what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files Date: 2011-06-07 to 2011-06-08

Mandriva Linux Security Advisory 2011-107
Posted Jun 7, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-107 - fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted message header or POP3 UIDL list. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a STLS request, which allows remote servers to cause a denial of service by acknowledging the request but not sending additional packets.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-1167, CVE-2011-1947
SHA-256 | f76d34b17f631223e59aa2ba6e51c25370839677d0b8989b2ea46fc400d18a12
BLOG:CMS 4.2.1.f Cross Site Scripting
Posted Jun 7, 2011
Authored by Stefan Schurtz

BLOG:CMS version 4.2.1.f suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ac0c8cb715546634af1034d70dc2fd65b0892a8bb6be45d3fd58ad55e057d349
Dataface Local File Inclusion
Posted Jun 7, 2011
Authored by ItSecTeam

Dataface suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | d7bc8c119afcd8d22c187870b656efe6f9dba43e8c2f040c555ce6652b54e166
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
Posted Jun 7, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.

tags | exploit, activex
systems | cisco
advisories | CVE-2011-2039, OSVDB-72714
SHA-256 | ef1996fa8324f29a9b671331d440a114bd14ca14534139ba1cdb0b9541a1ba33
Secunia Security Advisory 44825
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in KMPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 38fcd9173b92b771be14887a108a64da3a51fda3f67ec2cff335c3444845f8e2
Secunia Security Advisory 44737
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Zhang Boyang FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | e194de417f47fbaf335e527956d276bf60e200435e91a5949bcfb33cd68910f8
Secunia Security Advisory 44817
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 78754eea895d635f630ca6eedca4341369b079e4cf4c93d42f2aaa37ce373572
Secunia Security Advisory 44823
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in 1 Click UnZip, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | fda524cbbecf3c872dbb0d790ce6a5ca3c17f4d35696e591688726930543c38d
Secunia Security Advisory 44868
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for gimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | 47b9cb856a327655dd1568e5e20833c4e4ab12487549bf737699d4a15f980c02
Secunia Security Advisory 44865
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for unbound. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | b46aef49e83c327525be829dd7374eec5fb34e7fada1b833651713d3c21e9ddc
Secunia Security Advisory 44867
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mumble. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 1337bc747531c70aa89c82f3797d56a3788682ccb7b6b5e790e9e573797f24a2
Secunia Security Advisory 44872
Posted Jun 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, redhat
SHA-256 | d72cc4ec349aec1d943584df3f712bed68982d5f7d452a941df49cae40abf76f
Zero Day Initiative Advisory 11-181
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1707
SHA-256 | bc91adce1bd45fa15577bc229f615332822f74d37c5345e8507b31a5ec371be4
Zero Day Initiative Advisory 11-180
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1708
SHA-256 | 76c8aac3aaa1dd56609ce784b9bfa3b944af2b8b4f7a710acf917d2d9e1b9047
IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials
Posted Jun 7, 2011
Authored by Jeremy Brown

IBM Tivoli Endpoint version 4.1.1 remote SYSTEM exploit that leverages hard-coded base64 encoded authentication credentials in lcfd.exe and a stack-based buffer overflow when parsing HTTP variable values. Spawns a reverse shell to port 4444.

tags | exploit, remote, web, overflow, shell
SHA-256 | 0f8374a53f9ea835a56ed4f488e0af7bb4381a6ce425701de24237adb0986946
Directory Traversal Scanner 1.0.1.0
Posted Jun 7, 2011
Authored by AutoSec Tools | Site autosectools.com

This is a directory traversal scanner written in C# that audits HTTP servers and web applications. Complete source included.

Changes: UI improvements. Fixed a timeout. Settings are now saved upon exit. Several fuzz string updates and more.
tags | tool, web, scanner
systems | unix
SHA-256 | c6e52c1e2da6ad919fd343f4344bc7ff0add71acb44fbfb524bfd4042c533bbc
ProFTP Searcher PHP Script
Posted Jun 7, 2011
Authored by Burtay

This php script scans for ProFTP instances when provided an IP range.

tags | tool, scanner, php
systems | unix
SHA-256 | b67535a62c08567ea898568439edcd17fd0c5ed358a63670fce92c800ed52732
Ubuntu Security Notice USN-1122-3
Posted Jun 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1122-3 - USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Various other issues were also addressed

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081, CVE-2011-1202
SHA-256 | fcbe2acfdfc2dc9d4671f12b4fd20c3af797b24bac4bbc35088a7f1e63975b32
Zero Day Initiative Advisory 11-179
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the iprint-client-config-info parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1706
SHA-256 | 279b78ac788ad0454a5133cf6744fcf7bb29e7c71aca991801aa631596d22d61
1ClickUnzip 3.00 Heap Overflow
Posted Jun 7, 2011
Authored by C4SS!0 G0M3S

1ClickUnzip version 3.00 heap overflow exploit that creates a malicious .zip file.

tags | exploit, overflow
SHA-256 | 7d634efb257b10f31e54dc530eca9f5df439e4e9e5e8068e5e122d8a4bb75834
Mevlana Content Management System SQL Injection
Posted Jun 7, 2011
Authored by RoAd_KiLlEr

Mevlana Content Management System suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0940ce799ce0788ecf793051a8a91af430c8859a25b2ef578962d33be8af998f
Debian Security Advisory 2255-1
Posted Jun 7, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2255-1 - Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
SHA-256 | 0d44824abaf540af6d9d4accbd8f7b876931369b24f7b18b0d084e2af700821d
KMPlayer 3.0.0.1440 Buffer Overflow
Posted Jun 7, 2011
Authored by dookie, ronin

KMPlayer version 3.0.0.1440 buffer overflow exploit with DEP bypass that creates a malicious mp3 file.

tags | exploit, overflow
SHA-256 | 132a8a91ab46b94954a941964bc52cf820ea67a4c8ae0be94d92b5e07513bded
Zero Day Initiative Advisory 11-178
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1705
SHA-256 | 19164593dc3e90806077d1518c8540b9e8f300b001a3af65d3fb1277e4e7be52
CoolPlayer Portable 2.19.2 (.m3u) Stack Buffer Overflow
Posted Jun 7, 2011
Authored by KedAns-Dz, Securityxxxpert | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in CoolPlayer Portable version 2.19.2 by creating a specially crafted .m3u file.

tags | exploit, overflow
SHA-256 | 16325060098c651fb86c7e27b31ac0f3b467b1f9765769a5527c75a0de47cf11
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close