exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2009-09-21 to 2009-09-22

Ubuntu Security Notice 835-1
Posted Sep 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-835-1 - Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2008-3746, CVE-2009-2474
SHA-256 | 968ff370e3a79298a9b7124d53f5b9ece8d5f8e220c123a1a7ea5d7a39c1313c
Mandriva Linux Security Advisory 2009-238
Posted Sep 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-238 - Multiple vulnerabilities was discovered and corrected in openssl. This update provides a solution to these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-2409
SHA-256 | 31c2e4db2c4d9a59061c28ba43c171388869223dfecb57fc075078cb0b97baed
Joomla MyTube SQL Injection
Posted Sep 21, 2009
Authored by Chip D3 Bi0s

Joomla MyTube component (MyRemote Video Gallery) version 1.0 Beta remote blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 9fe8bb9896e159c86faf048c08b176fde0924885a7399e6e40bb47a64986d77f
Joomla Jinc SQL Injection
Posted Sep 21, 2009
Authored by Chip D3 Bi0s

Joomla Jinc component version 0.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3e57c0e4c43246aaa049a27dc474731f561ce6308630e703225234cbb2d4ee1b
Firewall Builder With GUI 3.0.7
Posted Sep 21, 2009
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: This release fixes a security issue with temporary file handling in the generated iptables script that affects only Linux systems where Firewall Builder is used to generate static routing configuration. It also significantly improves the performance of batch compile operation, and fixes a few other minor problems. All users are encouraged to upgrade.
tags | tool, firewall
systems | cisco, linux, openbsd
SHA-256 | bb827f54a77c0f8a9b471200eda3801c9ff3f2a576647ca6a576e546e20ac254
WX Guest Book 1.1.208 SQL Injection / XSS
Posted Sep 21, 2009
Authored by learn3r

WX Guest Book version 1.1.208 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 568d29763da41e2fabdf85d13b913c59a6e8bed8ccede0e5723da4d2970d0b72
Mandriva Linux Security Advisory 2009-237
Posted Sep 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-237 - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws the scope of this issue is currently limited because the amount of computation required is still large. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1386, CVE-2009-2409
SHA-256 | 6b72823540faf713afc600893f4b4f73da01b097b7de2809c1b8a8f80d4521e0
Loggix Project 9.4.5 Remote File Inclusion
Posted Sep 21, 2009
Authored by cr4wl3r

Loggix Project versions 9.4.5 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 7aa0124250f2a0d8f10eeff86048768dab4451a3bfe2d2802737e9c0b4b324c0
ProdLer 2.0 Remote File Inclusion
Posted Sep 21, 2009
Authored by cr4wl3r

ProdLer versions 2.0 and below suffer from a remote file inclusion vulnerability in prodler.class.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | c42ba5a2cd1067802c6486cc6edcc1bb61e57cd2ab58d8851b4cfec2a233ecc0
Check Point Connectra Script Injection
Posted Sep 21, 2009
Authored by Stefan Friedli | Site scip.ch

Check Point Connectra R62 suffers from a login script injection vulnerability.

tags | exploit
SHA-256 | 973662714d2638504ccc5f296c57e238e0cf445d2393960a6bd2765cd9964e33
Winplot Buffer Overflow
Posted Sep 21, 2009
Authored by Rick

Winplot local buffer overflow exploit that creates a malicious .wp2 file.

tags | exploit, overflow, local
SHA-256 | 82f998f301f4ab0ed6175236dec21034486bef1df09702ffad20aadbd958fd76
CMScontrol 7.x SQL Injection
Posted Sep 21, 2009
Authored by ph1l1ster

CMScontrol version 7.x suffers from a remote SQL injection vulnerability in index.php.

tags | exploit, remote, php, sql injection
SHA-256 | 33f48bee1fd20e8f7199c8702398a7022976b641efdefb33632a69f21d78cdf3
cP Creator 2.7.1 SQL Injection
Posted Sep 21, 2009
Authored by IRCRASH | Site ircrash.com

cP Creator version 2.7.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 33bbec142065f8a7c2ce8e1109d2101f9208965bf2cbf4f54b80aff5ed1965f2
Mozilla Firefox pkcs11.addmodule Denial Of Service
Posted Sep 21, 2009
Authored by MustLive

Mozilla Firefox versions 3.0.13 and below denial of service exploit that leverages the pkcs11.addmodule vulnerability.

tags | exploit, denial of service
SHA-256 | f6d5f3c2677793e732e3b1bffb1df50e9b07d6d26ce4b477595972dbb376e51a
ProgramChecker 1.5 Build 531 Command Execution
Posted Sep 21, 2009
Authored by the_Edit0r

ProgramChecker version 1.5 Build 531 suffers from an Active-X related command execution vulnerability.

tags | exploit, activex
SHA-256 | 82c25df9a2bebc070635dd0498a8741540046d1466df33e20f87b0fc1b7ac7b1
Orca Browser 1.1 Build 2 Command Execution
Posted Sep 21, 2009
Authored by the_Edit0r

Orca Browser version 1.1 Build 2 suffers from an Active-X related command execution vulnerability.

tags | exploit, activex
SHA-256 | dfa1e771773ea686fa70b40028829836ae89a2d672169b8ebb2efbba76028c08
NCTAVIFile File Creation / Execution
Posted Sep 21, 2009
Authored by the_Edit0r

NCTAVIFile Active-X DLL version 1.6.2 suffers from an insecure file creation and execution vulnerability.

tags | exploit, activex
SHA-256 | dd94df3aba90558aec4635e304c81c3236c5584c19b559a632f17e32b6991a28
Gom Player 2.1.16 Command Execution
Posted Sep 21, 2009
Authored by the_Edit0r

Gom Player version 2.1.16 Active-X related command execution exploit that leverages GomWeb3.dll.

tags | exploit, activex
SHA-256 | 2a8a913998734a5f373444e08d236dddeb058d422d33c9bb6500e3507d9236a9
Dawaween 1.03 SQL Injection
Posted Sep 21, 2009
Authored by Dazz

Dawaween version 1.03 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a156e70c400b0328e12819eec5484d37f2e58ce68c18328d79769daceb6bfd3e
Snort 2.8.x Alert Evasion / Corruption
Posted Sep 21, 2009
Authored by Pablo Rincon Crespo | Site pablo-secdev.blogspot.com

Snort versions 2.8.1 through 2.8.5-beta suffer from an IDS logging alert evasion, logfile corruption, and alert falsification vulnerabilities. Proof of concept included. Further information available at the homepage.

tags | exploit, vulnerability, proof of concept
SHA-256 | 47a83df144ade672eb345a1ceb0cbb347d0fb205e3fa044a51a974fbb775da4a
Ubuntu Security Notice 834-1
Posted Sep 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-834-1 - It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2009-3229, CVE-2009-3230, CVE-2009-3231
SHA-256 | 1cc8e823bffcfd04b7086497156d8f0f84e9ce557955e7f970e2c2827c937fae
Mobius Forensic Toolkit 0.4.8
Posted Sep 21, 2009
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Support for services was implemented. Extension Builder was extended to edit services. A new section about Extension Builder was added to Mobius Tutorial.
tags | tool, python, forensics
SHA-256 | 1e946d6cb871e772b137783156bcec35490bf7a95c3c638abf9cd5fd9d358f6f
John The Ripper 1.7.3.4
Posted Sep 21, 2009
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: "make check" has been implemented (for Unix-like systems only), primarily for use by packages of JtR. The "--test" option will now take an optional argument - the duration of each benchmark in seconds. The section .note.GNU-stack has been added to all assembly files to avoid the stack area unnecessarily being made executable on Linux systems that use this mechanism. Some very minor bugs that did not affect normal operation have been fixed.
tags | cracker
systems | windows, unix, beos
SHA-256 | 017936a2a98e0a4bcec56c53177e4ee8f515ebd5e39fd97e55b1962076eb5d16
BAROSmini 0.32.595 Remote File Inclusion
Posted Sep 21, 2009
Authored by EA Ngel | Site manadocoding.net

BAROSmini version 0.32.595 suffers from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | b2421876562090d6d9b95ca27f072bfaf0f93c53277c8394a13bc19285c9220f
Gentoo Linux Security Advisory 200909-19
Posted Sep 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-19 - Multiple vulnerabilities in Dnsmasq might result in the remote execution of arbitrary code, or a Denial of Service. Versions less than 2.5.0 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2957, CVE-2009-2958
SHA-256 | ec68823361b9638a1384381e81356f03b2d0d93d982e59ba4960888f743dd348
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close