what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2010-02-04

Core Security Technologies Advisory 2009.0625
Posted Feb 4, 2010
Authored by Core Security Technologies, Jorge Luis Alvarez Medina, Federico Muttis | Site coresecurity.com

Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.

tags | exploit, remote, vulnerability
advisories | CVE-2010-0255
SHA-256 | c800a9c7100145533df8300c9ca9eb4514a7c1bea12adc78a2c14e81e1b7f5a6
libssh2 C Library 1.2.3
Posted Feb 4, 2010
Site libssh2.org

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.

Changes: This release adds ssh-agent support, libssh2_trace_sethandler(), and two new examples. It fixes 8 bugs, including two memory leaks.
tags | encryption, protocol
SHA-256 | 791c8d58fd56cdf03b0effaf88d905a167ed9f10de82a14a81dcbfadfa5dd1e8
Stunnel SSL Wrapper 4.31
Posted Feb 4, 2010
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Log file reloading with SIGUSR1 was added. Some regression issues introduced in the experimental version 4.30 were fixed.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
SHA-256 | 187d0df2701d51c09b66f120cf6f1a62c4161e3e58dc84f893c1e5c7ccf30262
Tinc VPN Daemon 1.0.12
Posted Feb 4, 2010
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release really allows fast roaming of hosts to other nodes in a switched VPN, fixes potentially missing or incorrect environment variables when calling host-up/down and subnet-up/down scripts, allows the port to be specified in Address statements, clamps MSS of TCP packets to the discovered path MTU, and lets two nodes behind NAT learn each other\'s current UDP address and port via a third node, potentially allowing direct communications in a similar way to STUN.
tags | encryption
SHA-256 | 08bffce569ecfb92666deb365ac447fbf418296a2596ddee2a9d20f48ae89bfb
ManageEngine OpUtils 5 Login.DO Cross Site Scripting
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.

tags | exploit, vulnerability, xss
SHA-256 | 959444dffbd02b6f50852d15e6bf3e65ea95d117752d0931f7125a8fc43fc020
ManageEngine OpUtils 5 Login.DO SQL Injection
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.

tags | exploit, remote, sql injection
SHA-256 | caf5aa07a2166d5da4d0ccfe135c71bf2e693bc1c093432fae00b8d6cad43e6a
UltraBB 1.17 Cross Site Scripting
Posted Feb 4, 2010
Authored by s4r4d0

UltraBB version 1.17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | beaa49354032d201c71fa5d121caa67794cc5df875d4cb0f71bd2d1b3ec199ca
Hackito Ergo Sum 2010 Call For Papers
Posted Feb 4, 2010
Authored by Hackito Ergo Sum | Site hackitoergosum.org

The Hackito Ergo Sum 2010 Call For Papers has been announced. It will be held from April 8th to 10th, 2010 in Paris, France. HES2010 will focus on hardcore computer security, insecurity, vulnerability analysis, reverse engineering, research and hacking.

tags | paper, conference
SHA-256 | 75dd88cd3b189d2be1783b8f965a67f8f53321ff9a5e75a6325ef171690bbfa4
Outlook Web Access Attachment Access
Posted Feb 4, 2010
Authored by Ricardo Martins

Outlook Web Access (OWA) suffers from a vulnerability that allows direct access to files blocked by policy.

tags | exploit, web, bypass
SHA-256 | 27283437e55c2c62aed9182d72eb69558bba3101caba3c71f12ac46c3330f727
Hipergate 4.0.12 SQL Injection
Posted Feb 4, 2010
Authored by N. Grisolia

Hipergate version 4.0.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 49a96a235936a4f16057a684a9347f2409a1210c041bdc48c5a1289866909cb2
Hipergate 4.0.12 Reflected Cross Site Scripting
Posted Feb 4, 2010
Authored by N. Grisolia

Hipergate version 4.0.12 suffers from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 30dd84617d9ce84b3d41f5b1bc3e2e303150d39f552af503d88c9a54d11e5534
Hipergate 4.0.12 Permanent Cross Site Scripting
Posted Feb 4, 2010
Authored by N. Grisolia

Hipergate version 4.0.12 suffers from a permanent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d2657460d81351d1806058b7d53de8269f9a28bcad275f33c70a5ebd5c9954e3
AOL 9.5 Heap Overflow
Posted Feb 4, 2010
Authored by karak0rsan | Site tcc.hellcode.net

Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5. Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on "waol.exe". Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
SHA-256 | 0be07e3454c4335293f7036664394446114f031ad3ce641712ec0a15dc4861ef
AMS2 Symantec Code Execution
Posted Feb 4, 2010
Authored by Kingcope

Remote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products.

tags | exploit, remote
advisories | CVE-2009-1429
SHA-256 | 7756c7d033af4f9864f0db35014155628c4e407b538d8298529b17e02cf6d28d
Facebook Cross Site Scripting
Posted Feb 4, 2010
Authored by Juan Galiana Lara

The mobile interface of Facebook social network was affected by a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c7302bf39fcec502bd13d11cc9209826ade631c914ff3a356949aa5373e146f7
Whitepaper Called Reverse Honey Trap
Posted Feb 4, 2010
Authored by Aditya K Sood, Rohit Bansal

Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers.

tags | paper, web
SHA-256 | a3dd6b890e3a6906e98d16f6b73224fceeac934f3d11f6b154ead11101018b3f
HP Security Bulletin HPSBOV02505 SSRT100023
Posted Feb 4, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege.

tags | advisory
advisories | CVE-2010-0443
SHA-256 | 3a2944ab6bd78ebaa7b6059e4ffb72e3d2aaae297f9c4d337f50bcbaecb4d3a7
Debian Linux Security Advisory 1990-1
Posted Feb 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1990-1 - Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries.

tags | advisory, web
systems | linux, debian
advisories | CVE-2010-0394
SHA-256 | e3f55d1e66c7f9de47b294e99a53863f01a4c1357211cab8ca05031b0da4e130
Debian Linux Security Advisory 1989-1
Posted Feb 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1989-1 - Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, debian
advisories | CVE-2009-3297
SHA-256 | 600a25e9cf40b3bf3f884de4728b6e3fccf45ba4b8534418fc1639fa74a1d5cd
Debian Linux Security Advisory 1988-1
Posted Feb 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1988-1 - Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725, CVE-2009-2700
SHA-256 | daff4db55b92a0c5e04d3a443abe998e05fbfa184d6e3c2ab937902ece2db1a3
PHP Car Rental Script SQL Injection
Posted Feb 4, 2010
Authored by MizoZ

PHP Car Rental Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
SHA-256 | d2aef4dca69bc0cfaa05b03fa1a605c034fe12b7a3e94d18401ed8b01b1e54f0
Digital Amp MP3 3.1 Crash
Posted Feb 4, 2010
Authored by SkuLL-HacKeR

Digital Amp MP3 version 3.1 local crash proof of concept exploit.

tags | exploit, denial of service, local, proof of concept
SHA-256 | 27eb43e29a38dc9454042da6df4c9bf74e574e23934ec53b8553a61e7dfa3b77
Packet Storm New Exploits For January, 2010
Posted Feb 4, 2010
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 517 exploits added to Packet Storm in January, 2010.

tags | exploit
SHA-256 | 080cbd4f806d5621014f8cd81e4742df51f47f92fed730b75bdac16a8c398021
Pound-2.5.tgz
Posted Feb 4, 2010
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: New features include support for HTTPS back-end servers, full support for DH key exchange, an "include" directive in configuration files, support for separate connection time-out, much improved auto-configuration and Make, and flags to enable or disable optional libraries. A bunch of minor bugs were fixed. Performance was improved.
tags | web
SHA-256 | ed247a23a4a721231ab601cb13642ba322e0aeee864ee320958bfabf405c7869
sydbox-0.6.4.tar.bz2
Posted Feb 4, 2010
Authored by Ali Polatel | Site projects.0x90.dk

sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.

Changes: This release fixes a few annoyances. Sydbox now uses vfork instead of fork to spawn the initial child, which decreases start up time. This also replaces the before_initial_execve hack for execve() sandboxing. Network access violations can now be filtered. Option parsing was fixed.
tags | tool
systems | unix
SHA-256 | d95c12100597728e871cc1a57eaa3bcac3d0fbf46688039b116b09c10ae08632
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close