what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 70 RSS Feed

Files Date: 2009-12-07

gAlan Buffer Overflow
Posted Dec 7, 2009
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

gAlan buffer overflow 0-day exploit. Spawns a shell on port 4444.

tags | exploit, overflow, shell
SHA-256 | 529fd011b70918966b4dc24d3212e6178ad12b168b2838b27dcd31f6bfb1cc5a
Polipo 1.0.4 Remote Memory Corruption
Posted Dec 7, 2009
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Polipo version 1.0.4 remote memory corruption 0-day proof of concept exploit.

tags | exploit, remote, proof of concept
SHA-256 | f0c3f97fb8cde0a5a5185ce0a01dc58d0b7e14232087ec8b44d18608edf9a268
HTML Help Workshop 4.74 Buffer Overflow
Posted Dec 7, 2009
Authored by Encrypt3d.M!nd, loneferret | Site metasploit.com

This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 58d0cc0ba356a48bbb6434e177d7ead00b68656e05229387c6a7a5d2c86894ba
Metasploit Framework 3.3.1
Posted Dec 7, 2009
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: This release provides initial integration with Rapid7 NeXpose and fixes approximately 25 bugs. The Windows installer now bundles Nmap 5.10BETA1.
tags | tool, ruby
systems | unix
SHA-256 | 1c1f09545a58773c8a81cfab7351894a473484fa9530ddbc87125bf703ff941d
XAMPP 1.7.2 Administrative Bypass
Posted Dec 7, 2009
Authored by bi0

The page used to change the administrative password in XAMPP version 1.7.2 has no access restrictions in place.

tags | exploit
SHA-256 | 632fd915fb3a1632c5e4271b01e7efb96cc07878cde952d35948092a5c19524d
Debian Linux Security Advisory 1947-1
Posted Dec 7, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1947-1 - Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs.

tags | advisory, web
systems | linux, debian
advisories | CVE-2009-3300
SHA-256 | 5bfdb789cfaeedfa8dad3deff0dbca861aa27e9a315369ec50e6ff1fde6b37a3
Illogator Shop Cross Site Scripting
Posted Dec 7, 2009
Authored by nojacipka4

Illogator Shop suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c2a844535ce64f44b70187d6af904171ffbd409c9d920be64b2be9da1c4a1da2
Mozilla Firefox JavaScript Issues
Posted Dec 7, 2009
Authored by Topsec

Mozilla Firefox suffers from spoofing and race conditions in relation to JavaScript functionality.

tags | advisory, spoof, javascript
advisories | CVE-2009-4129, CVE-2009-4130
SHA-256 | b2090c9012cb9380aa027790f71166c32e3b35dd2ca90482e19470b4408381a4
Ubuntu Security Notice 865-1
Posted Dec 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 865-1 - Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

tags | advisory, remote, web, spoof
systems | linux, ubuntu
advisories | CVE-2009-4022
SHA-256 | 0149473a66c4de1ead57ba197ae9f69890d06a60be7d8b470f10d01813d5d0c9
Chipmunk Newsletter Cross Site Scripting
Posted Dec 7, 2009
Authored by mr_me

Chipmunk Newsletter suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a59073f33825451b33953ac65f2484f2fb01dd3aa226716d2530462679a8b575
iWeb HTTP Server Directory Traversal
Posted Dec 7, 2009
Authored by mr_me

The iWeb HTTP server suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | e901b4aaf92e4c67a2a21146a146eccfa73fa9d8eafe00b393c23bddf64acd49
MarieCMS 0.9 LFI / RFI / XSS
Posted Dec 7, 2009
Authored by Amol Naik

MarieCMS version 0.9 suffers from local file inclusion, remote file inclusion, and cross site scripting vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, xss, file inclusion
SHA-256 | 3e59302851a07630ec9f74b6be93f4111dac99def8de548a3179b40459219909
CoreHTTP 0.5.3.1 Buffer Overflow
Posted Dec 7, 2009
Authored by Patroklos Argyroudis | Site census-labs.com

CoreHTTP (up to and including version 0.5.3.1) employs an insufficient input validation method for handling HTTP requests with invalid method names and URIs. Specifically, the vulnerability is an off-by-one buffer overflow in the sscanf() call at file src/http.c line numbers 45 and 46.

tags | advisory, web, overflow
advisories | CVE-2009-3586
SHA-256 | 7895bd2e72f372fafa55aa28a36ef0e28ef9cb2efb8c7b6720638cb0cee1feee
Advanced Image Hosting 2.2 XSS
Posted Dec 7, 2009
Authored by aBo MoHaMeD | Site v4-team.net

Advanced Image Hosting version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7e60c2aff6d1621e72ccd082f6145698b01c2bada5dd5d5015ff9850d3c5235c
VLC Media Player 1.0.3 smb:// Stack Overflow
Posted Dec 7, 2009
Authored by Dr_IDE

Proof of concept exploit for the VLC Media Player version 1.0.3 smb:// URI handling stack overflow vulnerability.

tags | exploit, overflow, proof of concept
SHA-256 | 767d6f43bcd9f36c30425b5d2d15526afe7544a53c9dce0e06e4c05f44f0ea28
IDEAL Administration 2009 9.7 Local Buffer Overflow
Posted Dec 7, 2009
Authored by Dr_IDE

Local buffer overflow exploit for IDEAL Administration 2009 version 9.7 that creates a malicious .ipj file that binds a shell to port 4444.

tags | exploit, overflow, shell, local
SHA-256 | 9f5c5dcba2f81bff55ee61949db3938b13ef630dc6841b4c30fc4c4acb7ae863
Elkagroup SQL Injection
Posted Dec 7, 2009
Authored by SadHaCkEr | Site tryag.cc

Software from Elkagroup appears to suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1079402b88f7fc27565f3e8370cc9423f5c042fd72a5f4c96e8a1473a2407ab3
PhpShop 0.8.1 SQL Injection / XSS / XSRF
Posted Dec 7, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 8cdd6603293330907026a6bd3ba7622022c146928d030a8f850ddcc4a99e4fcd
SShutout Log File Monitor 1.0.6
Posted Dec 7, 2009
Authored by Bil DuPree | Site techfinesse.com

sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. The daemon is meant to mitigate what are commonly known as "dictionary attacks," i.e. scripted brute force attacks that use lists of user IDs and passwords to effect unauthorized intrusions. The sshutout daemon blunts such attacks by creating firewall rules to block individual offenders from accessing the system. These rules are created when an attack signature is detected, and after a configurable expiry interval has elapsed, the rules are deleted.

Changes: This release fixes improper calls to open(). It increases the size of the line buffer used to read the configuration file. This allows for longer whitelists. It detects "UNKNOWN USER" signatures.
tags | shell, encryption
SHA-256 | 9e98e0c218cb5a93c55b93a21d9b95ab53d7eca9f240abe58905dd6f332e0a67
AROUNDMe 1.1 Remote File Inclusion
Posted Dec 7, 2009
Authored by cr4wl3r

AROUNDMe versions 1.1 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | e604706f383bc5c3ee4440da20742ccb2d46982c62f7784cb8dbd436dea81e2c
Joomla YOOOtheme Cross Site Scripting
Posted Dec 7, 2009
Authored by andresg888 | Site bl4ck-p0rtal.org

The Joomla YOOOtheme component suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 97eae37014fc2225afedb44591561a89fbbae53eae8be987ffeb7be18f5800e6
Mandriva Linux Security Advisory 2009-326
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-326 - Multiple vulnerabilities has been found and corrected in mysql. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2009-2446
SHA-256 | 9206e9b5ad62079eab88cd261aeacc324cd78e7b929cb7e7acc5a4a3cfdb79cb
Mandriva Linux Security Advisory 2009-325
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, ruby
systems | linux, mandriva
advisories | CVE-2009-0642, CVE-2009-1904
SHA-256 | e2077ce129461d0a497c42e86d0c3e3ab2181e15b32eb65c1f3946d4694469cc
Mandriva Linux Security Advisory 2009-199
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-199 - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, overflow, arbitrary
systems | linux, windows, mandriva
advisories | CVE-2009-2411
SHA-256 | 35f14e547986c134bc886a49f42bf2925249db96e8091e085536465b0d77f8fd
Mandriva Linux Security Advisory 2009-324
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2008-7068, CVE-2009-1271, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018
SHA-256 | e3afdb1902dc3655ca41902b102924f73c6a2af7992eeefb617e4d6c17506ffa
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close