what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 50 RSS Feed

Files Date: 2009-04-21

Studio Lounge Address Book 2.5 Authentication Bypass
Posted Apr 21, 2009
Authored by ThE g0bL!N | Site h4ckf0ru.com

Studio Lounge Address Book version 2.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | e218b9ca427d5dded1002e8d59eb0bc3e3a59cfc82c99dd8a475d17d5a86c0cf
I-Rater Platinum SQL Injection
Posted Apr 21, 2009
Authored by Hakxer

I-Rater Platinum version 4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | c44108e38f90d6f398efd3e369f67ab6a105fa478895004e99a30228c7b91374
Trend Micro OfficeScan Client Denial Of Service
Posted Apr 21, 2009
Authored by Juan Pablo Lopez Yacubian

Trend Micro OfficeScan Client for Windows 8.0 SP1 suffers from a denial of service vulnerability. Proof of concept is in the zip file.

tags | exploit, denial of service, proof of concept
systems | windows
SHA-256 | 102f9c7f326d84e4b68901f071b8f3e0572d7ea01db81a6f006c8f951eece852
Rediff.com Cross Site Scripting
Posted Apr 21, 2009
Authored by Aseem Jakhar | Site null.co.in

Multiple bits of search functionality in rediff.com suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 59d63836bd264f54d9d95ed8c77b0c5c2d42aa6cbf21b6126306234ea151c41c
NotFTP 1.3.1 Local File Inclusion
Posted Apr 21, 2009
Authored by Kacper | Site devilteam.pl

NotFTP version 1.3.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | cbe38e9f96be701d49add9869bf72460018622b3f19277ef09b7bd2efa287464
Debian Linux Security Advisory 1777-1
Posted Apr 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1777-1 - Peter Palfrader discovered that in the Git revision control system, on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges.

tags | advisory, local, root
systems | linux, debian
SHA-256 | 500d8f3151384f814ba1d78f67eb1c977fbe6867618aac9141e9b60ffa3ad885
Debian Linux Security Advisory 1776-1
Posted Apr 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1776-1 - It was discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster job management and scheduling system, did not drop the supplemental groups. These groups may be system groups with elevated privileges, which may allow a valid SLURM user to gain elevated privileges.

tags | advisory
systems | linux, debian
SHA-256 | bcc99d56f7e6067a0879ea95d658212a4a23ce4cfe56779f3d6ea88e34c233e1
Dokeos LMS 1.8.5 PHP Code Injection
Posted Apr 21, 2009
Authored by EgiX

Dokeos LMS versions 1.8.5 and below remote php code injection exploit that kicks back a reverse shell and leverages whoisonline.php.

tags | exploit, remote, shell, php
SHA-256 | f0b09e2882fc239f1226e9456fc3ce190720e3cab172daab59ab0400fac16e39
OpenNHRP NBMA Next Hop Resolution 0.10.3
Posted Apr 21, 2009
Authored by Timo Teras | Site sourceforge.net

OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.

Changes: The C-ares library is now used for asynchronous DNS resolution. MTU handling for registration requests was fixed. A busy NHS could get a opennhrp-script zombie flood, so this has been fixed. The code was changed over to use git and a fancier build system.
tags | encryption, protocol
systems | cisco, linux
SHA-256 | b60f1c90773c234e67ab70e601d7516f72a37f65f67382f2cff9ab025574539e
Oracle RDBMS TNS Listener Proof Of Concept
Posted Apr 21, 2009
Authored by Dennis Yurichev

Oracle RDBMS versions 10.2.0.3 and 11.1.0.6 TNS listener proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2009-0991
SHA-256 | a8aafbc4532ef9d0035dccd0935b39a7da392f76ebb9973af9ff6c1e70f61347
Ubuntu Security Notice 762-1
Posted Apr 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-762-1 - Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become permanently disabled. Michael Casadevall discovered that APT did not properly verify repositories signed with a revoked or expired key. If a repository were signed with only an expired or revoked key and the signature was otherwise valid, APT would consider the repository valid.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2009-1300
SHA-256 | 975eacfd0addf18325b1120ebc834dbbeaecfaecf5d79a606c1bcac81f2293bb
Ubuntu Security Notice 763-1
Posted Apr 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-763-1 - It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. USN-746-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete. This update corrects the problem. Original advisory details: It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-0698, CVE-2009-1274
SHA-256 | a0da351fb7306efd42d22d15a232304aa752909301c6a6254a912fd68382ed7d
Ubuntu Security Notice 761-1
Posted Apr 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-761-1 - It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that PHP did not properly handle the mbstring.func_overload setting within .htaccess files when using virtual hosts. A virtual host administrator could use this flaw to cause settings to be applied to other virtual hosts on the same server. It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10.

tags | advisory, remote, denial of service, php, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2008-5814, CVE-2009-0754, CVE-2009-1271
SHA-256 | a395489f8192730cf1245537c3a3b1a0804639245e2d8915b403959163756996
VS PANEL 7.3.6 SQL Injection
Posted Apr 21, 2009
Authored by Player | Site novusec.com

VS PANEL version 7.3.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f513f0880b0188ccb57a97d524ad86ae90c9dc62e2501ebf14f5b8fb2b071322
Quick.CMS Lite 0.5 SQL Injection
Posted Apr 21, 2009
Authored by Player | Site novusec.com

Quick.CMS Lite version 0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ca0d356e9b484c7fff5746b776c03fb7b3e01a8a69694c6ce21fcb47cf3b035b
CRE Loaded 6.2 SQL Injection
Posted Apr 21, 2009
Authored by Player | Site novusec.com

CRE Loaded version 6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c14df01c0f2a18a8ac34df762760dc4898f9e4cbd000fad77e702d88b966e47b
Zervit 0.3 Denial Of Service
Posted Apr 21, 2009
Authored by shinnai | Site shinnai.altervista.org

Zervit webserver version 0.3 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 8a96d44c8700c28f033ed3d3894d53e2c7c1135fbfe5116c579d56a9530ce035
TotalCalendar 2.4 Local File Inclusion
Posted Apr 21, 2009
Authored by SirGod | Site insecurity.ro

TotalCalendar version 2.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 99a5437ddc1b622b9b0750cd85c1176db45fafcfe13b35f5ed933928abe6dea2
PastelCMS 0.8.0 LFI / SQL Injection
Posted Apr 21, 2009
Authored by SirGod | Site insecurity.ro

PastelCMS version 0.8.0 suffers from remote SQL injection and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 7e15ce7dee26edca6208804e924ab4d9b1b0dec4580fbf12cfc96877caab9ac7
eLitius 1.0 Database Backup
Posted Apr 21, 2009
Authored by ThE g0bL!N | Site h4ckf0ru.com

eLitius version 1.0 arbitrary database backup exploit.

tags | exploit, arbitrary
SHA-256 | 96efe579ecd7e7135f0219b9a12e50a7ca8cc86159a217e0239544dcbc49c81e
Secunia Security Advisory 34812
Posted Apr 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Seditio CMS Events Plugin, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 7a81d47fb08e0d1c0cfea4efa4e189528ba00ece8b018619b6280de7ffd7cd9d
Secunia Security Advisory 34832
Posted Apr 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, ubuntu
SHA-256 | 9d508e28b77a34c6f266d63c1374bd733dfc856e17cd1e993f3ea48d0ab25be6
Secunia Security Advisory 34770
Posted Apr 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for php-json-ext. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, php
systems | linux, debian
SHA-256 | 006550bd93fd23b70ac7dda68eb47f72c8c260480ebf5594162a4b4fb9e1cb8d
Secunia Security Advisory 34828
Posted Apr 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
systems | linux, ubuntu
SHA-256 | 57638088d8543fc9c4cf16533b981a114320c6ff8c97e3a600f428e6ebf9da9a
Secunia Security Advisory 34830
Posted Apr 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | eb0f0b210014250b04a2c1b20d11010850275e1385de25f828798451c690399d
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close