Section: .. / Last 100 Files /
| /// File Name: | ie8-forcedtweet.txt | Description:
| Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets. | | Author: | Chris Evans | | File Size: | 1131 | | Last Modified: | Sep 3 19:25:48 2010 | | MD5 Checksum: | 51e26942b1d61bf8696ece2a57b00b66 |
|
| /// File Name: | smbind-sql.txt | Description:
| SMBind versions 0.4.7 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | IHTeam | | File Size: | 1711 | | Last Modified: | Sep 3 19:21:31 2010 | | MD5 Checksum: | c49af99187546a30749f3a3a4ba5cc44 |
|
| /// File Name: | googlechrome-corruption.txt | Description:
| VUPEN Vulnerability Research Team discovered a high risk vulnerability affecting Google Chrome. The vulnerability is caused by a memory corruption error when processing focus events, which could be exploited by remote attackers to potentially execute arbitrary code by tricking a user into visiting a specially crafted web page. Google Chrome versions prior to 6.0.472.53 are affected. | | Author: | Matthieu Bonetti | | Homepage: | http://www.vupen.com/ | | File Size: | 2371 | | Last Modified: | Sep 3 19:12:55 2010 | | MD5 Checksum: | d7bb1c9543aec34baff17e3f886116fb |
|
| /// File Name: | moaub-visinia.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Visinia version 1.3 suffers from cross site request forgery and local file inclusion vulnerabilities. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 4359 | | Last Modified: | Sep 3 19:10:46 2010 | | MD5 Checksum: | 4f2cdbb83c685adb6510a897eaeaaf25 |
|
| /// File Name: | moaub-trendmicro.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Trend Micro Internet Security Pro 2010 suffers from an Active-X extSetOwner remote code execution vulnerability. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 2172 | | Last Modified: | Sep 3 19:10:11 2010 | | MD5 Checksum: | bc9e1d9b0e93b3baf3ad0e4ace4f8ce6 |
|
| /// File Name: | dsa-2102-1.txt | Description:
| Debian Linux Security Advisory 2102-1 - It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 5479 | | Related CVE(s): | CVE-2010-2725 | | Last Modified: | Sep 3 19:08:51 2010 | | MD5 Checksum: | de4af2887f97b53bbc11ac63308a1a5c |
|
| /// File Name: | HPSBMA02572-SSRT100082.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Operations Agent running on Windows. The vulnerabilities could be exploited locally resulting in an elevation of privileges and remotely allowing execution of arbitrary code. | | Homepage: | http://www.hp.com/ | | File Size: | 6011 | | Related CVE(s): | CVE-2010-3004, CVE-2010-3005 | | Last Modified: | Sep 3 19:04:55 2010 | | MD5 Checksum: | 3a249f396673948dfc9c54350c90b961 |
|
| /// File Name: | MDVSA-2010-170.txt | Description:
| Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5600 | | Related CVE(s): | CVE-2010-2252 | | Last Modified: | Sep 2 23:47:14 2010 | | MD5 Checksum: | 1d5d76c35a7524b8752e4dfab043cf0f |
|
| /// File Name: | glsa-201009-01.txt | Description:
| Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected. | | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 3040 | | Related CVE(s): | CVE-2009-2369 | | Last Modified: | Sep 2 23:46:38 2010 | | MD5 Checksum: | fdf7e822a65781e0b83fcc9be4491798 |
|
| /// File Name: | onecms-xss.txt | Description:
| OneCMS version 2.6.1 suffers from a cross site scripting vulnerability. | | Author: | anT!-Tr0J4n | | File Size: | 897 | | Last Modified: | Sep 2 23:45:56 2010 | | MD5 Checksum: | 740f705d0901e689fd0d4c44af86aedf |
|
| /// File Name: | path-attacks.txt | Description:
| Whitepaper called PATH Attacks. Written in German. | | Author: | fred777 | | File Size: | 4731 | | Last Modified: | Sep 2 23:43:29 2010 | | MD5 Checksum: | 7933cf7d3dc0e60c44aa420b47a80c47 |
|
| /// File Name: | webmanagerpro-sql.txt | Description:
| CMS WebManager-Pro suffers from a remote SQL injection vulnerability. | | Author: | MustLive | | File Size: | 1025 | | Last Modified: | Sep 2 23:21:13 2010 | | MD5 Checksum: | e5db11a98db2675d2b09d59fb6743fc3 |
|
| /// File Name: | suricata-1.0.2.tar.gz | Description:
| Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools. | | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | An SSH module was added. Several TCP evasions were fixed. Language compatibility was improved. HTTP detection accuracy was improved. Inline mode was improved. | | File Size: | 1630936 | | Last Modified: | Sep 2 23:18:47 2010 | | MD5 Checksum: | 57c93a22602ecc9bbe5857beeb79cb5d |
|
| /// File Name: | checksum-shellcode.txt | Description:
| This shellcode is an egg hunter checksum routine. | | Author: | Ron Henry | | File Size: | 2395 | | Last Modified: | Sep 2 23:15:53 2010 | | MD5 Checksum: | 86a11690f9577c5dbe008bd3b2a7d903 |
|
| /// File Name: | USN-982-1.txt | Description:
| Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11134 | | Related CVE(s): | CVE-2010-2252 | | Last Modified: | Sep 2 23:15:02 2010 | | MD5 Checksum: | 772e3ecddbb0e78f9ad1482e49e5c2b0 |
|
| /// File Name: | PRL-2010-07.txt | Description:
| A flaw exists within SSHD.NLM of Novell Netware version 6.5. When the application attempts to resolve an absolute path on the server, a 512 byte destination buffer is used without bounds checking. By providing a large enough value, an attacker can cause a buffer to be overflowed. Successful exploitation results in remote code execution under the context of the server. | | Author: | Francis Provencher | | File Size: | 3448 | | Last Modified: | Sep 2 23:12:50 2010 | | MD5 Checksum: | 0f072e2d9e7ec5d12c5cefae31d95aeb |
|
| /// File Name: | MDVSA-2010-169.txt | Description:
| Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 74322 | | Related CVE(s): | CVE-2010-2754, CVE-2010-0654, CVE-2010-1213, CVE-2010-2753, CVE-2010-1211 | | Last Modified: | Sep 2 23:08:28 2010 | | MD5 Checksum: | 0f02f3eda393e2a0d929deb75ea471a5 |
|
| /// File Name: | moovida-dllhijack.tgz | Description:
| Moovida Media Player versions 2.0.0.15 and below DLL hijacking exploit. | | Author: | Aung Khant | | Homepage: | http://yehg.net/ | | File Size: | 11434 | | Last Modified: | Sep 2 23:06:50 2010 | | MD5 Checksum: | a822bb5288d37ba5b82362025654c4e9 |
|
| /// File Name: | cvechecker-0.5.tar.gz | Description:
| cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage. | | Author: | Sven Vermeulen | | Homepage: | http://cvechecker.sourceforge.net/ | | Changes: | The tool should now build properly on NetBSD and FreeBSD (although more user experience here is still welcome). This release introduces a cvereport command (example output can be found at the project site), and has lowered its initial dependency requirements. pullcves now only loads the CVE XML changes in the database, rather than iterating across all CVE XML entries. | | File Size: | 132624 | | Last Modified: | Sep 2 23:01:40 2010 | | MD5 Checksum: | d6c5e5538ebcc6e87a24a1ff70d38942 |
|
| /// File Name: | moaub-quicktime.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 34415 | | Related CVE(s): | CVE-2010-0519 | | Last Modified: | Sep 2 22:57:48 2010 | | MD5 Checksum: | 3b8e0f535bf0ba3739f15044c0249d16 |
|
| /// File Name: | vbshout-rfilfi.txt | Description:
| vbShout version 5.2.2 suffers from remote and local file inclusion vulnerabilities. | | Author: | fred777 | | File Size: | 1653 | | Last Modified: | Sep 2 22:56:07 2010 | | MD5 Checksum: | 5cb9fe845a66a395c3d63fa172edaaba |
|
| /// File Name: | moaub-rainbowportal.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 7143 | | Last Modified: | Sep 2 22:54:57 2010 | | MD5 Checksum: | 8ae0ef410cda573b1cdcf2b600096f27 |
|
| /// File Name: | shopalacart-sqlxss.txt | Description:
| Shop A La Cart suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | Ariko-Security | | File Size: | 2532 | | Last Modified: | Sep 2 22:47:44 2010 | | MD5 Checksum: | 9e41de6d42151e83c7437d485141d13a |
|
| /// File Name: | accton-backdoor.txt | Description:
| Accton-based switches which are commonly rebranded as 3Com, Dell, SMC, Foundry and EdgeCore suffer from a backdoor password vulnerability. | | Author: | Edwin Eefting,Erik Smit,Erwin Drent | | File Size: | 6586 | | Last Modified: | Sep 2 22:46:06 2010 | | MD5 Checksum: | 24a33d38be40a5f54dc4a7cea823c455 |
|
| /// File Name: | nullconGoa2011-CFP.txt | Description:
| The Call For Papers for nullcon Dwitiya 2.0 is now open. It takes place February 25th through the 26th, 2011 in Goa, India. | | Homepage: | http://nullcon.net/ | | File Size: | 2908 | | Last Modified: | Sep 1 16:40:25 2010 | | MD5 Checksum: | ef8b994b84ef1796e447f7f903b43bfd |
|
| /// File Name: | amirocmsfaq-xss.txt | Description:
| Amiro.CMS version 5.8.4.0 suffers from a stored cross site scripting vulnerability. | | Author: | High-Tech Bridge SA | | Homepage: | http://www.htbridge.ch/ | | File Size: | 3771 | | Last Modified: | Sep 1 16:39:03 2010 | | MD5 Checksum: | fcde2057993cb2b829ddb53e50b7a2db |
|
| /// File Name: | advanced-xss.pdf | Description:
| Whitepaper called Advanced XSS. Written in Arabic. | | Author: | BorN To K!LL | | File Size: | 110621 | | Last Modified: | Sep 1 16:36:19 2010 | | MD5 Checksum: | 0bc888db03f90237ae4c029ade20fe9e |
|
| /// File Name: | moaub01-cpanel.pdf | Description:
| Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | Related Exploit: | moaub-cpanel.txt | | File Size: | 111765 | | Last Modified: | Sep 1 16:33:24 2010 | | MD5 Checksum: | 742e27e87f22754fb5fce6e831b68d44 |
|
| /// File Name: | MDVSA-2010-168.txt | Description:
| Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3636 | | Related CVE(s): | CVE-2010-2939 | | Last Modified: | Sep 1 16:28:29 2010 | | MD5 Checksum: | f0c6c2f4720853cfe16f3b61747fe479 |
|
| /// File Name: | ZSL-2010-4961.txt | Description:
| LEADTOOLS version 16.5.0.2 suffers from buffer overflow, integer overflow and denial of service vulnerabilities related to Active-X Common Dialogs. | | Author: | LiquidWorm | | Homepage: | http://www.zeroscience.mk/ | | File Size: | 5242 | | Last Modified: | Sep 1 16:24:41 2010 | | MD5 Checksum: | a859c3a0f188bdc6e2d5f0c5329cd58f |
|
| /// File Name: | cpanelcp-xss.txt | Description:
| cPanel Customer Portal suffers from a cross site scripting vulnerability. | | Author: | Inj3ct0r | | File Size: | 2163 | | Last Modified: | Sep 1 16:22:47 2010 | | MD5 Checksum: | a21b61d647c5ac039c00c3fc7e05e2c1 |
|
| /// File Name: | tftpddesktop-traversal.txt | Description:
| TFTP Desktop version 2.5 suffers from a directory traversal vulnerability. | | Author: | chr1x | | File Size: | 3682 | | Last Modified: | Sep 1 16:20:39 2010 | | MD5 Checksum: | 898e5d989da95c2440eeba3e54c34fc6 |
|
| /// File Name: | tftpdwin-traversal.txt | Description:
| TFTPDWIN version 0.4.2 suffers from a directory traversal vulnerability. | | Author: | chr1x | | File Size: | 6884 | | Last Modified: | Sep 1 16:18:58 2010 | | MD5 Checksum: | f656003b3289d7a806b0ae3a44cd7add |
|
| /// File Name: | macosxparental-bypass.txt | Description:
| The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent. | | Author: | Jonathan Kamens | | File Size: | 4344 | | Last Modified: | Sep 1 16:14:38 2010 | | MD5 Checksum: | a9781fd5642b187fa7ed3b0e9f72ac7f |
|
| /// File Name: | autodeskmapguide-overflow.txt | Description:
| Autodesk MapGuide Viewer version 6.5 suffers from an Active-X related overflow vulnerability in MGAXCTRL.DLL. | | Author: | d3b4g | | File Size: | 1940 | | Last Modified: | Sep 1 16:10:30 2010 | | MD5 Checksum: | 882756dc9fce01e1d0e666a1cd8c0cf2 |
|
| /// File Name: | moaub-cpanel.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 3736 | | Last Modified: | Sep 1 16:06:39 2010 | | MD5 Checksum: | 3dfa74787ba6fd6279c79324649a56a1 |
|
| /// File Name: | dompdf-rfi.txt | Description:
| Dompdf version 0.6.0 Beta 1 suffers from a remote file inclusion vulnerability. | | Author: | Andre Corleone | | File Size: | 1499 | | Last Modified: | Sep 1 14:13:33 2010 | | MD5 Checksum: | 65ce155bec2ac26b202f7b878a5116a3 |
|
| /// File Name: | mblogger-sql.txt | Description:
| mBlogger version 1.0.04 remote SQL injection exploit that leverages viewpost.php. | | Author: | Ptrace Security | | File Size: | 2424 | | Last Modified: | Sep 1 14:12:28 2010 | | MD5 Checksum: | 51517c5cb1c09c3c9e2adf071970e9e9 |
|
| /// File Name: | 1008-exploits.tgz | Description:
| This archive contains all of the 422 exploits added to Packet Storm in August, 2010. | | Homepage: | http://packetstormsecurity.org/ | | File Size: | 6821139 | | Last Modified: | Sep 1 14:05:29 2010 | | MD5 Checksum: | 4e017168fda6b5d2fb6f9a6d5a68c7dd |
|
| /// File Name: | dbpoweramplocal-overflow.txt | Description:
| dBpowerAMP Audio Player local buffer overflow exploit (EDI overwrite method used). | | Author: | 41.w4r10r,FB1H2S | | File Size: | 5731 | | Related CVE(s): | CVE-2008-0661 | | Last Modified: | Sep 1 14:04:10 2010 | | MD5 Checksum: | de24165a60d1f4dda6138d883a70a3cd |
|
| /// File Name: | artgk-xss.txt | Description:
| ArtGK CMS suffers from cross site scripting vulnerabilities. | | Author: | High-Tech Bridge SA | | Homepage: | http://www.htbridge.ch/ | | File Size: | 3169 | | Last Modified: | Sep 1 13:55:05 2010 | | MD5 Checksum: | de278d4918ab9ef7821bdfba70f7a6ac |
|
| /// File Name: | rooted2011-cfp.txt | Description:
| Rooted CON 2011 Call For Papers - Rooted CON is a security congress which will be held in Madrid (Spain) from 3 to 5 March 2011, whose spectrum of participants ranging from students to state forces and secret services, through professionals of the security market, lawyers, or even technology enthusiasts (and others). | | Homepage: | http://www.rootedcon.es/ | | File Size: | 3153 | | Last Modified: | Sep 1 13:53:18 2010 | | MD5 Checksum: | 70c5eb05ee62e47b227ab137a36a3e29 |
|
| /// File Name: | rumbacms-xss.txt | Description:
| Rumba CMS version 2.4 suffers from cross site scripting vulnerabilities. | | Author: | High-Tech Bridge SA | | Homepage: | http://www.htbridge.ch/ | | File Size: | 3394 | | Last Modified: | Sep 1 13:52:14 2010 | | MD5 Checksum: | d7fad0360466b3a40cd8128ccb988b4b |
|
| /// File Name: | VMSA-2010-0013.txt | Description:
| VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3. | | Homepage: | http://www.vmware.com/ | | File Size: | 10502 | | Related CVE(s): | CVE-2005-4268, CVE-2010-0624, CVE-2010-0624, CVE-2010-2063, CVE-2010-1321, CVE-2010-1168, CVE-2010-1447 | | Last Modified: | Sep 1 13:39:58 2010 | | MD5 Checksum: | b09485d6be1c4762b45d7696cf3e5929 |
|
| /// File Name: | gawker-lfi.txt | Description:
| Gawker suffered from a local file inclusion vulnerability. | | File Size: | 1462 | | Last Modified: | Sep 1 13:38:55 2010 | | MD5 Checksum: | 5a987df6e9b8f7fbe78efb224a29e1f3 |
|
| /// File Name: | MDVSA-2010-167.txt | Description:
| Mandriva Linux Security Advisory 2010-167 - lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a. character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5605 | | Related CVE(s): | CVE-2010-2253 | | Last Modified: | Sep 1 13:36:21 2010 | | MD5 Checksum: | a51472767c3f02ea5ccf9de1e8f2c8ef |
|
| /// File Name: | Botan-1.8.10.tgz | Description:
| Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. | | Homepage: | http://botan.randombit.net/ | | Changes: | This release makes a slight change to how AES is implemented, which makes some forms of cache analysis attacks significantly harder. The default algorithm used for encrypting private keys has changed from 3DES to AES-256, and the default iteration count used for hashing passwords to keys has increased from 2048 to 10000 iterations. Some changes for compatibility with the 1.9 development releases were also made. | | File Size: | 3058648 | | Last Modified: | Aug 31 19:58:14 2010 | | MD5 Checksum: | 9f169ee5921a89260c71a208b0481b5c |
|
| /// File Name: | dsa-2101-1.txt | Description:
| Debian Linux Security Advisory 2101-1 - Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 11187 | | Related CVE(s): | CVE-2010-2994, CVE-2010-2995 | | Last Modified: | Aug 31 19:55:01 2010 | | MD5 Checksum: | 9e4517c5c11a2c8679174a546d3783a4 |
|
| /// File Name: | cartxpress-shelldisclose.txt | Description:
| CartXpress suffers from backup related, file disclosure and shell upload vulnerabilities. | | Author: | indoushka | | File Size: | 4270 | | Last Modified: | Aug 31 19:53:35 2010 | | MD5 Checksum: | d0cde3459bec460f5333b1b809fff27d |
|
| /// File Name: | apphp-xssxsrf.txt | Description:
| ApPHP suffers from cross site request forgery and cross site scripting vulnerabilities. | | Author: | Edgard Chammas | | File Size: | 827 | | Last Modified: | Aug 31 19:50:07 2010 | | MD5 Checksum: | 98d1db1212daa5664ef8d0e3227ebf09 |
|
| /// File Name: | keepass-dllhijack.tgz | Description:
| KeePass Password Safe versions 2.12 and below suffer from a DLL hijacking vulnerability. | | Author: | Aung Khant | | Homepage: | http://yehg.net/ | | File Size: | 6405 | | Last Modified: | Aug 31 19:48:41 2010 | | MD5 Checksum: | 4df8443bd6e31f1e8500adef4f594bb2 |
|
| /// File Name: | wp301-redir.txt | Description:
| WordPress versions 3.0.1 and below suffer from an URL redirection bug. | | Author: | ItSecTeam | | File Size: | 2384 | | Last Modified: | Aug 31 19:46:05 2010 | | MD5 Checksum: | e65e12163ee044a64fbf4b4115b4c734 |
|
| /// File Name: | HPSBMA02571-SSRT100034.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Diagnostics Online Edition running on Linux. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 6111 | | Related CVE(s): | CVE-2010-3003 | | Last Modified: | Aug 31 14:49:21 2010 | | MD5 Checksum: | 4e1948b4fa0864277f76dc2ab1b3e3e0 |
|
| /// File Name: | tortoisesvn-dllhijack.txt | Description:
| Tortoise SVN version 1.6.10 build 19898 suffers from the Windows DLL hijacking vulnerability. | | Author: | Nikhil Mittal | | File Size: | 1131 | | Last Modified: | Aug 31 14:48:05 2010 | | MD5 Checksum: | 18c757c53461202273321eb91c9e2d09 |
|
| /// File Name: | ZDI-10-168.txt | Description:
| Zero Day Initiative Advisory 10-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2990 | | Last Modified: | Aug 31 14:47:29 2010 | | MD5 Checksum: | f1e202e02d5bb2b6edce390377069eac |
|
| /// File Name: | MDVSA-2010-166.txt | Description:
| Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5483 | | Related CVE(s): | CVE-2010-1526 | | Last Modified: | Aug 31 14:47:03 2010 | | MD5 Checksum: | 74a5e32dcc8de585e13eaffbfbd944b5 |
|
| /// File Name: | webideas-sql.txt | Description:
| Web-Ideas Web Shop Standard suffers from a remote SQL injection vulnerability. | | Author: | Ariko-Security | | File Size: | 1303 | | Last Modified: | Aug 31 14:45:20 2010 | | MD5 Checksum: | 8b0ebafe552baf5accfa95d7cbe31b57 |
|
| /// File Name: | ninga.zip | Description:
| This is a proof of concept, self replicating, social network based malware for NING. | | Author: | James Bercegay | | File Size: | 1750 | | Last Modified: | Aug 31 14:43:01 2010 | | MD5 Checksum: | 5a18d712327fbb7191111ebeddc05e49 |
|
| /// File Name: | USN-981-1.txt | Description:
| Ubuntu Security Notice 981-1 - It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 4848 | | Related CVE(s): | CVE-2010-2253 | | Last Modified: | Aug 31 14:40:21 2010 | | MD5 Checksum: | 1b6f8fba75621cbb77aeb7061fc7668c |
|
| /// File Name: | joomlajefaqpro-sql.txt | Description:
| The Joomla JE FAQ component suffers from a remote blind SQL injection vulnerability. | | Author: | Chip D3 Bi0s | | File Size: | 1623 | | Last Modified: | Aug 31 14:39:36 2010 | | MD5 Checksum: | 1197b45ece79014db6580ecc0355c99b |
|
| /// File Name: | USN-980-1.txt | Description:
| Ubuntu Security Notice 980-1 - Julius Plenz discovered that bogofilter incorrectly handled certain malformed encodings. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 13555 | | Related CVE(s): | CVE-2010-2494 | | Last Modified: | Aug 31 14:38:55 2010 | | MD5 Checksum: | 3e230abdd37c42ca6371757ffe07ce1b |
|
| /// File Name: | voidssh.tar.gz | Description:
| Void SSH is a python script that performs multithreaded bruteforcing. | | Author: | 5ynL0rd | | File Size: | 844198 | | Last Modified: | Aug 31 14:34:50 2010 | | MD5 Checksum: | 5cb7c40c585e98516de99556d2eea61f |
|
| /// File Name: | joomlapicsell-disclose.txt | Description:
| The Joomla PicSell component suffers from a file disclosure vulnerability. | | Author: | Craw | | File Size: | 636 | | Last Modified: | Aug 31 14:34:04 2010 | | MD5 Checksum: | 1237cdeb9b8aad75ee580ced114fd4ee |
|
| /// File Name: | HPSBUX02552-SSRT100062.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Software Distributor (sd). The vulnerability could be exploited locally to grant an increase in privilege, or to permit unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6949 | | Related CVE(s): | CVE-2010-2712 | | Last Modified: | Aug 31 14:32:17 2010 | | MD5 Checksum: | acc794ce0bdf65f028c00b56a9387ca4 |
|
| /// File Name: | dsa-2100-1.txt | Description:
| Debian Linux Security Advisory 2100-1 - George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 12897 | | Related CVE(s): | CVE-2010-2939 | | Last Modified: | Aug 30 19:21:02 2010 | | MD5 Checksum: | 778bdc01f758228ffbcc2e477119adc1 |
|
| /// File Name: | MDVSA-2010-165.txt | Description:
| Mandriva Linux Security Advisory 2010-165 - Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service via a string that is inconsistent with the expected number of fields. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4359 | | Related CVE(s): | CVE-2010-2947 | | Last Modified: | Aug 30 19:20:45 2010 | | MD5 Checksum: | 400b8ccbc492684a50d95e2110209de1 |
|
| /// File Name: | auditx.tgz | Description:
| AuditX is a shell script that performs initial information gathering for a given target. Can be used prior to a penetration test, etc. | | Author: | noptrix | | Homepage: | http://www.noptrix.net/ | | File Size: | 7446 | | Last Modified: | Aug 30 19:17:26 2010 | | MD5 Checksum: | 736c752f3f1466dae83bda3fe1b51ede |
|
| /// File Name: | binary-english.pdf | Description:
| Whitepaper called Binary Modification [Patching Vulnerabilities]. This is the English version. | | Author: | Celil Unuver | | File Size: | 284983 | | Last Modified: | Aug 30 19:12:30 2010 | | MD5 Checksum: | 85fa8394f35b6a450f70a016ac0f5f50 |
|
| /// File Name: | R7-0036.txt | Description:
| Rapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6. | | Author: | H D Moore,Rapid7,Will Vandevanter | | Homepage: | http://www.rapid7.com/ | | File Size: | 2277 | | Related CVE(s): | CVE-2009-4444 | | Last Modified: | Aug 30 19:10:27 2010 | | MD5 Checksum: | 734bd64d3ff9aa05f3b480e0cd0300eb |
|
| /// File Name: | apple_quicktime_marshaled_punk.rb.txt | Description:
| This Metasploit module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit utilizes a combination of heap spraying and the QuickTimeAuthoring.qtx module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions. NOTE: The addresses may need to be adjusted for older versions of QuickTime. | | Author: | Ruben Santamarta,jduck | | Homepage: | http://www.metasploit.com | | File Size: | 7052 | | Related CVE(s): | CVE-2010-1818 | | Last Modified: | Aug 30 19:00:59 2010 | | MD5 Checksum: | 7ad044f928efe468c6ea9c5cb5d51a74 |
|
| /// File Name: | appleqtmp-exec.txt | Description:
| Apple QuickTime suffers from a "_Marshaled_pUnk" backdoor parameter client-side arbitrary code execution vulnerability. | | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 14998 | | Last Modified: | Aug 30 18:57:48 2010 | | MD5 Checksum: | e93ace586ff41f998cf0bacbb39e6d88 |
|
| /// File Name: | dhcp-attacker.pdf | Description:
| Whitepaper called DHCP Attack3r - DHCP Spoofing / Starvation. Written in Arabic. | | Author: | rOckHuntEr | | File Size: | 137344 | | Last Modified: | Aug 30 18:50:05 2010 | | MD5 Checksum: | 02f0384a52d3f9e9e002b2d3889f96f6 |
|
| /// File Name: | gcdc-elf.txt | Description:
| Whitepaper called Global Constructor and Destructor Crashes in the ELF File System. | | Author: | murderkey | | File Size: | 8546 | | Last Modified: | Aug 30 18:54:09 2010 | | MD5 Checksum: | 4bfc91b553a52d8de187c1517d3aa250 |
|
| /// File Name: | MDVSA-2010-164.txt | Description:
| Mandriva Linux Security Advisory 2010-164 - It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for this security issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2403 | | Related CVE(s): | CVE-2010-3056 | | Last Modified: | Aug 30 18:44:21 2010 | | MD5 Checksum: | 3be3a6120fce5c38be0b4281112147da |
|
| /// File Name: | safarisgv-dos.txt | Description:
| Safari for Windows invalid SGV text style denial of service vulnerability that leverages Webkit.dll. | | Author: | MustLive | | File Size: | 2164 | | Last Modified: | Aug 30 18:42:46 2010 | | MD5 Checksum: | 7ec3fe1793cf146cc5e0d313c9ed5fc4 |
|
| /// File Name: | dsa-2099-1.txt | Description:
| Debian Linux Security Advisory 2099-1 - Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 69317 | | Related CVE(s): | CVE-2010-2935, CVE-2010-2936 | | Last Modified: | Aug 30 18:41:38 2010 | | MD5 Checksum: | 78c12e5aea3880b86988e87ed64e14f2 |
|
| /// File Name: | ekoparty6-training.txt | Description:
| Formal announcement regarding the agenda and training related to the Ekoparty Security Conference and Training - 6th Edition. It is being held from September 13th through the 15th, 2010, in Buenos Aires City, Argentina. | | Homepage: | http://www.ekoparty.com.ar/ | | File Size: | 4655 | | Last Modified: | Aug 30 18:39:09 2010 | | MD5 Checksum: | a5182636ddc0e9298d969a6ba45eec46 |
|
| /// File Name: | orangespain-disclose.txt | Description:
| Orange Spain is adding the user MSISDN in every HTTP request it sends. Due to this, any web site you visit now has your number. | | Author: | xuf | | File Size: | 1190 | | Last Modified: | Aug 30 18:15:11 2010 | | MD5 Checksum: | fb788f399f4ea82ce7c3034d9fd9b97e |
|
| /// File Name: | seagull-rfi.txt | Description:
| Seagull version 0.6.7 suffers from remote file inclusion vulnerabilities. | | Author: | FoX HaCkEr | | File Size: | 1107 | | Last Modified: | Aug 30 18:12:58 2010 | | MD5 Checksum: | 698dcf5ebca0a2a60aa3b33cdc5d5a44 |
|
| /// File Name: | cfimagehosting-disclose.txt | Description:
| CF Image Hosting Script version 1.3 suffers from a database disclosure vulnerability. | | Author: | Dr.Saudi | | File Size: | 549 | | Last Modified: | Aug 30 18:11:23 2010 | | MD5 Checksum: | 7973b8d7314f0256d73262283b3dc3df |
|
| /// File Name: | virtdj-vuln.txt | Description:
| Virtual DJ version 6.1.2 DLL hijacking exploit that leverages hdjapi.dll while loading .mp3 content. | | Author: | Classity Security Scans | | Homepage: | http://www.classity.nl/ | | File Size: | 666 | | Last Modified: | Aug 30 18:08:33 2010 | | MD5 Checksum: | 6552b5ef24190ba330da50f0888896e5 |
|
| /// File Name: | bsplayer-vuln-ehtraceDLL.txt | Description:
| BS Player version 2.56 DLL hijacking exploit. | | Author: | Classity Security Scans | | Homepage: | http://www.classity.nl/ | | File Size: | 661 | | Last Modified: | Aug 30 18:07:47 2010 | | MD5 Checksum: | 35c98e79724baf98aa0880e4afedff7c |
|
| /// File Name: | windowsbackup-dllhijack.txt | Description:
| Microsoft Windows 7 / Vista backup utility sdclt.exe fveapi.dll DLL hijacking exploit. | | Author: | Christian Heinrich | | File Size: | 1296 | | Last Modified: | Aug 30 18:05:27 2010 | | MD5 Checksum: | 585e03acfe30337026381ca0d0ab85bc |
|
| /// File Name: | daemontools-dllhijack.txt | Description:
| Daemon Tools Lite versions 4.35.6.0091 and below mfc80loc.dll DLL hijacking exploit. | | Author: | Christian Heinrich | | File Size: | 1297 | | Last Modified: | Aug 30 18:03:59 2010 | | MD5 Checksum: | 77ef249904bd3ac9c7b90e298e229746 |
|
| /// File Name: | MDVSA-2010-163.txt | Description:
| Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2791 | | Related CVE(s): | CVE-2010-3055, CVE-2010-3056 | | Last Modified: | Aug 30 18:02:54 2010 | | MD5 Checksum: | d248f7348fefef070fc9b5eb58537666 |
|
| /// File Name: | guestbookplus-redir.txt | Description:
| GuestBookPlus suffers from comment restriction bypass and html injection vulnerabilities. | | Author: | MiND | | File Size: | 1568 | | Last Modified: | Aug 30 18:01:23 2010 | | MD5 Checksum: | 03ca280256ec1a44fa5b99d689d410db |
|
| /// File Name: | dsa-2098-1.txt | Description:
| Debian Linux Security Advisory 2098-1 - Several remote vulnerabilities have been discovered in the TYPO3 web SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3580 | | Last Modified: | Aug 30 17:58:33 2010 | | MD5 Checksum: | 3f95a2a22284f1eddb22cc015afa5722 |
|
| /// File Name: | qtweb-dllhijack.tgz | Description:
| QtWeb Browser version 3.3 build 043 DLL hijacking exploit. | | Author: | Aung Khant | | Homepage: | http://yehg.net/ | | File Size: | 6842 | | Last Modified: | Aug 30 17:57:10 2010 | | MD5 Checksum: | a61ba519336b8cb290a240a5a1997066 |
|
| /// File Name: | maxthon-dllhijack.tgz | Description:
| Maxthon Browser version 2.5.15.1000 DLL hijacking exploit that leverages dwmapi.dll. | | Author: | Aung Khant | | Homepage: | http://yehg.net/ | | File Size: | 6808 | | Last Modified: | Aug 30 17:54:17 2010 | | MD5 Checksum: | daebc041ed83ae09d1c932d3fb0c4c61 |
|
| /// File Name: | encfs-1.7.tgz | Description:
| EncFS is an encrypted pass-through filesystem which runs in userspace on Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size. | | Author: | Valient Gough | | Homepage: | http://www.arg0.net/encfs | | Changes: | Initialization vector setup for new filesystems was replaced, which helps against a watermark attack. | | Related Exploit: | watermark-attack-encfs.tar.gz | | File Size: | 930040 | | Last Modified: | Aug 30 17:47:55 2010 | | MD5 Checksum: | 16e157fb813f2d11c9af5f092039579b |
|
| /// File Name: | diycms-rfi.txt | Description:
| DiY-CMS version 1.0 suffers from multiple remote file inclusion vulnerabilities. | | Author: | LoSt.HaCkEr | | File Size: | 1077 | | Last Modified: | Aug 30 17:45:31 2010 | | MD5 Checksum: | cc1c0d0c533eb654c795580f19e0575d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
