what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files Date: 2011-09-29 to 2011-09-30

eSignal / eSignal Pro 10.6.2425.1208 Buffer Overflow
Posted Sep 29, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.

tags | exploit, overflow
advisories | CVE-2011-3494, OSVDB-75456
SHA-256 | 45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239
Typo3 File Disclosure
Posted Sep 29, 2011
Authored by Number 7

Typo3 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 73568e35077aa7c47aea2129594d8400d321d756b754c5f88202e7d0f9df9d7a
Debian Security Advisory 2313-1
Posted Sep 29, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2313-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
SHA-256 | 0e66a3f9f409834c4e46d8404804c078686458d479cf01ba08a626f27dcd9d48
Ubuntu Security Notice USN-1220-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1220-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1776, CVE-2011-2213, CVE-2011-2497, CVE-2011-2700, CVE-2011-2723, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 381cb500bd82528a730aee301d5df2fea4835c168a78a002069bcb53da18ca72
Debian Security Advisory 2312-1
Posted Sep 29, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
SHA-256 | a6902286da44592ff48572355b8fee8eb0b4d4760d83235fc8062977b61f3d9d
Embedding The Payload
Posted Sep 29, 2011
Authored by 0dem

Whitepaper called "Embedding the Payload" or "How to avoid AV-Detection". The main goal of this paper focuses on how to undermine system integrity by circumventing anti-virus detection.

tags | paper, virus
SHA-256 | 14edf4f453f8794728b0ac49c1d1ae57bab9b38e68a39ab9849188b3c9dd702d
Ubuntu Security Notice USN-1219-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1219-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1776, CVE-2011-1833, CVE-2011-2213, CVE-2011-2497, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918, CVE-2011-2928, CVE-2011-3191
SHA-256 | 5bbf959fff7d5604adafb12f55e81da2ac28c246748613faaed45b3156c8add2
NCSS 07.1.21 Array Overflow
Posted Sep 29, 2011
Authored by Luigi Auriemma | Site aluigi.altervista.org

NCSS versions 07.1.21 and below suffer from an array overflow with write2.

tags | exploit, overflow
systems | linux
SHA-256 | c6619e3f31945a8a7b5e376281cae03af5f42af0a358b23c58813c1c6078ad33
Ubuntu Security Notice USN-1218-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918
SHA-256 | 7ce613f6fb82e60467fe2db0120524df0114dd4f622231bc1bba67151a5b6582
AmpJuke 0.8.5 Apache mod_negotiation Filename Bruteforce
Posted Sep 29, 2011
Authored by indoushka

AmpJuke version 0.8.5 with Apache mod_negotiation suffers from a directory listing vulnerability.

tags | advisory, info disclosure
SHA-256 | 66a33ea5e3bae7835afaeffc341e89465322c61b1372aa317bfcf3868a659ccf
Ubuntu Security Notice USN-1217-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1217-1 - Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-3848
SHA-256 | cb0df75e0ea4625a8f572eb50a779b751932821421ee7b8d18861e0a3ad2212f
Red Hat Security Advisory 2011-1344-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1344-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, arbitrary, local, javascript
systems | linux, redhat
advisories | CVE-2011-2998, CVE-2011-2999
SHA-256 | 9da687a381ca20d046b5c50589b968fee6f0f6760fa5b50b72ae19d0c9de5863
Star Develop Live Help 2.0 Disclosure / Bypass
Posted Sep 29, 2011
Authored by indoushka

Star Develop Live Help version 2.0 suffers from multiple bypass and disclosure vulnerabilities.

tags | exploit, vulnerability, sql injection, bypass, info disclosure
SHA-256 | 24452ccbb155921370872876d7c4fc4f09d76be839d05ddc5fe90d61b014a0e6
Game Servers Client 2.00 Build 3017 Denial Of Service
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 8bafaef1b58fae03b23b8a5bd380a03af81a384af4e2638199592f25f97a9cd8
Game Servers Client 2.00 Build 3017 Bypass
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.

tags | advisory, bypass
SHA-256 | 80445d16ffe02cb047a1e223a26a3ad71167fd01c9524171970119db25b999c4
Bitweaver 2.8.1 Cross Site Scripting
Posted Sep 29, 2011
Authored by Stefan Schurtz

Bitweaver version 2.8.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 623d0f908e24c7fa3674d8b07b164861549917e2c3e65221055f5e9d41339062
Joomla! 1.7.0 Cross Site Scripting
Posted Sep 29, 2011
Authored by Aung Khant | Site yehg.net

Joomla! versions 1.7.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b098c60142c11a23d57d189e2242583e2e4e51bc1fbd79e30d21c32650317397
Red Hat Security Advisory 2011-1343-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary, local, javascript
systems | linux, redhat
advisories | CVE-2011-2998, CVE-2011-2999
SHA-256 | 3687f8be51c9a85fd3c79f10c8bab76b7b4dafaaac4db14db59c0c0b77e3d708
Ubuntu Security Notice USN-1213-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2999, CVE-2011-3000
SHA-256 | e2949a7050ea58c1e4b98c809fd3a351a236e932e99e60259fbe202ed0e4a651
Red Hat Security Advisory 2011-1342-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
SHA-256 | a8625a9160b247b90199ce4274aa8f6096c8d45553eb33684ffa4642f14866c3
Red Hat Security Advisory 2011-1341-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
SHA-256 | 0c6ac8865b32e82e11c3f328b55e69c05b18020b7e3bc65cf024f724f351bdd1
Tajan System Arbitrary File Download
Posted Sep 29, 2011
Authored by St493r

Tajan System suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | e2df46920e2605d7c30d2221e22d7a9ff4df2e1b0b109c229e37d4fccc7cfee2
SabadKharid Shell Upload
Posted Sep 29, 2011
Authored by St493r

SabadKharid suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5282da357dd581ae32fbc77b153c871c6cbfe0ba268b2686d22ea2c2400903ae
A2CMS Local File Disclosure
Posted Sep 29, 2011
Authored by St493r

A2CMS suffers from source code and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability, info disclosure
SHA-256 | 8fcc5c4d75232fc2e9f5081cc1bc7d530d34a2527670932c3fbaeb6afdd32248
HP Security Bulletin HPSBUX02707 SSRT100626
Posted Sep 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192, CVE-2011-3348
SHA-256 | 8c8491ffbdea51197735b916bafae7e01bedf7e73d74f78a14d32b3f74aa0016
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close