Section: .. / Last 100 Files /
| /// File Name: | flashquiz-sql.txt | Description:
| Flash Quiz Beta 2 suffers from multiple remote SQL injection vulnerabilities. | | Author: | YEnH4ckEr | | File Size: | 4799 | | Last Modified: | May 21 20:16:06 2009 | | MD5 Checksum: | 79e83f1d8fff471add51b29468c06e30 |
|
| /// File Name: | zaocms-disclose.txt | Description:
| ZaoCMS suffers from a remote file disclosure vulnerability in download.php. | | Author: | ThE g0bL!N | | Homepage: | http://h4ckf0ru.com/ | | File Size: | 984 | | Last Modified: | May 21 20:13:03 2009 | | MD5 Checksum: | 502b4c44e359088633e8cc81b5a93d98 |
|
| /// File Name: | zaocms-insecure.txt | Description:
| ZaoCMS suffers from an insecure cookie handling vulnerability. | | Author: | ThE g0bL!N | | Homepage: | http://h4ckf0ru.com/ | | File Size: | 764 | | Last Modified: | May 21 20:12:09 2009 | | MD5 Checksum: | c7f9db9207db7329f8eb5fcc88d0019b |
|
| /// File Name: | articledir-blindsql.txt | Description:
| Article Directory suffers from a remote blind SQL injection vulnerability in page.php. | | Author: | ThE g0bL!N | | Homepage: | http://h4ckf0ru.com/ | | File Size: | 806 | | Last Modified: | May 21 20:10:23 2009 | | MD5 Checksum: | a25fed9e80f418229a3e08397968dcb3 |
|
| /// File Name: | MDVSA-2009-121.txt | Description:
| Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6914 | | Related CVE(s): | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793 | | Last Modified: | May 21 19:47:59 2009 | | MD5 Checksum: | 9aaa6e5338f13acaf3205e37a5a22ca6 |
|
| /// File Name: | MDVSA-2009-120.txt | Description:
| Mandriva Linux Security Advisory 2009-120 - Multiple security vulnerabilities has been identified and fixed in OpenSSL. The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5616 | | Related CVE(s): | CVE-2009-1377, CVE-2009-1378 | | Last Modified: | May 21 19:46:48 2009 | | MD5 Checksum: | 40411a2c25d7fd9f6200712d9f70d18c |
|
| /// File Name: | articledirectory-sql.txt | Description:
| Article Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Hakxer | | File Size: | 2061 | | Last Modified: | May 21 19:42:52 2009 | | MD5 Checksum: | c12c1f4808e1303485e28367920a5e8b |
|
| /// File Name: | jobscript-upload.txt | Description:
| Job Script version 2.0 suffers from an arbitrary shell upload vulnerability. | | Author: | Hakxer | | File Size: | 1217 | | Last Modified: | May 21 19:41:58 2009 | | MD5 Checksum: | 5245a601d40ab4035909b482f64b600e |
|
| /// File Name: | aspinlinecc-sqlxss.txt | Description:
| ASP Inline Corporate Calendar suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | Bl@ckbe@rd | | File Size: | 1332 | | Last Modified: | May 21 19:36:08 2009 | | MD5 Checksum: | d4427407dd890bd7747e1e11f99a2229 |
|
| /// File Name: | vicidial-sql.txt | Description:
| Vicidial Call Center Suite suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Striker7 | | File Size: | 1024 | | Last Modified: | May 21 19:34:16 2009 | | MD5 Checksum: | 6f9d072d28046233760d43790aa5835c |
|
| /// File Name: | DDIVRT-2009-25.txt | Description:
| The web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability. | | Author: | David Marshall,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 869 | | Last Modified: | May 21 19:32:14 2009 | | MD5 Checksum: | a9e4c0a0fb5a55991acaf2f0e3c218fe |
|
| /// File Name: | chinagames-exec.txt | Description:
| ChinaGames Active-X related remote code execution exploit. | | Author: | etirah | | File Size: | 1697 | | Last Modified: | May 21 19:30:52 2009 | | MD5 Checksum: | b4e4a1135cd48de152edfc62d0d34df2 |
|
| /// File Name: | baofeng-exec.txt | Description:
| BaoFeng Active-X related remote code execution exploit. | | Author: | etirah | | File Size: | 1752 | | Last Modified: | May 21 19:29:06 2009 | | MD5 Checksum: | 747e205acea99eae101b09eac2147010 |
|
| /// File Name: | msiiswebdav-bypass.txt | Description:
| Remote authentication bypass exploit for the WebDAV vulnerability in Microsoft IIS 6.0. | | Author: | Andrew Orr,Ron Bowes | | Homepage: | http://www.skullsecurity.org/ | | File Size: | 4218 | | Last Modified: | May 21 15:01:22 2009 | | MD5 Checksum: | 88f5c6917ad436df1a16908de6c90d8f |
|
| /// File Name: | 05.19.09-1.txt | Description:
| iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected. | | Homepage: | http://www.idefense.com/ | | File Size: | 3014 | | Last Modified: | May 21 02:26:05 2009 | | MD5 Checksum: | f5df636d3549f48d5c7b51f6d5d3826e |
|
| /// File Name: | CORE-2009-0109.txt | Description:
| Core Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system. | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 13660 | | Related CVE(s): | CVE-2009-1729 | | Last Modified: | May 21 02:23:41 2009 | | MD5 Checksum: | 66cba81d15ed53317ac0960af46eaf8b |
|
| /// File Name: | cisco-sa-20090520-cw.txt | Description:
| Cisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. | | Homepage: | http://www.cisco.com/ | | File Size: | 12910 | | Related CVE(s): | CVE-2009-1161 | | Last Modified: | May 21 02:09:39 2009 | | MD5 Checksum: | 36b09d3bf0be6807065752275ed88f69 |
|
| /// File Name: | dsa-1804-1.txt | Description:
| Debian Security Advisory 1804-1 - Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the | | Homepage: | http://www.debian.org/security | | File Size: | 11559 | | Related CVE(s): | CVE-2009-1574, CVE-2009-1632 | | Last Modified: | May 21 02:08:56 2009 | | MD5 Checksum: | 9d111a30fa624f6f607795fce1599ab2 |
|
| /// File Name: | dsa-1803-1.txt | Description:
| Debian Security Advisory 1803-1 - Ilja van Sprundel discovered that a buffer overflow in NSD, an authoritative name service daemon, allowed to crash the server by sending a crafted packet, creating a denial of service. | | Homepage: | http://www.debian.org/security | | File Size: | 10067 | | Last Modified: | May 21 02:08:09 2009 | | MD5 Checksum: | b9589c40ffe0addcb77a8b0c17742132 |
|
| /// File Name: | jorp-remove.txt | Description:
| Jorp version 1.3.05.09 suffers from an arbitrary removal of projects and tasks vulnerabilities. | | Author: | YEnH4ckEr | | File Size: | 4762 | | Last Modified: | May 21 02:05:13 2009 | | MD5 Checksum: | 0d62b4ad9cbad0d80d38e1334c8a326f |
|
| /// File Name: | bspeak-sql.txt | Description:
| bSpeak version 1.10 suffers from a remote blind SQL injection vulnerability. | | Author: | Snakespc | | Homepage: | http://www.snakespc.com/sc | | File Size: | 1362 | | Last Modified: | May 21 02:03:24 2009 | | MD5 Checksum: | 491a5a50a5fd1ffd83a6743e0e251355 |
|
| /// File Name: | javax.tgz | Description:
| Mac OS X Java applet deserialization proof of concept exploit. | | Author: | str0ke | | Related File: | macosxjava-poc.txt | | File Size: | 4955 | | Last Modified: | May 20 19:46:49 2009 | | MD5 Checksum: | 1a00d02403f11660eb1e0840a0497f55 |
|
| /// File Name: | phpap-bypass.txt | Description:
| PHP Article Publisher suffers from an arbitrary authentication bypass vulnerability. | | Author: | ThE g0bL!N | | Homepage: | http://h4ckf0ru.com/ | | File Size: | 952 | | Last Modified: | May 20 20:45:39 2009 | | MD5 Checksum: | a8b993d40415d4c64c3215063b011c65 |
|
| /// File Name: | nclinklist-exec.txt | Description:
| NC LinkList version 1.3.1 remote command injection exploit. | | Author: | ThE g0bL!N | | Homepage: | http://h4ckf0ru.com/ | | File Size: | 1672 | | Last Modified: | May 20 20:18:53 2009 | | MD5 Checksum: | e180ebf6aea6ac62717e1af1b126635b |
|
| /// File Name: | ncgbook-exec.txt | Description:
| NC GBook version 1.0 remote command injection exploit. | | Author: | ThE g0bL!N | | Homepage: | http://h4ckf0ru.com/ | | File Size: | 1596 | | Last Modified: | May 20 20:13:20 2009 | | MD5 Checksum: | 59dbb1266a4afc6de046cbc0bbd88e18 |
|
| /// File Name: | catviz-lfixss.txt | Description:
| Catviz 0.4.0b1 suffers from local file inclusion and cross site scripting vulnerabilities. | | Author: | ByALBAYX | | Homepage: | http://www.c4team.org/ | | File Size: | 1929 | | Last Modified: | May 20 20:11:01 2009 | | MD5 Checksum: | 8990fee70edfeb9e4cd23a0618a139d9 |
|
| /// File Name: | exjune-reconfigure.txt | Description:
| exJune Officer Message System version 1 suffers from a direct access reconfiguration vulnerability. | | Author: | ByALBAYX | | Homepage: | http://www.c4team.org/ | | File Size: | 650 | | Last Modified: | May 20 20:08:40 2009 | | MD5 Checksum: | 21e81c68a0637dc91f405609ded22bc1 |
|
| /// File Name: | joomlacasino-sql.txt | Description:
| The Joomla Casino component version 0.3.1 suffers from multiple SQL injection vulnerabilities. | | Author: | ByALBAYX | | Homepage: | http://www.c4team.org/ | | File Size: | 4503 | | Last Modified: | May 20 19:50:31 2009 | | MD5 Checksum: | 29b8116c02ba4b6be36f4c41755f9944 |
|
| /// File Name: | pdfresurrect-v0_5.tar.gz | Description:
| PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read. | | Author: | enferex | | Homepage: | http://www.757labs.com/projects/pdfresurrect | | Changes: | Minor changes were made. A more portable exit call is used. Some under-the-hood possibilities were added for dealing with xref streams that are compressed (which are possible in PDFs of version 1.5 or later). A message will be displayed if such an xref table is found. Some notes on validity and security have been added to the README. | | File Size: | 54691 | | Last Modified: | May 20 10:18:19 2009 | | MD5 Checksum: | d8038eb61ed0160a2eb02507b3f12c42 |
|
| /// File Name: | galeri-sql.txt | Description:
| Galeri 1 suffers from a remote SQL injection vulnerability in galeri1.asp. | | Author: | PLATEN | | File Size: | 659 | | Last Modified: | May 20 10:14:24 2009 | | MD5 Checksum: | a00c041d29264799c23c5ee7994e8759 |
|
| /// File Name: | USN-777-1.txt | Description:
| Ubuntu Security Notice USN-777-1 - A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 12800 | | Related CVE(s): | CVE-2009-0159, CVE-2009-1252 | | Last Modified: | May 19 21:29:13 2009 | | MD5 Checksum: | 6772e704e4416eb3f860a345bda9eed1 |
|
| /// File Name: | drupalrole-xss.txt | Description:
| The Drupal version 6.12 suffers from a cross site scripting vulnerability. This is to be taken with a grain of salt as administrative privileges are needed. | | Author: | Justin C. Klein Keane | | File Size: | 2803 | | Last Modified: | May 19 21:25:35 2009 | | MD5 Checksum: | 23a8cd832282848464f935f9bad072db |
|
| /// File Name: | ZDI-09-023.txt | Description:
| Zero Day Initiative Advisory 09-023 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw appears to exist in the ATSServer font server upon parsing of malicious Compact Font Format files. A boundary condition exists in the parsing of internal dictionaries that can lead to a memory corruption allowing the execution of arbitrary code. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2377 | | Related CVE(s): | CVE-2009-0154 | | Last Modified: | May 19 21:23:43 2009 | | MD5 Checksum: | 38093e10b88de9a803aacc0c08f2fee7 |
|
| /// File Name: | ZDI-09-022.txt | Description:
| Zero Day Initiative Advisory 09-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2686 | | Related CVE(s): | CVE-2009-0945 | | Last Modified: | May 19 21:23:12 2009 | | MD5 Checksum: | 1230a8a0bbc65f590e8e2ef692a33f8c |
|
| /// File Name: | dogpedigree-sql.txt | Description:
| Dog Pedigree Online Database version 1.0.1-Beta suffers from a blind SQL injection vulnerability. | | Author: | YEnH4ckEr | | File Size: | 7855 | | Last Modified: | May 19 21:21:11 2009 | | MD5 Checksum: | ff6470f02d3750d01c9c830cd634c0e5 |
|
| /// File Name: | dogpedigree-insecure.txt | Description:
| Dog Pedigree Online Database version 1.0.1-Beta suffers from a SQL injection vulnerability in the way it handles cookies. | | Author: | YEnH4ckEr | | File Size: | 4888 | | Last Modified: | May 19 21:19:41 2009 | | MD5 Checksum: | 9dc788ce68035aab18d2bfa85a9e9602 |
|
| /// File Name: | mycolex-sqlxss.txt | Description:
| my-colex version 1.4.2 suffers from authentication bypass, remote SQL injection, and cross site scripting vulnerabilities. | | Author: | YEnH4ckEr | | File Size: | 4757 | | Last Modified: | May 19 21:18:41 2009 | | MD5 Checksum: | 5af9de9330654e690f26c0eaa5d21363 |
|
| /// File Name: | HPSBMA02427-SSRT090069.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender running Easy Login. The vulnerability could be exploited remotely to gain unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 5989 | | Related CVE(s): | CVE-2009-0721 | | Last Modified: | May 19 21:16:46 2009 | | MD5 Checksum: | 904bdc1ba27f5963e45c3c87b9c0ba93 |
|
| /// File Name: | MDVSA-2009-117.txt | Description:
| Mandriva Linux Security Advisory 2009-117 - A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5549 | | Related CVE(s): | CVE-2009-1252 | | Last Modified: | May 19 19:05:06 2009 | | MD5 Checksum: | fda94d8fb3b0e087338f79bd5d4f9ba4 |
|
| /// File Name: | HPSBMA02426-SSRT090053.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6353 | | Related CVE(s): | CVE-2008-5077, CVE-2008-5814 | | Last Modified: | May 19 19:02:50 2009 | | MD5 Checksum: | 1381726df24cbba5dce7400bcc237799 |
|
| /// File Name: | dmfilemanager-sql.txt | Description:
| DM FileManager version 3.9.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Snakespc | | Homepage: | http://www.snakespc.com/sc | | File Size: | 1022 | | Last Modified: | May 19 19:01:25 2009 | | MD5 Checksum: | 8f0830cd65c9fee219020ea97d3c47f4 |
|
| /// File Name: | kingsoftws-xssexec.txt | Description:
| KingSoft Web Shield versions 1.1.0.62 and below suffer from cross site scripting and code execution vulnerabilities. | | Author: | inking | | File Size: | 1339 | | Last Modified: | May 19 18:59:56 2009 | | MD5 Checksum: | acee06692f1cb73142df97d5aa309305 |
|
| /// File Name: | steam-xss.txt | Description:
| STEAM from Valve Software suffers from cross site scripting and phishing related vulnerabilities. | | Author: | Gabriel Lima | | File Size: | 2193 | | Last Modified: | May 19 18:57:30 2009 | | MD5 Checksum: | 7bfcb961bd532d0c0bf287da1c4555f8 |
|
| /// File Name: | dsa-1801-1.txt | Description:
| Debian Security Advisory 1801-1 - Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. | | Homepage: | http://www.debian.org/security | | File Size: | 12576 | | Related CVE(s): | CVE-2009-0159, CVE-2009-1252 | | Last Modified: | May 19 18:56:45 2009 | | MD5 Checksum: | 83ab30109b1e07a859a544be176fbceb |
|
| /// File Name: | cpgal1422-sql.txt | Description:
| Coppermine Photo Gallery versions 1.4.22 and below remote SQL injection and local file inclusion exploit. | | Author: | __GiReX__ | | Homepage: | http://girex.altervista.org/ | | File Size: | 4946 | | Last Modified: | May 19 18:49:02 2009 | | MD5 Checksum: | 9166a187ab57888a5b8cac8b2f07fb4c |
|
| /// File Name: | padsite-insecure.txt | Description:
| PAD Site Scripts version 3.6 suffers from an insecure cookie handling vulnerability. | | Author: | Mr.tro0oqy | | File Size: | 1185 | | Last Modified: | May 19 18:46:44 2009 | | MD5 Checksum: | fb9a9221cc73c828f2ad368147000896 |
|
| /// File Name: | HPSBMA02428-SSRT090048.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP System ManagementHomepage (SMH) for Linux and Windows. This vulnerability could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6305 | | Related CVE(s): | CVE-2009-1418 | | Last Modified: | May 19 18:39:56 2009 | | MD5 Checksum: | f05a68a4baa7d38583fdd330205a9b33 |
|
| /// File Name: | joomlagsticket-sql.txt | Description:
| Remote blind SQL injection exploit for the Joomla GSTicketSystem component. | | Author: | Cyb3r-1sT | | File Size: | 2431 | | Last Modified: | May 19 18:38:27 2009 | | MD5 Checksum: | 4c6469b313708533906b893282a9df3f |
|
| /// File Name: | netdecision-traversal.txt | Description:
| NetDecision TFTP Server version 4.2 suffers from a remote directory traversal vulnerability. | | Author: | princeofnigeria | | File Size: | 2824 | | Last Modified: | May 19 18:37:15 2009 | | MD5 Checksum: | a90e24194e7e61a22bc8cf03fcd677a2 |
|
| /// File Name: | vidshare-upload.txt | Description:
| VidShare Pro suffers from an arbitrary shell upload vulnerability. | | Author: | Cyb3r-1sT | | File Size: | 2031 | | Last Modified: | May 19 18:36:06 2009 | | MD5 Checksum: | ebb3924733023d019bc6e58046582949 |
|
| /// File Name: | TKADV2009-006.txt | Description:
| lidsndfile versions 1.0.19 and below and Winamp versions 5.552 and below suffer from a VOC processing heap buffer overflow vulnerability. | | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 5220 | | Last Modified: | May 19 18:33:14 2009 | | MD5 Checksum: | 68ddfa92158bdd1e4441462f632c2d6e |
|
| /// File Name: | httpdxcwd-overflow.txt | Description:
| httpdx versions 0.5b and below CWD related remote buffer overflow exploit. | | Author: | His0k4 | | File Size: | 2879 | | Last Modified: | May 19 18:32:17 2009 | | MD5 Checksum: | e6c0c5ba1f3782a056ee746dcef857b6 |
|
| /// File Name: | aoliwinamp-overflow.txt | Description:
| AOL IWinAmpActiveX Class ConvertFile() remote overflow exploit for Internet Explorer versions 6 and 7 that leverages AmpX.dll version 2.4.0.6. Old unreleased exploit from the rgod archive. | | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 4158 | | Last Modified: | May 19 18:30:13 2009 | | MD5 Checksum: | bf7c603162bf0b8448284296469524ec |
|
| /// File Name: | pbania-spiderpig2008.pdf | Description:
| Whitepaper called Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case). | | Author: | Piotr Bania | | Homepage: | http://piotrbania.com/ | | File Size: | 630018 | | Last Modified: | May 18 23:43:06 2009 | | MD5 Checksum: | a55ed5e2cf789ab46dd5ae2da4480210 |
|
| /// File Name: | TZO-22-2009.txt | Description:
| Avira Antivir suffers from a generic PDF evasion vulnerability. | | Author: | Thierry Zoller | | File Size: | 3989 | | Last Modified: | May 18 22:02:20 2009 | | MD5 Checksum: | b674301dfd1ba4516b7eae9b0745f499 |
|
| /// File Name: | TZO-23-2009.txt | Description:
| Bitdefender suffers from a generic PDF evasion vulnerability. | | Author: | Thierry Zoller | | File Size: | 3385 | | Last Modified: | May 18 22:00:18 2009 | | MD5 Checksum: | 0327ae1c998e5f6bb199c5bff54a26ce |
|
| /// File Name: | drupalcck-xss.txt | Description:
| The Drupal Content Creation Kit (CCK) suffers from a cross site scripting vulnerability. Version 6.12 with CCK 6.x-2.2 is affected. | | Author: | Justin C. Klein Keane | | File Size: | 3100 | | Last Modified: | May 18 21:55:49 2009 | | MD5 Checksum: | bf302646cfca4dcac4fd4abac8b9931c |
|
| /// File Name: | MDVSA-2009-116.txt | Description:
| Mandriva Linux Security Advisory 2009-116 - lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6340 | | Related CVE(s): | CVE-2009-1415, CVE-2009-1416, CVE-2009-1417 | | Last Modified: | May 18 21:49:09 2009 | | MD5 Checksum: | 4d2a1671b762f8f1aa2a6ad0b858ea0d |
|
| /// File Name: | MDVSA-2009-115.txt | Description:
| Mandriva Linux Security Advisory 2009-115 - Multiple vulnerabilities has been identified and corrected in phpMyAdmin. Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3204 | | Related CVE(s): | CVE-2009-1150, CVE-2009-1151 | | Last Modified: | May 18 21:46:49 2009 | | MD5 Checksum: | 822f2c6a63fe620000ae85135af88f56 |
|
| /// File Name: | MDVSA-2009-114.txt | Description:
| Mandriva Linux Security Advisory 2009-114 - Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3537 | | Related CVE(s): | CVE-2009-1632 | | Last Modified: | May 18 21:45:57 2009 | | MD5 Checksum: | da736088313f0604f4e8400f81f30df2 |
|
| /// File Name: | MDVSA-2009-113.txt | Description:
| Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 18834 | | Related CVE(s): | CVE-2009-0688 | | Last Modified: | May 18 21:42:15 2009 | | MD5 Checksum: | 47ac7e3c6268fef5510d49b0d002c77c |
|
| /// File Name: | dgnews-sql.txt | Description:
| DGNews version 3.0 Beta suffers from a remote SQL injection vulnerability in berita.php. | | Author: | Cyber-Zone | | Homepage: | http://www.iq-ty.com/ | | File Size: | 480 | | Last Modified: | May 18 21:35:58 2009 | | MD5 Checksum: | 41ffeffd48af0d46e30b5497cbf74d10 |
|
| /// File Name: | infinities-sql.txt | Description:
| Infinities eCommerce Web Hosting and Shopping Cart Solution suffer from a remote SQL injection vulnerability. | | Author: | P47r1ck | | Homepage: | http://www.darkc0de.com/ | | File Size: | 2167 | | Last Modified: | May 18 21:32:07 2009 | | MD5 Checksum: | 75d7e965489262493bbed16d39517610 |
|
| /// File Name: | danaportal-change.txt | Description:
| Dana Portal remote administrative password changing exploit. | | Author: | Abysssec | | Homepage: | http://abysssec.com/ | | File Size: | 4863 | | Last Modified: | May 18 21:27:59 2009 | | MD5 Checksum: | a27c0e85a35fbb79c7c7721df0b2093d |
|
| /// File Name: | douran-updown.txt | Description:
| DOURAN Portal versions 3.9.0.23 and below suffer from file upload and download vulnerabilities. | | Author: | Abysssec | | Homepage: | http://abysssec.com/ | | File Size: | 3383 | | Last Modified: | May 18 21:26:03 2009 | | MD5 Checksum: | 839e479c8b09b3aef2415085d81e55a9 |
|
| /// File Name: | ProxyHarvest.txt | Description:
| Proxy Harvesting tool that uses google and evaluates the sites. | | Author: | low1z | | Homepage: | http://www.darkc0de.com/ | | File Size: | 9937 | | Last Modified: | May 18 21:00:15 2009 | | MD5 Checksum: | 41ea51a7d61f68c5ff44eaaa07ff9887 |
|
| /// File Name: | clanweb-passwd.txt | Description:
| ClanWeb version 1.4.2 remote password changing and add administrator exploit. | | Author: | ahmadbady | | File Size: | 1696 | | Last Modified: | May 18 21:14:53 2009 | | MD5 Checksum: | b3393850e2a69ac59452859d17bd6080 |
|
| /// File Name: | cpg1422-lfisql.txt | Description:
| Coppermine Photo Gallery versions 1.4.22 and below suffer from a local file inclusion and SQL injection vulnerabilities. | | Author: | __GiReX__ | | Homepage: | http://girex.altervista.org/ | | File Size: | 10836 | | Last Modified: | May 18 21:07:52 2009 | | MD5 Checksum: | 90cff7d61e18ee9e3a3c01a88d1d173a |
|
| /// File Name: | mandos_1.0.10.orig.tar.gz | Description:
| The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. | | Author: | Teddy | | Homepage: | http://www.fukt.bsnet.se/mandos | | Changes: | This is a security bugfix release. | | File Size: | 100459 | | Last Modified: | May 18 21:06:14 2009 | | MD5 Checksum: | 0cf5ff497d3d6c313513e7cb18c50a32 |
|
| /// File Name: | phpdirsubmit-sql.txt | Description:
| PHP Dir Submit suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Snakespc | | Homepage: | http://www.snakespc.com/sc | | File Size: | 1029 | | Last Modified: | May 18 21:02:02 2009 | | MD5 Checksum: | 8325565c4d883c73b762e311db2d674e |
|
| /// File Name: | lightopencms-sql.txt | Description:
| LightOpenCMS version 0.1 suffers from a remote SQL injection vulnerability. | | Author: | Mi4night | | File Size: | 616 | | Last Modified: | May 18 21:00:34 2009 | | MD5 Checksum: | f0839689f369152c97910e17572e3f27 |
|
| /// File Name: | md5db11.txt | Description:
| MD5 MySQL database brute forcing utility. Written in Python. | | Author: | low1z | | Homepage: | http://www.darkc0de.com/ | | File Size: | 6366 | | Last Modified: | May 18 20:58:14 2009 | | MD5 Checksum: | a0ad7059642f7bcafbe5d0f82d4b5648 |
|
| /// File Name: | darkTouch.txt | Description:
| darkTouch is a fuzzer that attempts to fingerprint the structure of a website.Written in Python. | | Author: | low1z | | Homepage: | http://www.darkc0de.com/ | | File Size: | 9578 | | Last Modified: | May 18 19:46:33 2009 | | MD5 Checksum: | ed91d40749f33cdf4e9ba1d9ea84793c |
|
| /// File Name: | flyspeck-change.txt | Description:
| Flyspeck CMS version 6.8 remote change administrator password exploit that also notes a local file inclusion vulnerability. | | Author: | ahmadbady | | File Size: | 1451 | | Last Modified: | May 18 20:28:56 2009 | | MD5 Checksum: | 5e9b12212e723ce86374a8cc0865d89c |
|
| /// File Name: | pluck462-lfi.txt | Description:
| Pluck version 3.6.2 suffers from a local file inclusion vulnerability. | | Author: | ahmadbady | | Related Exploit: | pluckcms-lfi.txt | | File Size: | 1061 | | Last Modified: | May 18 20:26:48 2009 | | MD5 Checksum: | 8d9bb7070c283490e6e9a05c634fdaa0 |
|
| /// File Name: | mereo-dos.txt | Description:
| Mereo version 1.8.0 remote denial of service exploit that leverages a GET request. | | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 687 | | Last Modified: | May 18 20:22:49 2009 | | MD5 Checksum: | e6c8d4a7c36190a5a12f038d89e9bffc |
|
| /// File Name: | zervit004-dos.txt | Description:
| Zervit Webserver version 0.04 remote buffer overflow proof of concept exploit that leverages a GET request. | | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 705 | | Last Modified: | May 18 20:19:14 2009 | | MD5 Checksum: | cc9e88ef55f96b16a1fee5b920a13577 |
|
| /// File Name: | onlinerent-sql.txt | Description:
| Online Rental Property Script version 5.0 and below suffer from a remote SQL injection vulnerability. | | Author: | UnderTaker HaCkEr | | File Size: | 1663 | | Last Modified: | May 18 20:17:20 2009 | | MD5 Checksum: | e9dbf08030234bb3e7c6d3b282375101 |
|
| /// File Name: | cve-2009-1378.c | Description:
| OpenSSL versions 0.9.8k and 1.0.0-beta2 DTLS remote memory exhaustion denial of service exploit. | | Author: | Jon Oberheide | | File Size: | 3218 | | Related CVE(s): | CVE-2009-1378 | | Last Modified: | May 18 20:15:21 2009 | | MD5 Checksum: | 455eeeeabcfe361fef23f6b0686933fa |
|
| /// File Name: | pc4uploader-sql.txt | Description:
| Pc4Uploader version 9.0 suffers from a remote blind SQL injection vulnerability. | | Author: | Qabandi | | File Size: | 3389 | | Last Modified: | May 18 20:14:12 2009 | | MD5 Checksum: | e8e25ff030d8df613dad6e25010abc60 |
|
| /// File Name: | phparticle-change.txt | Description:
| PHP Article Publisher remote change administrator password exploit. | | Author: | ahmadbady | | File Size: | 2009 | | Last Modified: | May 18 20:13:20 2009 | | MD5 Checksum: | b14c2cff188931d3c670482819c431f1 |
|
| /// File Name: | linuxbind-shellcode.txt | Description:
| 132 bytes of Linux x86-64 bindshell shellcode that binds to port 4444. | | Author: | xi4oyu | | File Size: | 1545 | | Last Modified: | May 18 20:11:02 2009 | | MD5 Checksum: | 5e6200bff431946eb360343fb93f194a |
|
| /// File Name: | httpdx-dos.txt | Description:
| httpdx versions 0.5b and below suffer from multiple remote denial of service vulnerabilities. | | Author: | sico2819 | | Homepage: | http://offensive-security.com/ | | File Size: | 1136 | | Last Modified: | May 18 20:03:54 2009 | | MD5 Checksum: | 027da9854bce639df26259d5501f5c00 |
|
| /// File Name: | httpdx-overflow.txt | Description:
| httpdx versions 0.5b and below USER related remote buffer overflow exploit. | | Author: | His0k4 | | File Size: | 2560 | | Last Modified: | May 18 20:02:48 2009 | | MD5 Checksum: | 43424c6405f0c2dbdde76f34f76ef1e0 |
|
| /// File Name: | 05.14.09-5.txt | Description:
| iDefense Security Advisory 05.14.09 - Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allow attackers to execute arbitrary code. Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken. | | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 6764 | | Related CVE(s): | CVE-2009-1009 | | Last Modified: | May 16 14:48:21 2009 | | MD5 Checksum: | 7404edb2a93993d499b176cc5254c4ab |
|
| /// File Name: | 05.14.09-4.txt | Description:
| iDefense Security Advisory 05.14.09 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists due to the lack of bounds checking when processing certain records within a Microsoft Excel spreadsheet. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit. By crafting an Excel spreadsheet file properly, it is possible to write beyond the bounds of the stack buffer. The resulting stack corruption leads to arbitrary code execution. | | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 6687 | | Related CVE(s): | CVE-2009-1009 | | Last Modified: | May 16 14:46:42 2009 | | MD5 Checksum: | 0434d4650043444db116551d83cd9288 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
