what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2011-10-10

Gentoo Linux Security Advisory 201110-07
Posted Oct 10, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-7 - A denial of service vulnerability was found in vsftpd. Versions less than 2.3.4 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2011-0762
SHA-256 | 25e59b0d3d80cebbf1b5e0c8e00ef3aada01999dfcefc483d69463a203f3e7f6
Gentoo Linux Security Advisory 201110-06
Posted Oct 10, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-6 - Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code. Versions less than 5.3.8 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2006-7243, CVE-2009-5016
SHA-256 | d937f7ba42bbe2df00e5d03e378b1b5a751d7ff00095557a71a01c62290ba6b0
Gentoo Linux Security Advisory 201110-05
Posted Oct 10, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-5 - Multiple vulnerabilities were found in GnuTLS, allowing for easier man-in-the-middle attacks. Versions less than 2.10.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2730, CVE-2009-3555
SHA-256 | 3545aa8d55f2bf105713aa28ad3ddad8c8ca7f796307b025bb1255abe43b0827
Gentoo Linux Security Advisory 201110-04
Posted Oct 10, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-4 - Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code. Versions less than 2.0.13 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3235, CVE-2009-3897
SHA-256 | 9c7d8a2c3709f69bccb785657943f9036d02698c11410d7caab2bf38de049a96
Gentoo Linux Security Advisory 201110-03
Posted Oct 10, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-3 - Multiple vulnerabilities were found in Bugzilla, the worst of which leading to privilege escalation. Versions less than 3.6.6 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | e343c4e37d8196c61323db4df43bec939ccd58be7274741ef69e5707814277da
Mandriva Linux Security Advisory 2011-147
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-147 - The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3170
SHA-256 | af8b903986d241f2e750a29c0292b80e3f1dfc417d0557ec4e94c38e584385f0
Mandriva Linux Security Advisory 2011-146
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-146 - The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service via HTTP_UNAUTHORIZED responses. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2895. The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2432, CVE-2011-2896, CVE-2011-3170
SHA-256 | 48a1c0fec4da5f4548c480faaebd5504e2e71bfb04dc4f7b79dc01b7f4e22a7d
Debian Security Advisory 2322-1
Posted Oct 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2322-1 - Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2010-4567, CVE-2010-4568, CVE-2010-4572, CVE-2011-0046, CVE-2011-0048, CVE-2011-2379, CVE-2011-2380, CVE-2011-2381, CVE-2011-2978
SHA-256 | f31e2173c156ec8578b9821ec39738fb0a60a7a30467c27704beb1f7e66b4294
Debian Security Advisory 2321-1
Posted Oct 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2321-1 - A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.

tags | advisory, python
systems | linux, debian
advisories | CVE-2011-1058
SHA-256 | 8c0f1a089dabbb44312a9f61dfd8a3a6c5421bd634428c589dcce8b37b4b49b9
Mandriva Linux Security Advisory 2011-145
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-145 - Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2821, CVE-2011-2834
SHA-256 | 7089c6078eada2d879d785797ce58b1ae24e889eb5df5e26625fccb3e2851e1d
Mandriva Linux Security Advisory 2011-131-1
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. The updated packages have been patched to correct this issue. Packages were missing for Mandriva Linux 2011 with the MDVSA-2011:131 advisory which are now being provided.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1944
SHA-256 | e6cf0847e37d39db25858e766f84194b4d7ce1cce729ac0012f875a0297b2e65
ScriptFTP 3.3 Remote Buffer Overflow
Posted Oct 10, 2011
Authored by mr_me, TecR0c | Site metasploit.com

AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malicious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2011-3976, OSVDB-75633
SHA-256 | 83a230051d7cd6708a4d86afbe83ebbe437a5ab42fac5587f0c6034133b2f3f5
ACDSee FotoSlate PLP File id Parameter Overflow
Posted Oct 10, 2011
Authored by Parvez Anwar, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7.

tags | exploit, remote, overflow, arbitrary
systems | windows
advisories | CVE-2011-2595, OSVDB-75425
SHA-256 | 4b542912a15d3cd64b270456f6eaa8c1034765256004c4477b3e166a307bf223
Spreecommerce 0.60.1 Arbitrary Command Execution
Posted Oct 10, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution.

tags | exploit, arbitrary, ruby
advisories | OSVDB-76011
SHA-256 | d3108b6b1413b6aeeeff914cbc18a85d9770bf726d64b72125ff0d155c918d7a
Snortreport Remote Command Execution
Posted Oct 10, 2011
Authored by Paul Rascagneres | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in nmap.php and nbtscan.php scripts.

tags | exploit, arbitrary, php
SHA-256 | 07c81c6659b780fcefe23e040f571eff0f119a086fc2380e934d43cebc03617d
myBB 1.6.4 Backdoor Exploit
Posted Oct 10, 2011
Authored by tdz | Site metasploit.com

myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.

tags | exploit, php
SHA-256 | b3b105150f9b06521170e93d13100ef0913a79916ae342097ea5401d294a5235
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close