Linux Security Advisory 1771-1
Posted Apr 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1771-1 - Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit. Attackers can cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. Attackers can cause a denial of service (infinite loop) via a crafted tar file that causes (1) clamd and (2) clamscan to hang. Attackers can cause a denial of service (crash) via a crafted EXE file that crashes the UPack unpacker.

tags | advisory, denial of service, vulnerability, virus
systems | linux, debian
advisories | CVE-2008-6680, CVE-2009-1270
SHA-256 | dd4582c7ce66daa9cb0edcf432b78f10bb534cdb0ba8461534b5101238db5c9c
iDEFENSE Security Advisory 2009-04-15.1
Posted Apr 15, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.15.09 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to gain root privileges. The set-uid root binary "muxatmd" concatenates the calling program name with the static string ".pid". The destination buffer passed to the function call used for concatenation is a static-sized stack buffer. Since no bounds checking is performed, a stack-based buffer overflow can occur when a long program name is given. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3 (5300-09-02-0849). Other versions may also be affected.

tags | advisory, overflow, local, root
systems | aix
SHA-256 | 3b317e77470c29314f27d74a37e2613a44dff497e0d08d313ad991e166571d2a
iDEFENSE Security Advisory 2009-04-14.2
Posted Apr 15, 2009
Authored by iDefense Labs, Sean Larsson, Jun Mao | Site idefense.com

iDefense Security Advisory 04.14.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s WordPad could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the content of a Word97 format file. When reading in the data, the code uses a 32-bit integer from the file to check a buffer length while using the lower 16-bit value to do the actual copy. This results in a stack buffer overflow. This stack buffer is overwritten with data from the file. iDefense has confirmed the existence of this vulnerability in Wordpad on Windows 2000 SP4. Windows XP SP3 is not affected. Vista and Server 2008 are not affected as they no longer contain the Word97 converter.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-0235
SHA-256 | 619400cb987192e72c2d05da51ff52e996d4d4c10414389a155b0889e87cb2bf
SKPD Running Process Dumping Tool
Posted Apr 15, 2009
Authored by Albert Sellares | Site wekk.net

SKPD is a tool that will dump a running process to an executable ELF file. Written to work on various flavors of Linux.

systems | linux
SHA-256 | ec6d74a7d74610444f1b0d45a29b83d2bd0391a4c0b5188f859e0f0881d2597f
Nortel Application Gateway 2000 Password
Posted Apr 15, 2009
Authored by D. Matscheko | Site sec-consult.com

SEC Consult Security Advisory 20090415-1 - The Nortel Application Gateway 2000 versions 6.3.1 and below suffer from a password disclosure vulnerability.

tags | exploit
SHA-256 | 6a602258e8f29deb14f3eb5ff281f26e0e43c3f7484aceaeafab1860a788f32d
Novell Teaming Enumeration / XSS
Posted Apr 15, 2009
Authored by Michael Kirchner | Site sec-consult.com

SEC Consult Security Advisory 20090415-0 - Multiple vulnerabilities have been identified in Novell Teaming. These include enumeration of usernames, information disclosure, and cross site scripting flaws. Version 1.0.3 is vulnerable.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | e32f1a48232fe353e2a85526ef291e78bafffd7789d861410bca9cc87b1b1dc3
Mod-Perl Perl-Status Cross Site Scripting
Posted Apr 15, 2009
Authored by Richard Brain | Site procheckup.com

The perl-status utility as included with Mod_perl suffers from a cross site scripting vulnerability.

tags | exploit, perl, xss
advisories | CVE-2009-0796
SHA-256 | de439bb421e77dc689929ce1ef77502f19c9bc54c7d2836c7d566630c8db74c5
Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
Posted Apr 15, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing certificates and can be exploited to cause a stack-based buffer overflow by supplying a specially crafted certificate. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2009-0190
SHA-256 | 5074d6ba3a66e64cbd2128beff95b591a78d8db4beb783f1de7c833c207d8698
Oracle BEA WebLogic Server Plug-ins Integer Overflow
Posted Apr 15, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The Oracle BEA WebLogic Server can be configured to receive requests via an Apache, Sun, or IIS web server. In this case, a plug-in is installed in the Internet-facing web server that passes the request to a WebLogic server. An integer overflow when parsing HTTP requests can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2009-0189
SHA-256 | dc03394e303c7b0bb15553655fc95276584fa1a608c7c0de7c576dc9a80e81c2
SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method
Posted Apr 15, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a security issue in SAP GUI, which can be exploited by malicious people to gain knowledge of sensitive information, corrupt files, or compromise a user's system. The problem is that the bundled KWEdit ActiveX control (KWEDIT.DLL) provides the insecure method "SaveDocumentAs()", which saves an HTML document to a specified location. This can be exploited in combination with e.g. the "OpenDocument()" method to disclose the contents of files or to execute arbitrary code on a user's system. SAP GUI versions 6.40 Patch 29 and 7.10 Patch 5 are affected.

tags | advisory, arbitrary, activex
advisories | CVE-2008-4830
SHA-256 | 7618d00c720ce23c45412fe3d1fdff7227a5fd75d55de1cf1bf99df89823fb97
DivX Web Player Stream Format Chunk Buffer Overflow
Posted Apr 15, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in DivX Web Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a signedness error in the processing of "STRF" (Stream Format) chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted DivX file. Successful exploitation may allow execution of arbitrary code by tricking a user into visiting a malicious website. Version 1.4.2.7 is affected.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2008-5259
SHA-256 | 54ea8ecf7fafd5257e181eedfb9f4396be203de36a9e6faff27b7efd86841baa
SniffJoke IDS Evasion Tool
Posted Apr 15, 2009
Authored by s0ftpj, vecna | Site delirandom.net

SniffJoke is middleware software for Linux that is managed by a web interface and enables connection scrambling technology, also known as sniffer evasion techniques.

tags | web
systems | linux
SHA-256 | 5ddc5fffbed7e6ff9f0d22260acc4ad37ef5df2df0d55152510d368444648800
HITB Security Conference 2009 Call For Papers
Posted Apr 15, 2009
Site conference.hackinthebox.org

The Call for Papers (CFP) for Hack In The Box 2009 Malaysia is now open.

tags | paper, conference
SHA-256 | 7c60af675478f7689b55ce8070ad77da22186991b5523b7f99741d5116216eb0
Mozilla Firefox 3.0.8 Zero Buffer Check Memory Exhaustion / Leaking
Posted Apr 15, 2009
Authored by Aditya K Sood | Site secniche.org

Mozilla Firefox version 3.0.8 zero buffer check memory exhaustion and leaking proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 55bd1981802453b04fbaae6651ddbd514ddedb2596dd3a86acb01ecb680355ee
FreeWebShop.org 2.2.9 RC2 Local File Inclusion
Posted Apr 15, 2009
Authored by ahmadbady

FreeWebShop.org version 2.2.29 RC2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | fcaa444b46cf486b74ca1eee5bf5cf6c70b16e27bbad26ad6348f3eff8e19a58
Job2C 4.2 Local File Inclusion
Posted Apr 15, 2009
Authored by ZoRLu

Job2C version 4.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 8b5937336d357e213ed1b0430b8eda1904d04ce46f4ce49fb98c9c5dc0a655e3
Ubuntu Security Notice 758-1
Posted Apr 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-758-1 - Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service.

tags | advisory, denial of service, overflow, local, root
systems | linux, ubuntu
advisories | CVE-2009-1185, CVE-2009-1186
SHA-256 | 403f65c16827af7fc2d3ec856ded0e4c8179780173a8be6bb4a0c8d2bb73a00b
Ubuntu Security Notice 757-1
Posted Apr 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-757-1 - Multiple vulnerabilities have been discovered in Ghostscript including a buffer underflow, denial of service, and code execution issues.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792
SHA-256 | 81628368b5aa45c28e702d4a6611558e09155398789324be0033f0f2ca44655c
Aria News XSS / SQL Injection
Posted Apr 15, 2009
Authored by Securitylab Security Research | Site securitylab.ir

Aria News suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a389a2803ba19296806e9b594a0757403db2341a931ec39bf8bf6fa0291e11ad
Microsoft Office Excel Remote Memory Corruption
Posted Apr 15, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.

tags | advisory, remote
advisories | CVE-2009-0100
SHA-256 | 7a0c64574b2e01dbddc971f3557dfe31f8e6283bdc787167adabb29625283c88
Zervit 0.02 Buffer Overflow
Posted Apr 15, 2009
Authored by e.wiZz!

Zervit webserver version 0.02 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 716906102683fa275b36132876acd90673d96c37d9e4bf2fde2d57aac7f91d11
Microsoft Windows Media Player Overflow
Posted Apr 15, 2009
Authored by HuoFu

Microsoft Windows Media Player integer overflow proof of concept exploit that creates a malicious .mid file.

tags | exploit, overflow, proof of concept
systems | windows
SHA-256 | 18ac2d4542c7532118a30e5bf04569dc034bf7867da5c21434505321366f7458
OpenSCAP Libraries
Posted Apr 15, 2009
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.

Changes: This release adds support for Python binding for all libraries.
tags | protocol, library
SHA-256 | 95bfe19dedc636526256f37438d735afed7e3a31e16e81546c01629c445b4def
Star Downloader Free 1.45 Overwrite
Posted Apr 15, 2009
Authored by dun

Star Downloader Free versions 1.45 and below universal SEH overwrite exploit.

tags | exploit
SHA-256 | ab6dea0952c0b1a664d818019ec8054f3e16fc46645f68d5dce4ff804577a426
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close