what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2009-10-08

Mandriva Linux Security Advisory 2009-217
Posted Oct 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-217-2 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. The previous mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded. The new packages addresses this problem.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2408
SHA-256 | 5d153e895d2c4dc83174535c48a54a3e25b1eb3bc4bd5b2021de6a9d2f438c6e
FreeBSD 7.2 devfs Race Condition
Posted Oct 8, 2009
Authored by Przemyslaw Frasunek

FreeBSD version 7.2 VFS/devfs race condition local root exploit.

tags | exploit, local, root
systems | freebsd
SHA-256 | 0962dc609b578253e7a0077ff12df2f5ca748f4130b4878e9ea7f88748d745d0
FreeBSD 6.4 pipeclose()/knlist_cleardel() Race Condition
Posted Oct 8, 2009
Authored by Przemyslaw Frasunek

FreeBSD version 6.4 pipeclose()/knlist_cleardel() race condition exploit that results in a NULL pointer dereference and runs code in kernel mode giving a root shell and escaping from jail.

tags | exploit, shell, kernel, root
systems | freebsd
SHA-256 | ff5a5f20c66ed5ad7afaa75d4c20c068bb2ea0c34ba9b00106c522b3827ab739
Mandriva Linux Security Advisory 2009-217
Posted Oct 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2408
SHA-256 | 23af80c1b7971740b54732c05fcee9a0e68f26cda0ac036694fe85e3e7b41042
Ubuntu Security Notice 845-1
Posted Oct 8, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 845-1 - Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-2363
SHA-256 | 8a07b43623964554ee4d60030d33abaa73cee06f563bc7b18311e5fb89cf9196
Ubuntu Security Notice 844-1
Posted Oct 8, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 844-1 - Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. This update fixed the issue by disabling the \\input and \\counter tags.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1382, CVE-2009-2459
SHA-256 | 6ebcdd3ec522f75d7b824d647265faab643b4fafb8577e9bbd25a36e4e4fad79
BMW inventory.php SQL Injection
Posted Oct 8, 2009
Authored by Dazz

The BMW inventory.php script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 3c9bcfb16697ae94c4cde39bfc91d31405bae08f03e6a05ae71d30407236a042
httpdx 1.4 Buffer Overflow Exploit
Posted Oct 8, 2009
Authored by Pankaj Kohli | Site pank4j.com

httpdx web server version 1.4 if vulnerable to a remote buffer overflow vulnerable when supplied a long GET request. Exploit is written for httpdx 1.4 on Windows XP SP3 and binds a shell to port 58821.

tags | exploit, remote, web, overflow, shell
systems | windows
SHA-256 | 5d96dbe8f5911c612a8f12706970eff41b42e26d83533dd643d8743bbe48c779
DreamPoll 3.1 SQL Injection / XSS
Posted Oct 8, 2009
Authored by mark from infosecstuff | Site infosecstuff.com

DreamPoll version 3.1 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 96540251c99a71b9548802ebedafaafcfd836b4aa7264156b4aae4a60ffc0e2b
Free WMA MP3 Converter 1.1 Buffer Overflow
Posted Oct 8, 2009
Authored by KriPpLer | Site x-sploited.com

Free WMA MP3 Converter version 1.1 local buffer overflow exploit that creates a malicious .wav file and executes a reverse shell.

tags | exploit, overflow, shell, local
SHA-256 | 91a500175b9cf71b97054fc07b9ac5c5a2c5625d18c5b8c212a166f6e30ed90d
Mandriva Linux Security Advisory 2009-259
Posted Oct 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2008-1804
SHA-256 | 28c2075c1e4286319cc937a5d2585bf98b1ac3991c45cf7ef0e9bb1a1fa81964
Riorey RIOS Hardocded Password
Posted Oct 8, 2009
Authored by Marek Kroemeke

Riorey DDoS mitigation appliances suffer from a very poor design vulnerability where they have a hardcoded root login and password for automation. Fail!

tags | exploit, root
SHA-256 | 29c26502b9e544b424841c7d7e3ccd28614e8629e9e6f9e8c76dac87a75fd345
SAP GUI VSFlexGrid Active-X Buffer Overflow
Posted Oct 8, 2009
Authored by Sh2kerr, Elazar Broad | Site dsecrg.com

The VSFLEXGrid component of the SAP GUI is susceptible to a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 04d60f014b9f2a3d08a47e1adb8e4bb8844b3ade41a517d5445b1dd291408bc4
HP LaserJet Cross Site Scripting
Posted Oct 8, 2009
Authored by Sh2kerr | Site dsecrg.com

Multiple security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).

tags | exploit, vulnerability, xss
advisories | CVE-2009-2684
SHA-256 | 032340f6ad00d3fd6574a58ec760211cc4ca9e551c56263295c9d5478714ff05
iDEFENSE Security Advisory 2009-10-07.1
Posted Oct 8, 2009
Authored by iDefense Labs, Rodrigo Rubira Branco | Site idefense.com

iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.

tags | advisory, remote, overflow, arbitrary
systems | aix
SHA-256 | e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7
Debian Linux Security Advisory 1903-1
Posted Oct 8, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1903-1 - Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-3134, CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621, CVE-2009-1882
SHA-256 | 6d5179b5aeb249da4cccef2f2c75a9a35492f1a8e89f9bbfd1ebd39b5ba9fb5f
Ada Image Server 0.6.6 SEH Overwrite
Posted Oct 8, 2009
Authored by Blake

Ada Image Server version 0.6.6 SEH overwrite exploit. Written in python. Binds a shell to port 4444.

tags | exploit, shell, python
SHA-256 | d87bfb3e20915566a05ab76213e11a737937addc368ddc45c29a3fc9b3288009
Mandriva Linux Security Advisory 2009-258
Posted Oct 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-258 - A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue.

tags | advisory
systems | linux, mandriva
SHA-256 | ae264392410c356f15e323a1579630a82677a08a2427e39a21de50cb2e69fd12
AIOCP 1.4.001 Remote File Inclusion
Posted Oct 8, 2009
Authored by Hadi Kiamarsi

Aiocp version 1.4.001 suffers from additional remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | d5f3c3ea2de07e6a0210370e40412708d788a12a573295f2e9b02d40a734c2fd
HP Security Bulletin HPSBPI02463 SSRT090061
Posted Oct 8, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).

tags | advisory, vulnerability, xss
advisories | CVE-2009-2684
SHA-256 | dee6572b2f13d5c018e94984cef0ef071e52601d32d372abf35ff88651969613
BulletProof FTP Client Buffer Overflow
Posted Oct 8, 2009
Authored by Rafael Sousa

BulletProof FTP Client version 2.63 build 56 buffer overflow exploit that creates a malicious .bps file.

tags | exploit, overflow
SHA-256 | 54feb16effffb6293466f4c1bec363d91cd5eb8e7dc5e168d2470fdcaa911483
Joomla Recerca SQL Injection
Posted Oct 8, 2009
Authored by Don Tukulesto | Site indonesiancoder.com

The Joomla Recerca component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 918fd128c5b2063a82b782b1023a1fc630b16609a39c38665e043e91dd4b2b13
Origami PDF Exploit Creator 1.0.0
Posted Oct 8, 2009
Authored by Frederic Raynal, Guillaume Delugre | Site security-labs.org

origami is a Ruby framework designed to parse, analyze, edit, manipulate, forge, exploit PDF files. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and/or analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

Changes: This version 1.0.0-beta1 (released while at HITB) comes up with the ability to forge documents with more graphical contents.
tags | tool, ruby
systems | unix
SHA-256 | 03d625dd6742e83e1cf1e7aada8ac8204c837386922d724032600a741c8dd32d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close