Section: .. / Last 50 Files /
| /// File Name: | USN-686-1.txt | Description:
| Ubuntu Security Notice USN-686-1 - Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain where AWStats was hosted. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 3971 | | Related CVE(s): | CVE-2008-3714 | | Last Modified: | Dec 3 21:50:35 2008 | | MD5 Checksum: | 75c145ec64f4430ab0be1e1967985fce |
|
| /// File Name: | USN-685-1.txt | Description:
| Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 22597 | | Related CVE(s): | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 | | Last Modified: | Dec 3 21:50:13 2008 | | MD5 Checksum: | 160150a1aec9ec4fbae385d4790925ed |
|
| /// File Name: | clamav0941-overflow.txt | Description:
| Stack overflow proof of concept exploit for ClamAV versions below 0.94.2 that relates to JPG file handling. | | Author: | Kristian Hermansen | | File Size: | 994 | | Last Modified: | Dec 3 21:48:07 2008 | | MD5 Checksum: | 59918e80ac659a0e378d6b403e18912a |
|
| /// File Name: | SSRT080141.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified in HP-UX. The vulnerability could be exploited locally to create a denial of service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 6021 | | Related CVE(s): | CVE-2008-4416 | | Last Modified: | Dec 3 21:46:54 2008 | | MD5 Checksum: | afacac6c6871fe4d9d07e866a0958539 |
|
| /// File Name: | cainabel-overflow.txt | Description:
| Cain and Abel version 4.9.23 RDP file buffer overflow exploit that adds an administrator user. | | Author: | Encrypt3d.M!nd | | File Size: | 2971 | | Last Modified: | Dec 3 21:45:38 2008 | | MD5 Checksum: | e43b6f151b55255022c69b51d53e3cec |
|
| /// File Name: | SVRT-06-08.txt | Description:
| mvnForum versions 1.2 GA and below suffer from a cross site scripting vulnerability and multiple cross site request forgery vulnerabilities. | | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 2827 | | Last Modified: | Dec 3 21:43:04 2008 | | MD5 Checksum: | 6cabe3f47c31245ee257594b7872eca0 |
|
| /// File Name: | radasm-hijack.txt | Description:
| RadAsm versions 2.2.1.4 and below WindowCallProcA pointer hijack exploit with calc.exe shellcode. | | Author: | DATA_SNIPER | | File Size: | 4815 | | Last Modified: | Dec 3 21:41:19 2008 | | MD5 Checksum: | a04887449d1781da46fdc4e3e3bcf59c |
|
| /// File Name: | joomlajmovies-sql.txt | Description:
| Joomla Jmovies component version 1.1 remote SQL injection exploit. | | Author: | StAkeR | | File Size: | 1455 | | Last Modified: | Dec 3 21:39:53 2008 | | MD5 Checksum: | 7e5beb358a1b6d65f2f8bb4027efb9f0 |
|
| /// File Name: | yappang-xss.txt | Description:
| yappa-ng suffers from a cross site scripting vulnerability. | | Author: | Pouya Server | | File Size: | 603 | | Last Modified: | Dec 3 21:38:21 2008 | | MD5 Checksum: | 754681a11ad41177cdc7028cd3a16e26 |
|
| /// File Name: | buzzywall-xss.txt | Description:
| BuzzyWall suffers from a cross site scripting vulnerability. | | Author: | Pouya Server | | File Size: | 525 | | Last Modified: | Dec 3 21:37:17 2008 | | MD5 Checksum: | aedefea7ba8abaa1001fa168c40640ca |
|
| /// File Name: | freekot-sql.txt | Description:
| FREEKOT suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Pouya Server | | File Size: | 571 | | Last Modified: | Dec 3 21:35:59 2008 | | MD5 Checksum: | 42a1a9482e05b861b8661c18b28e5890 |
|
| /// File Name: | revsense-sqlxss.txt | Description:
| RevSense version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | Pouya Server | | File Size: | 713 | | Last Modified: | Dec 3 21:34:24 2008 | | MD5 Checksum: | 397f01564b9170d347621c98c58e56e7 |
|
| /// File Name: | sailplanner-sqlxsslfi.txt | Description:
| SailPlanner suffers from cross site scripting, remote SQL injection, and local file inclusion vulnerabilities. | | Author: | Pouya Server | | File Size: | 725 | | Last Modified: | Dec 3 21:33:26 2008 | | MD5 Checksum: | 5a3c34a58dbd41ea2548606aabc73eef |
|
| /// File Name: | securedownload-xsscm.txt | Description:
| Secure Download version Alpha 0.2.1 suffers from cross site scripting and cookie manipulation vulnerabilities. | | Author: | Pouya Server | | File Size: | 689 | | Last Modified: | Dec 3 21:31:15 2008 | | MD5 Checksum: | 5438684e5be9427cb5d7574c897de4b3 |
|
| /// File Name: | raemedia-sql.txt | Description:
| Rae Media Contact MS suffers from a SQL injection vulnerability that allows for authentication bypass. | | Author: | b3hz4d | | Homepage: | http://www.deltahacking.net/ | | File Size: | 2271 | | Last Modified: | Dec 3 21:25:11 2008 | | MD5 Checksum: | 7fbde75effdee616bbadd2f2d5b053a4 |
|
| /// File Name: | proclan-fixation.txt | Description:
| Pro Clan Manager CMS version 0.4.2 suffers from a session fixation vulnerability. | | Author: | David "Aesthetico" Vieira-Kurz | | File Size: | 1970 | | Last Modified: | Dec 3 21:23:41 2008 | | MD5 Checksum: | 5fe0e3950f6e545a7b6746edd8f8beca |
|
| /// File Name: | checknew-sql.txt | Description:
| Check New version 4.52 remote SQL injection exploit that makes use of findoffice.php. | | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 3763 | | Last Modified: | Dec 3 21:22:42 2008 | | MD5 Checksum: | 35cd4306e6258d120a2723282399c07e |
|
| /// File Name: | dsa-1679-1.txt | Description:
| Debian Security Advisory 1679-1 - Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714). | | Homepage: | http://www.debian.org/security | | File Size: | 3108 | | Related CVE(s): | CVE-2008-3714 | | Last Modified: | Dec 3 21:22:02 2008 | | MD5 Checksum: | 754fa172693331bf0ec70b06ef5713de |
|
| /// File Name: | dsa-1678-1.txt | Description:
| Debian Security Advisory 1678-1 - Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. | | Homepage: | http://www.debian.org/security | | File Size: | 12189 | | Related CVE(s): | CVE-2008-5302, CVE-2008-5303 | | Last Modified: | Dec 3 21:21:25 2008 | | MD5 Checksum: | 30869675c4b089500534b927d04f58c0 |
|
| /// File Name: | aspuserengine-disclose.txt | Description:
| ASP User Engine .NET suffers from a remote database disclosure vulnerability. | | Author: | OffensiveTrack | | Homepage: | http://www.offensivetrack.org/ | | File Size: | 774 | | Last Modified: | Dec 3 21:20:33 2008 | | MD5 Checksum: | beb86616d262ac0c344fb4f1266a5ec4 |
|
| /// File Name: | codefixer-disclose.txt | Description:
| Codefixer MailingListPro suffers from a remote database disclosure vulnerability. | | Author: | OffensiveTrack | | Homepage: | http://www.offensivetrack.org/ | | File Size: | 898 | | Last Modified: | Dec 3 21:19:05 2008 | | MD5 Checksum: | fbb85965facf9767a059403bd6edd8a0 |
|
| /// File Name: | VMSA-2008-0019.txt | Description:
| VMware Security Advisory - VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2. | | Homepage: | http://www.vmware.com/ | | File Size: | 9300 | | Related CVE(s): | CVE-2008-4917, CVE-2008-1372 | | Last Modified: | Dec 3 21:17:21 2008 | | MD5 Checksum: | bf8b9cd53f0f974f1f3e6b17c7c1826b |
|
| /// File Name: | calendarmx-sql.txt | Description:
| Calendar MX Professional version 2.0.0 suffers from a blind SQL injection vulnerability in calendar_Eventupdate.asp. | | Author: | R3d-D3v!L | | Homepage: | http://www.ahacker.net/ | | File Size: | 1206 | | Last Modified: | Dec 3 21:15:13 2008 | | MD5 Checksum: | e1afb383436b4b8ea200660c49ae5dfc |
|
| /// File Name: | gallerymx-sql.txt | Description:
| Gallery MX version 2.0.0 suffers from a blind SQL injection vulnerability in pics_pre.asp. | | Author: | R3d-D3v!L | | Homepage: | http://www.ahacker.net/ | | File Size: | 1142 | | Last Modified: | Dec 3 21:13:51 2008 | | MD5 Checksum: | 74654e3e4613481dc6c82a3f17ae38ad |
|
| /// File Name: | USN-684-1.txt | Description:
| Ubuntu Security Notice USN-684-1 - Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7580 | | Last Modified: | Dec 2 20:25:09 2008 | | MD5 Checksum: | a5f773b5f80db981aa46e006a4efa56c |
|
| /// File Name: | binsh-shellcode.txt | Description:
| 39 bytes of Solaris/x86 shellcode that performs setuid(0), execve(/bin/sh); exit(0). NULL free. | | Author: | sm4x | | File Size: | 1037 | | Last Modified: | Dec 2 20:14:22 2008 | | MD5 Checksum: | 5b5c34ec04999bdaed22fee8ccfd02ab |
|
| /// File Name: | catshadow-shellcode.txt | Description:
| 59 bytes of Solaris/x86 shellcode that performs setuid(0), execve(/bin/cat, /etc/shadow), exit(0). | | Author: | sm4x | | File Size: | 1342 | | Last Modified: | Dec 2 20:13:00 2008 | | MD5 Checksum: | 43ac829213d2724175265c403f658d2e |
|
| /// File Name: | dsa-1677-1.txt | Description:
| Debian Security Advisory DSA 1677-1 - An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. | | Homepage: | http://www.debian.org/security | | File Size: | 17574 | | Related CVE(s): | CVE-2008-5286 | | Last Modified: | Dec 2 17:00:23 2008 | | MD5 Checksum: | 628566c9879081d980d24250a10d5438 |
|
| /// File Name: | z1exchange-sqlxss.txt | Description:
| z1exchange suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | Pouya Server | | File Size: | 622 | | Last Modified: | Dec 2 16:58:53 2008 | | MD5 Checksum: | 5b390745afcfa0684522b79dcc8767c7 |
|
| /// File Name: | cmsmaxsite-exec.txt | Description:
| CMS MAXSITE Guestbook component remote command execution exploit. | | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 4370 | | Last Modified: | Dec 2 16:57:21 2008 | | MD5 Checksum: | 857d5bb777915d414f761d3dc233247a |
|
| /// File Name: | ocean12ml-sqlxssdisclose.txt | Description:
| Ocean12 Mailing List Manager Gold suffers from a direct database download, remote SQL injection, and cross site scripting vulnerabilities. | | Author: | Pouya Server | | File Size: | 789 | | Last Modified: | Dec 2 16:56:11 2008 | | MD5 Checksum: | d9c88cc756b97b1101d9d10bdb9f2419 |
|
| /// File Name: | orkut-sqlxss.txt | Description:
| The Orkut Clone by i-netsolution suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | d3b4g | | File Size: | 829 | | Last Modified: | Dec 2 16:54:54 2008 | | MD5 Checksum: | 23280afa08297ab8d28e3faaeea9a26a |
|
| /// File Name: | rapid-disclose.txt | Description:
| Rapid Classified version 3.1 suffers from a remote database disclosure vulnerability. | | Author: | CoBRa_21 | | Homepage: | http://www.ipbul.org/ | | File Size: | 440 | | Last Modified: | Dec 2 16:52:07 2008 | | MD5 Checksum: | 650e59945cc139e5465a4c3450c4fc9c |
|
| /// File Name: | jbook-disclosesql.txt | Description:
| JBook suffers from a remote SQL injection vulnerability that allows for authentication bypass and also suffers from a direct database download. | | Author: | Pouya Server | | File Size: | 584 | | Last Modified: | Dec 2 16:50:49 2008 | | MD5 Checksum: | 513a95c3d30b6df14011a17c3db0a2b5 |
|
| /// File Name: | PLSA-2008-77.txt | Description:
| Pardus Linux Security Advisory 2008-77 - Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service).Versions below 0.4.9_20080909-48-16 are affected. | | Author: | Pardus Linux | | File Size: | 1389 | | Last Modified: | Dec 2 16:49:26 2008 | | MD5 Checksum: | d508983edcad9ea6b153a3aa8b1a2d83 |
|
| /// File Name: | sunbyte-sql.txt | Description:
| SunByte e-Flower suffers from a remote SQL injection vulnerability. | | Author: | w4rl0ck | | Homepage: | http://warlock.lblogger.org/ | | File Size: | 1241 | | Last Modified: | Dec 2 16:46:52 2008 | | MD5 Checksum: | 3675361f3ee42f0ef8fc812564aa04fc |
|
| /// File Name: | glsa-200812-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-05 - A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Versions less than 0.1.4 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2556 | | Related CVE(s): | CVE-2008-5008 | | Last Modified: | Dec 2 14:43:38 2008 | | MD5 Checksum: | 00b44c420510e7048d105180e9487573 |
|
| /// File Name: | glsa-200812-03.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-03 - IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Versions less than 0.7.1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2820 | | Related CVE(s): | CVE-2008-3651, CVE-2008-3652 | | Last Modified: | Dec 2 14:43:06 2008 | | MD5 Checksum: | c7fd15138337ac691f218c2ec559e538 |
|
| /// File Name: | glsa-200812-02.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-02 - Two buffer overflows in enscript might lead to the execution of arbitrary code. Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the setfilename command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the font escape sequence (CVE-2008-4306). Versions less than 1.6.4-r4 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2837 | | Related CVE(s): | CVE-2008-3863, CVE-2008-4306 | | Last Modified: | Dec 2 14:42:41 2008 | | MD5 Checksum: | 7798691cbc8349b986a232c8549f5553 |
|
| /// File Name: | glsa-200812-01.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-01 - A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. A buffer overflow in the BMP reader in OptiPNG has been reported. Versions less than 0.6.2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2541 | | Related CVE(s): | CVE-2008-5101 | | Last Modified: | Dec 2 14:42:24 2008 | | MD5 Checksum: | 8e4c29a8a9646253000c04ae38a94b2e |
|
| /// File Name: | USN-683-1.txt | Description:
| Ubuntu Security Notice USN-683-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10017 | | Related CVE(s): | CVE-2008-5187 | | Last Modified: | Dec 2 14:42:00 2008 | | MD5 Checksum: | 8d312ff3d894835bdc57219ce4ff40b7 |
|
| /// File Name: | dsa-1676-1.txt | Description:
| Debian Security Advisory 1676-1 - Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. | | Homepage: | http://www.debian.org/security | | File Size: | 2971 | | Related CVE(s): | CVE-2008-5141 | | Last Modified: | Dec 2 14:40:45 2008 | | MD5 Checksum: | 912bd5e15a194ab77ca1edf498845d79 |
|
| /// File Name: | pacpoll-disclose.txt | Description:
| PacPoll version 4.0 suffers from a remote database disclosure vulnerability. | | Author: | OffensiveTrack | | Homepage: | http://www.offensivetrack.org/ | | File Size: | 894 | | Last Modified: | Dec 1 17:51:02 2008 | | MD5 Checksum: | d99a14ceeaa24e01d9ce9805c3832314 |
|
| /// File Name: | USN-682-1.txt | Description:
| Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 12589 | | Related CVE(s): | CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 | | Last Modified: | Dec 1 17:50:02 2008 | | MD5 Checksum: | 1560ab2afeeb34aeff6acc170b7a1d4a |
|
| /// File Name: | USN-681-1.txt | Description:
| Ubuntu Security Notice USN-681-1 - It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11655 | | Related CVE(s): | CVE-2008-1096 | | Last Modified: | Dec 1 17:49:27 2008 | | MD5 Checksum: | ab83603b48fb33d8beb11a1c24b415c3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
