what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2010-02-20

Coppermine Photo Gallery 1.4.14 picEditor.php Command Execution
Posted Feb 20, 2010
Authored by Janek Vind aka waraxe | Site metasploit.com

This Metasploit module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed. NOTE: Use of the ImageMagick library is a non-default option. However, a user can specify its use at installation time.

tags | exploit, php
advisories | CVE-2008-0506
SHA-256 | c125091ac8421181cd0302afb6f49897b22d6f924ad3dc28cf4a23ab0afcfdee
Zero Day Initiative Advisory 10-019
Posted Feb 20, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-019 - This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.

tags | advisory, remote, javascript
advisories | CVE-2009-3988
SHA-256 | 2043d54f006c197f4e57bd70aab863782002057ccd1cecc96394b7fc43267b50
Symantec Antivirus Client Proxy Buffer Overflow
Posted Feb 20, 2010
Authored by Sh2kerr | Site dsecrg.com

An Active-X component in CLIproxy.dll from Symantec Antivirus Client Proxy suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2010-0108
SHA-256 | 01e4fed6a5192be5896fea6d73e2571c3e0946b13d52fefe04ff31a16cedd628
vBseo 3.1.0 Local File Inclusion
Posted Feb 20, 2010
Authored by ViRuSMaN

vBseo version 3.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 03b163a08af5ba4845ba51e805f3345ae191975a5a507a0487799be3ea22a883
Openwall Linux Kernel Patch 2.4.37.9
Posted Feb 20, 2010
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: The patch has been updated to Linux 2.4.37.9. A post-2.4.37.9 upstream fix for FAT filesystems has been added. The FAQ has been updated.
tags | overflow, kernel
systems | linux
SHA-256 | cc066acc2ba98c60487220c98c8c2dd4f652f4416abb44caf310273947bc9d56
Mobius Forensic Toolkit 0.5.2
Posted Feb 20, 2010
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: The extension Datasource Solo provides support to ICS Solo III image files. Case Viewer has a toolbutton to run reports. The Mobius tutorial features a new chapter on generating and running reports. Datasource-talon supports v2.40 of the software. Minor improvements were made.
tags | tool, python, forensics
SHA-256 | 232ec5afa983cc8b501fa4e8ee80d6d1f37e86470769087221a285c808639184
Mandriva Linux Security Advisory 2010-044
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-044 - MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions. The updated packages have been patched to correct these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2008-7247
SHA-256 | 8c66370cc98c777cc4b3282fbcffef79051f8feaf11fd6407423132a3b29bb24
Mandriva Linux Security Advisory 2010-043
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-043 - Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3389
SHA-256 | 875eca5f9cf314f9aca1502f437c9db9c69e8b91cb31c53973dc02a3822a9159
Mandriva Linux Security Advisory 2010-042
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-042 - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type=image/svg+xml, the Content-Type is ignored and the SVG document is processed normally.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2010-0159, CVE-2010-0160, CVE-2009-1571, CVE-2009-3988, CVE-2010-0162
SHA-256 | a42fca829597b4d04530aecbd3489fbc953673632a811b940733249bb9828ba8
VideoSearchScript Pro 3.5 Cross Site Scripting
Posted Feb 20, 2010
Authored by listi kurdistani

VideoSearchScript Pro version 3.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2762ff239c36924a13d281ad9aa8ede8773e40645cd1289428906e9908010c25
Debian Linux Security Advisory 2002-1
Posted Feb 20, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2002-1 - Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2009-3305, CVE-2009-4413
SHA-256 | fc97662d082e06e84a3b81d96a986005c05a744035bef346c29b07e71bde93ea
vBulletin 4.0.2 Cross Site Scripting
Posted Feb 20, 2010
Authored by indoushka

vBulletin version 4.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 25e2efeff135c8b89fed46a69e35543acb5d3af91e80a983b640cc8b46239903
Coupons Direct Access Bypass
Posted Feb 20, 2010
Authored by indoushka

Coupons suffers from a direct access administrative bypass vulnerability.

tags | exploit, bypass
SHA-256 | 417f88d2280d1c0147e0130dd92582aa2f2521bc358f34fa36a9a3bef780b899
Symev CMS SQL Injection
Posted Feb 20, 2010
Authored by Metropolis

Symev CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f4a51b02ab1a40e140d6e0ed98df1865a9862f416a448534c19e28e9a82b0d7f
phpBugTracker 1.0.1 File Disclosure
Posted Feb 20, 2010
Authored by ViRuSMaN

phpBugTracker version 1.0.1 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | eae26f12ff303094302534796ec86d43b4393a7f9883f6096d2e308d60f6fe7e
FlatFile Password Disclosure
Posted Feb 20, 2010
Authored by ViRuSMaN

FlatFile System suffers from a remote password disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | bc87352c872b397c0cea7e0fa6e8d42b04a71560c3d84ed2164976568d551dfd
TimeClock Cross Site Request Forgery
Posted Feb 20, 2010
Authored by ViRuSMaN

TimeClock cross site request forgery add administrator exploit.

tags | exploit, csrf
SHA-256 | 932c15b3c8ccd8c98777f4ec4b00c83849bcb01e88189a228e34ba90ff55b39f
phpAutoVideo Cross Site Request Forgery
Posted Feb 20, 2010
Authored by GoLdeN-z3r0

phpAutoVideo suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 693d03421eb960be87cb1d96dfbc8fc57143ab006242ea13aa30a08cf3942aad
Joomla Recipe SQL Injection
Posted Feb 20, 2010
Authored by Fl0riX

The Joomla Recipe component suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | c79e24d6537850a4053d04e4085939131483dfa2b615ebb22381d96c8b975d34
Mandriva Linux Security Advisory 2010-034
Posted Feb 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3080, CVE-2009-4005
SHA-256 | 256b2abcf44db3d9624b76c91305a9d1025841a931c877f3a67a23cc4cc0c716
Litespeed Web Server 4.0.12 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 20, 2010
Authored by d1dn0t

Litespeed Web Server version 4.0.12 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
SHA-256 | 42695247a12bced074b1083518bea75e3a254928c1308f86d09f29d44fee0514
WSC CMS SQL Injection
Posted Feb 20, 2010
Authored by Phenom

WSC CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bcc1de040fbcae7a0ff58e503fe48378a0a6504e451bd7a60e8fe94f9fab1657
Debian Linux Security Advisory 2001-1
Posted Feb 20, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2001-1 - Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor.

tags | advisory, remote, php, vulnerability
systems | linux, debian
advisories | CVE-2009-4142, CVE-2009-4143
SHA-256 | 47ce4bcadf3285a7bf3d80e1343752dc3b64068d96f73b4b6352d6ac447f427d
Asterisk Project Security Advisory - AST-2010-002
Posted Feb 20, 2010
Authored by Leif Madsen | Site asterisk.org

Asterisk Project Security Advisory - A common usage of the ${EXTEN} channel variable in a dialplan with wildcard pattern matches can lead to a possible string injection vulnerability. By having a wildcard match in a dialplan, it is possible to allow unintended calls to be executed.

tags | advisory
SHA-256 | 6df03db49a5dc8aa44b7bba96539f3b628e043d7efe241ee610ebdeb0bc96e1b
File(),Fgets(),Fgetc() Local File Disclosure Paper
Posted Feb 20, 2010
Authored by hexon

Whitepaper called File(), Fgets(), Fgetc() Local File Disclosure (LFD).

tags | paper, local
SHA-256 | 45b1d43e15a32f95084fef33a05e4cf712a00abf050799ccd86120a37c390d46
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close