what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2010-10-16 to 2010-10-17

DATAC RealWin 2.0 Stack Overflow
Posted Oct 16, 2010
Authored by Luigi Auriemma | Site aluigi.org

DATAC RealWin versions 2.0 build 6.1.8.10 and below suffer from multiple stack overflow vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 10cc6e32b4b5e6a19e7719ef4706e7a1cd904c85d9ca48c6783de69e3ed6cdc2
Rocket Software UniData 7.2.7.3806 Denial Of Service
Posted Oct 16, 2010
Authored by Luigi Auriemma | Site aluigi.org

Rocket Software UniData versions 7.2.7.3806 and below suffer from various denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
SHA-256 | d61f5f2e29252ddc27c114fab16623b0aa6b985c5be991ced7e832b553b7098f
IBM solidDB 6.5.0.3 Denial Of Service
Posted Oct 16, 2010
Authored by Luigi Auriemma | Site aluigi.org

IBM solidDB versions 6.5.0.3 and below suffer from a remote denial of service vulnerability when receiving a malformed packet.

tags | exploit, remote, denial of service
SHA-256 | 863115a1791808ffc3159bf92a78b1ccf005d2d625480a6795e9b2f627e2039f
Zero Day Initiative Advisory 10-213
Posted Oct 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control. This module is responsible for handling the tfile, pnmm, cdda, protocol handlers. While parsing a long argument ending with ".smil" an attacker can overflow a buffer on the heap. This can be abused to execute arbitrary code under the context of the user invoking the control.

tags | advisory, remote, overflow, arbitrary, protocol, activex
advisories | CVE-2010-3751
SHA-256 | 99a8d76f437ce493e71d2cbbccf04da1d99377f3e56f8989ce9114468ab2402c
Zero Day Initiative Advisory 10-212
Posted Oct 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. By crafting a malicious media file an attacker can abuse this to execute arbitrary code under the context of the user running the player.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3750
SHA-256 | c7ad4c98f63e73d70e1f750a46cfa7e7ee48979e7fff19d179684652fa4d5d75
Zero Day Initiative Advisory 10-211
Posted Oct 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-211 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the browser plugins provided by RealNetworks. The RecordClip method can be access via the ActiveX control or the Firefox plugin. By injecting a specific character into the arguments to this method, invalid parameters can be passed to a child process that is launched on the local system. This parameter injection allows an attacker to download and subsequently execute a file on a target system, thus allowing for remote code execution.

tags | advisory, remote, arbitrary, local, code execution, activex
advisories | CVE-2010-3749
SHA-256 | 280b0bab89aa5f37e481f361348edb2e1fa6446339b4cc62f1d7ae34fd2863c4
eXV2 Content Management System 2.10 Cross Site Scripting
Posted Oct 16, 2010
Authored by LiquidWorm | Site zeroscience.mk

eVX2 Content Management System version 2.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aad947f5fc315f707fa067e5d143cdfa86d7a03b586f250014779ca7e3a3dec9
Zero Day Initiative Advisory 10-210
Posted Oct 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-210 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of long CDDA URIs due to a failure to initialize a particular component of an object. The application will later call a method in the object leading to the uninitialized pointer being called. If an attacker can place data they control at the uninitialized location, the application will call malicious pointer which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-3747
SHA-256 | 3cc75328eddc338d0bc1a9e1842ae48b5843645728a1537702121a0ea0b49563
IC Blogger Database Disclosure
Posted Oct 16, 2010
Authored by indoushka

Three different IC Blogger database disclosure exploit.

tags | exploit, info disclosure
SHA-256 | b5fcc8e35081939d6a45fadf360a987796c5227ede1864db2c7c5ba9467a2f2e
Fatihsoftblog Database Disclosure
Posted Oct 16, 2010
Authored by indoushka

Fatihsoftblog suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | ac6bc987750a86d3109302c0fb001a4e13d4fa4b6411f1bd0977b37f9c3c70ca
Zero Day Initiative Advisory 10-209
Posted Oct 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-209 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing malformed sample data. The application utilizes a index in this data stream for seeking into a list of objects. Due to the lack of constraints on this index, one can seek to an arbitrary object located in memory which will lead to code execution under the context of the currently logged in user.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-2998
SHA-256 | 3d3cf6f327ce9b8b0fdc80acbae2c7a16547bc9a1b75461107800a7e186004b3
Mandriva Linux Security Advisory 2010-205
Posted Oct 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-205 - freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the package, require modules or functions. The updated packages have been upgraded to v2.2.1 which is not vulnerable to this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2445
SHA-256 | 86f518a8ac1de9f74caa0006ed3efc117b59a9084ec18a2ab89a828f70699f53
PHP Auction Forum Remote File Inclusion
Posted Oct 16, 2010
Authored by jos_ali_joe

PHP Auction Forum suffers from a remote file inclusion vulnerability.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | ac98011a2760c40d4328538b1cd3c44dc0c95504915238dff1f996c1710fb7f4
CMS Board 1.0 Remote File Inclusion
Posted Oct 16, 2010
Authored by jos_ali_joe

CMS Board version 1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 38e3da200d1acec73586f83a53203b5702086dc5329ac5ba13638ccfca775c28
Complete-Blog Database Disclosure
Posted Oct 16, 2010
Authored by indoushka

Complete-Blog suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 6cf498c07c08a8b426f460ec288d7c5b7fff25ee7950015582aa9819f11d74b8
Blog Turkce 1.1.3 Database Disclosure
Posted Oct 16, 2010
Authored by indoushka

Blog Turkce version 1.1.3 remote database disclosure exploit.

tags | exploit, remote, info disclosure
SHA-256 | a1cad9e84f8906a54c069b5af8fc453defe80e06ee58994f3f01c7fca339cee4
PCDJ Karaoki 0.6.3819 Denial Of Service
Posted Oct 16, 2010
Authored by Abdi Mohamed

PCDJ Karaoki version 0.6.3819 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 209d7eecad111c1aeaf107c617198fcf9e7b2133bc9d72c24f1b503b31c79acb
KCFinder 2.2 Shell Upload
Posted Oct 16, 2010
Authored by saudi0hacker

KCFinder version 2.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 24aa10372071f766797972627df47860c20e6dc0b6f692ce3160830e7115f8aa
Asterisk Trixbox CE Cross Site Scripting
Posted Oct 16, 2010
Authored by dave b

The Trixbox CE module for Asterisk Phonebook suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 158b9f67d87f7b0f555439b20f5acbb59d38c1261920834063b5747b3bc6c163
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close