what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2011-04-01

PHP-Quick-Arcade 3.0.23 SQL Injection
Posted Apr 1, 2011
Authored by kurdish hackers team | Site kurdteam.org

PHP-Quick-Arcade version 3.0.23 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | a3ce993e63c9e60d50fb2b6966af64040591c7755a658bc6a3126bd95cbb67d0
HP Security Bulletin HPSBUX02639 SSRT100293
Posted Apr 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02639 SSRT100293 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2009-3563
SHA-256 | 209e6b531e6c22cda77b1e56769e99de6243bf4ef18ae36023e84e520f5fadc9
Bloly 1.3 Cross Site Scripting
Posted Apr 1, 2011
Authored by kurdish hackers team | Site kurdteam.org

Bloly version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d65dd715220f2813ffad3fa4878dc416a1a6f3776076a0c2c5dd3d7abe22d2a1
Mandriva Linux Security Advisory 2011-061
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-061 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted file that triggers an infinite loop. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. Fix memory corruption in WMV parsing. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebM file, related to buffers for Fix heap corruption crashes. Fix invalid reads in VC-1 decoding. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-3908, CVE-2010-4704, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723
SHA-256 | d6c3a6eef98903a7ea2ba82b2d03e09f18e14c6a66027b06acba91c42c4f166e
Ubuntu Security Notice USN-1101-1
Posted Apr 1, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1101-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse.

tags | advisory, web
systems | linux, ubuntu
SHA-256 | 4f783d63e13eb667ba2d8d8fc67df66ed847ad52e1a97be9be9c7631206774da
Mandriva Linux Security Advisory 2011-060
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-060 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704
SHA-256 | 72bda34e1a85cce233e9d75d74936eddfb6b008e8d850ac1e6308d2a939ee87b
HP Security Bulletin HPSBUX02646 SSRT100396
Posted Apr 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02646 SSRT100396 - A potential security vulnerability have been identified with HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2011-0891
SHA-256 | fa8f797649a866b4f9c3660939c5867401aa7f6bc77ff54520dd1de3bdb47663
HP Security Bulletin HPSBUX02645 SSRT100387
Posted Apr 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02645 SSRT100387 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow cross-site scripting (XSS), or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
SHA-256 | 7dbe07b505311e3b0fd76cccc4c6f626897f6c143d90407adb967195b67fd761
Mandriva Linux Security Advisory 2011-059
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-059 - Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4634, CVE-2009-4635, CVE-2009-4639
SHA-256 | 0a8a1f1e04b5536ef974768d7446ef1b4f3284aa9b838d04fa6ef7005a46de35
AR Web Content Manager 2.2 Cross Site Scripting
Posted Apr 1, 2011
Authored by Antu Sanadi | Site secpod.com

AR Web Content Manager (AWCM) version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | e5bda51443c337b7abb8f77ee5bdc9061e3221dad52ec0d5738aee55bda5ce80
Mandriva Linux Security Advisory 2011-058
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-058 - The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service via a malformed AS_PATHLIMIT path attribute. Updated packages are available that bring Quagga to version 0.99.18 which provides numerous bugfixes over the previous 0.99.17 version, and also corrects these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-1674, CVE-2010-1675
SHA-256 | d4c0f6cc4daa438fcc020c6831fdc5609a4890a1b60fb7729d8b61c7c0174599
HP Security Bulletin HPSBMA02650 SSRT100429
Posted Apr 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02650 SSRT100429 - Potential security vulnerabilities have been identified in HP Operations for UNIX. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability, xss
systems | unix
advisories | CVE-2011-0893, CVE-2011-0894
SHA-256 | dc03e5ab101c90676cf6d5123455e33b801daad8109058c57580d977c046e994
Webworx Technologies Lahore Pakistan PHP / ASP SQL Injection
Posted Apr 1, 2011
Authored by eXeSoul

Webworx Technologies Lahore Pakistan PHP and ASP suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection, asp
SHA-256 | 50354cb5f81e609e925cd43f008fd8f521972495ce9488cdb3f833bd6701fe31
Nested IPComp Encapsulation With Deflate LZ77 RFC1951 Quine
Posted Apr 1, 2011
Authored by Tavis Ormandy

Proof of concept exploit that demonstrates a nested IPComp encapsulation with DEFLATE LZ77 RFC1951 Quine.

tags | exploit, proof of concept
advisories | CVE-2011-1547
SHA-256 | 890c49f5f83061ea954fb9a23339ca60ca0ebf9314977eb3e612ab32b4f695ad
BSD IPcomp Kernel Stack Overflow Testcase
Posted Apr 1, 2011
Authored by Tavis Ormandy

This exploit demonstrates the BSD IPComp kernel stack overflow testcase.

tags | exploit, overflow, kernel
systems | bsd
advisories | CVE-2011-1547
SHA-256 | 27dd774131a7d2eec911662d9e56870983f18130fedea8a3e34b21ce994a0e06
BSD IPComp Expansion Of Arbitrary Nested Payload
Posted Apr 1, 2011
Authored by Tavis Ormandy

BSD derived RFC3173 IPComp encapsulation will expand an arbitrarily nested payload.

tags | advisory
systems | bsd
advisories | CVE-2011-1547
SHA-256 | 9fc8978ac19d07c63ebbb956abb1eee151bc9f5b6292741f37ab46d10feabcef
iDEFENSE Security Advisory 2011-03-31.1
Posted Apr 1, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 03.31.11 - Remote exploitation of a stack buffer overflow vulnerability in RealNetworks Inc.'s Helix DNA Server could allow an attacker to execute arbitrary code with the privileges of the affected service. The Helix DNA Server contains a vulnerability that can be triggered by an unauthenticated attacker. The vulnerability results due to the parsing of a certain type of Real Time Streaming Protocol (RTSP) request specifying a large string. The vulnerable function may perform a copy operation that results in the bounds of a stack buffer to be overflown. Helix Server and Helix Mobile Server versions 12.x, 13.x and 14.x are vulnerable.

tags | advisory, remote, overflow, arbitrary, protocol
advisories | CVE-2010-4596
SHA-256 | 646f9692a4c19c1a67265898df206d806c7f6d3f87eeea396e9dd15496d03dcb
Secunia Security Advisory 43992
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | 7b32f2249afe4f5a3f4cab707988675a7e91c7635c7cef2a120588270fc609a7
Secunia Security Advisory 43994
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | dab0591b325ceb6addb551ccaddd35aaadf7d7b1dff960fe9bec2acdef5286a2
Secunia Security Advisory 43905
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, suse
SHA-256 | ea183619105c06f466ae561b94618fcc8d3c809a76109b8ab9d9601aa5a64afb
Secunia Security Advisory 43915
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - MustLive has reported some vulnerabilities in Cetera eCommerce, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | ec9dc823b390da2396d7cfd49adc46a35ebe095e00070b6b66d08deb60046783
Secunia Security Advisory 43918
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 4f009f4eb588f0d52dc67351df74776119471981fb299e3dec362b6bceea031f
Secunia Security Advisory 43925
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Cisco NAC Guest Server, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | cisco
SHA-256 | f6d47495e3f28204fc8e0106b4fe5dc90482bdfc422df72e7efc3310bb40e3ce
Secunia Security Advisory 43957
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system.

tags | advisory, java, local, vulnerability
systems | linux, suse
SHA-256 | 7dae63cd345ab7ca5440bef464d99f0687a40188e9fd1a55a5b51b708631afa8
Secunia Security Advisory 43958
Posted Apr 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for fuse. This fixes some security issues, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, suse
SHA-256 | 8ded6fcf5dfcf8cbe6ab35972743c55fb85a175021e161bbf4e8e4b71e512dac
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close