exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 96 RSS Feed

Files Date: 2009-01-21 to 2009-01-22

Mandriva Linux Security Advisory 2009-022
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.

tags | advisory, denial of service, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-4782, CVE-2007-4850, CVE-2008-1384, CVE-2008-2050, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498
SHA-256 | 4ea99f4240ecfa30f2ade91fa5134f537e90a95ae74fc87ce3b6a0bdc94aad8f
Mandriva Linux Security Advisory 2009-021
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-021 - Multiple buffer overflows, an array indexing error, and a denial of service vulnerability have all been addressed in php.

tags | advisory, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498
SHA-256 | b555ac0988692fa93e6e9e44ac9408180563ae66fd40475aa159a90f68e7f805
Mandriva Linux Security Advisory 2009-020
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-020 - Multiple vulnerabilities ranging from denial of service to heap-based overflows have been addressed in xine-lib.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5243, CVE-2008-5245, CVE-2008-5246
SHA-256 | 43ff4edc9f7da1c5c221e903dd7cc66b3c77e38c4641a9183d19d2b33c53ea40
Zero Day Initiative Advisory 09-08
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-008 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of JPEG atoms embedded in STSD atoms within the function JPEG_DComponentDispatch(). When the image width data in this atom is modified, a heap corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2009-0007
SHA-256 | 2fc0525616b743c71b0b45c4aa9c69f6ccbde9267a935cbd98bd820caf3e6f72
Zero Day Initiative Advisory 09-07
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-007 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of movie data encoded using the Cinepak Video Codec. When parsing the data in the MDAT atom, there exists a signedness error which leads to a heap overflow. When this occurs it can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2009-0006
SHA-256 | 3d3041e57e3d4f81add0aa5f963216ba06122a2034185a3929bda170154e291a
Gentoo Linux Security Advisory 200901-14
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-14 - An insecure temporary file usage has been reported in Scilab, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Versions less than 4.1.2-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-4983
SHA-256 | d5c89b847a6215410229ba377696d9443f39977cd0cee7271a7efbf2661cbe89
Gentoo Linux Security Advisory 200901-15
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-15 - A vulnerability in Net-SNMP could lead to a Denial of Service. Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Versions less than 5.4.2.1 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2008-4309
SHA-256 | df1dcc817a8effce7b67b98444e66e9d0d22d76918dfad9e2e83287e4208ecdc
Zero Day Initiative Advisory 09-06
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-006 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI files. When the AVI header contains a malformed nBlockAlign value in the _WAVEFORMATEX structure, a heap overflow may occur which can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, overflow, arbitrary
systems | apple
advisories | CVE-2009-0003
SHA-256 | 32683e18a3f5938bedcc596d878f86461cc50f823f86b1dee606298980fdcd80
Zero Day Initiative Advisory 09-05
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-005 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 'tkhd' atoms found inside QuickTimeVR files. Improper validation of the transform matrix data results in a heap chunk header overwrite leading to arbitrary code execution under the context of the currently logged in user.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2009-0002
SHA-256 | 39c657685c31cfb935822c756de85a3825c53ff6199e9ba245f40420b8dacba9
Cisco Security Advisory 20090121-cucmcapf
Posted Jan 21, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this vulnerability could cause an interruption in voice services. The CAPF service is disabled by default.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2009-0057
SHA-256 | 5e2b36de291e3497b6c4991f209f81884a0a970132e99f2cd077d46e7da57e43
Cisco Security Advisory 20090121-csm
Posted Jan 21, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server.

tags | advisory, remote, tcp
systems | cisco
advisories | CVE-2008-3820
SHA-256 | b226f4be76ab01dd4f1812dcdb417b7003248e443d0399aea14cdb496da02b86
Call For Papers - IMF 2009
Posted Jan 21, 2009
Site imf-conference.org

IMF 2009 Call For Papers - The International Conference on IT-Incident Management and IT-Forensics invites submissions for IMF 2009 being held from September 15th through the 17th, 2009 in Stuttgart, Germany.

tags | paper, conference
SHA-256 | 45935f6c9d7ccdf54786e90ef421e53ad14272c1f318da2de237331964b9d059
Joomla Beamospetition 1.0.12 XSS / SQL Injection
Posted Jan 21, 2009
Authored by vds_s

The Joomla Beamospetition component version 1.0.12 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 76d1b982a904d2e61522dd656a8e4453b23e78c33afb1c9875e9ab12f61a45fb
Command Execution With A MySQL UDF
Posted Jan 21, 2009
Authored by Bernardo Damele | Site bernardodamele.blogspot.com

Patched source code for lib_mysqldudf_sys that allows for command execution on mysql with user defined functions. Adds a sys_eval() UDF to return the standard output of the command executed.

tags | library
SHA-256 | 4b78254426b12bb3fdc6dcedbee863edc282799d0c7d4236f2652c31b3b1ef9b
Linux x86 ifconfig eth0 down Shellcode
Posted Jan 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

51 bytes small Linux x86 ifconfig eth0 down shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | a3473af2855a6c5ff9b7cd927a90afb55b0129f55cf72105ca38eca1e8b41fab
Linux x86 Kill Service Shellcode
Posted Jan 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

81 bytes small Linux x86 kill service shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 1eacead55cdb0e66a441d277f59ff4f223a04dbf645310ebf5be720905fca772
Linux x86 shutdown -h now Shellcode
Posted Jan 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

51 bytes small Linux x86 shutdown -h now shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 33b46659b70ce3e62caa1b0f4eaac4b8f681233e97c409b7fd895a976717ab45
Sad Raven's Click Counter Exploit
Posted Jan 21, 2009
Authored by Pouya Server

Sad Raven's Click Counter version 1.0 passwd.dat disclosure exploit.

tags | exploit, info disclosure
SHA-256 | 74bb2f257c294dd9e7866bc4c5649d1e99a63a07dfc6badd5fd44ce24eb176e9
eCLOWN ePassport Utility 1.01
Posted Jan 21, 2009
Authored by Jeroen van Beek | Site dexlab.nl

eCL0WN is an ePassport utility for Nokia NFC phones that allows you to read and clone your ePassport's chip content.

Changes: Added full support for reading non-BAC chips. Now sets target device to the same mode as the source chip. Added support for reading, writing and displaying datagroup 7. Fixed bug in index stripping routine for chips with 4+ tags in EF.COM.
tags | tool, wireless
SHA-256 | f3e4a00f991139e89b2ad23dbba70524c89e13376df08024a79fff973860b13b
ePassport Emulator 1.02
Posted Jan 21, 2009
Authored by Jeroen van Beek | Site dexlab.nl

epassport_emulator is an ePassport / eID emulator for JavaCard. It implements functionality as described in ICAO Doc 9303. Additionally it implements functionality to write files and key data to the emulator.

Changes: Added non-BAC support. Added support for switching mode in runtime. Various other additions and some updates.
tags | tool, wireless
SHA-256 | 251badbe6d1f5c41e1136bed44fd3fd88eedd63b1ccef5e7f59f1cf4fe338f54
Firefox 3.0.5 Status Bar Obfuscation / Clickjacking
Posted Jan 21, 2009
Authored by MrDoug

Firefox version 3.0.5 status bar obfuscation / clickjacking code.

tags | exploit
SHA-256 | 2b57a072c851ffda435848acb72e2a9888ecaf3b12f24c38446f91038ea3bca9
T-Com Speedport W 500 V Router Security Issues
Posted Jan 21, 2009
Authored by insec

Whitepaper discussing the T-Com Speedport W 500 V router and related security issues that surround it.

tags | paper
SHA-256 | ca98914c79ee53400280c9bc1a834d3f915411123635480dfeace5a33f6fa6fc
Debian Linux Security Advisory 1693-2
Posted Jan 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1693-2 - The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw.

tags | advisory
systems | linux, debian
advisories | CVE-2007-2865, CVE-2007-5728, CVE-2008-5587
SHA-256 | 062ebd9f3ac3214ae5f72ee6b947ca0a7dbc1ad3944e42915968c3a3d4ce7944
Debian Linux Security Advisory 1709-1
Posted Jan 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1709-1 - Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.

tags | advisory, arbitrary, local, root
systems | linux, debian
advisories | CVE-2008-5394
SHA-256 | 09833b69f4afe2a9898a02704962c10e5a4940dd1d419a7c77ac8e88550c008f
Mambo SOBI2 SQL Injection
Posted Jan 21, 2009
Authored by Br1ght D@rk

The Mambo SOBI2 component version RC 2.8.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 52bea71664a15b4c7c4b9c4cdbf8baa918763cd1240e165cf608bbb40e9b1f78
Page 1 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close