what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 60 RSS Feed

Files Date: 2008-12-04

Mandriva Linux Security Advisory 2008-237
Posted Dec 4, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-237 - A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. This update also provides HTTP/1.1 compliance fixes. The updated packages have been patched to prevent this issue.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2008-2364
SHA-256 | c7a3ce4c7ea18585321395dda89073129fb20d6547f928b4893616651c4d0562
iDEFENSE Security Advisory 2008-12-02.3
Posted Dec 4, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 12.02.08 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when reading the Pack200 compressed Jar file during decompression. In order to calculate the size of a heap buffer, the code multiplies and adds several integers. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows and Linux. According to Sun, Pack200 was first introduced in JRE 1.5.0. The latest version of JRE 1.5, 1.5.0_15, does contain the vulnerable code, but the browser plugin does not handle Pack200 encoding. As such, exploitation through the browser does not appear to be possible with JRE 1.5.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, windows
SHA-256 | dab9693cbfab156b58ccd573d6ed1ca78b9c9f6523942ff72a05ea968306ee0a
iDEFENSE Security Advisory 2008-12-02.2
Posted Dec 4, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 12.02.08 - Remote exploitation of a memory corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with the privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for an attacker to pass an arbitrary GIF file to the splash logo parsing code. The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_10 and 1.6_07 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, arbitrary
systems | linux, windows
SHA-256 | 790c9e0a41b95f39a04f9482a6b4f788552c5cbb8b7c9ddd89a814700672e139
iDEFENSE Security Advisory 2008-12-02.1
Posted Dec 4, 2008
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 12.02.08 - Remote exploitation of a heap overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when processing TrueType font files. During parsing, improper bounds checking is performed, which can lead to a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows. Previous versions and versions for other platforms may also be affected.

tags | advisory, java, remote, overflow, arbitrary
systems | windows
SHA-256 | c281806ed9fa3e749351d077f4638d4f3bb9c48e4b82e1c2431bf89b0c70d7e6
asptemplate-sqldisclose.txt
Posted Dec 4, 2008
Authored by ZoRLu

ASP Template Creature suffers from remote SQL injection and database disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, asp, info disclosure
SHA-256 | 0e6919ac30044b840b3cb63a635ba6ca0d5bcb6a988b9f53ce60b25eb0ede00c
userenginelite-disclose.txt
Posted Dec 4, 2008
Authored by OffensiveTrack | Site offensivetrack.org

User Engine Lite ASP suffers from a remote database disclosure vulnerability.

tags | exploit, remote, asp, info disclosure
SHA-256 | acab9128389de8554c3ec4167bb07846fa23b67745fa6fe9fdd937b9871080fb
Debian Linux Security Advisory 1681-1
Posted Dec 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1681-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2008-3528, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618
SHA-256 | 95e39d29e0477fef6b59e2180db3d8fbec76a96d664655da3d4549872abc8a11
joomlamydyn-sql.txt
Posted Dec 4, 2008
Authored by IRCRASH | Site ircrash.com

The Joomla mydyngallery component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fd74b4bb9711d2dceb88c1d1c6a47fd70cb10747bfeb965241a698d6897f5e7a
Digital Defense VRT Advisory 2008.18
Posted Dec 4, 2008
Authored by Digital Defense, Steven James, r@b13$ | Site digitaldefense.net

Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users.

tags | advisory, web, denial of service
SHA-256 | 31f64a68d3792091f476fbaddac0f45076e43a3bc3437502076738705202fa0b
wbstreet-sqldisclose.txt
Posted Dec 4, 2008
Authored by CWH Underground | Site citecclub.org

Wbstreet version 1.0 suffers from remote SQL injection and database disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | a45ecc7020ec66f7fa6cc694997a071a754e5fdb33e76cb6330f1e53f42e530f
Debian Linux Security Advisory 1680-1
Posted Dec 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1680-1 - Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050).

tags | advisory, overflow, arbitrary, code execution, virus
systems | linux, debian
advisories | CVE-2008-5050, CVE-2008-5314
SHA-256 | 5fef039bd5fe94fc3f5cd4e925d326a2dc6daffed4198f3b8139a06c7c0806ba
SE-2008-06.txt
Posted Dec 4, 2008
Authored by Stefan Esser | Site sektioneins.de

PHP versions 5.2.6 and below suffer from a directory traversal vulnerability in ZipArchive::extractTo().

tags | exploit, php
SHA-256 | eef814d8f1daf79eb48fd58c0722cd5768082f124ee55a347e0683274424e5eb
cctiddly-rfi.txt
Posted Dec 4, 2008
Authored by cOndemned | Site condemned.r00t.la

ccTiddly version 1.7.4 suffers from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 647f1009146697b1b355eb47a299f491cd35ae1f7166be6f63ebc78d8c59fa91
Mandriva Linux Security Advisory 2008-236
Posted Dec 4, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-236 - vim suffers from input sanitization, format string, and arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2008-2712, CVE-2008-2953, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, CVE-2008-4101, CVE-2008-4677
SHA-256 | 165be09831b0a0e46b603c97fb0f80a49e7ef578c6376bb2360d775b3340c334
multiseo-rfi.txt
Posted Dec 4, 2008
Authored by NoGe

Multi SEO phpBB version 1.1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | dc3131d8d76bdfe983d66f4cf287d6d80c66fdaf0c07ca790fcdf2d9b11cdce0
JWS-props.txt
Posted Dec 4, 2008
Authored by Timothy D. Morgan | Site vsecurity.com

VSR identified a vulnerability in Java Web Start related to the execution of privileged applications. This flaw could allow an attacker to execute arbitrary code on a victim system if a user could be convinced to visit a malicious web site.

tags | advisory, java, web, arbitrary
advisories | CVE-2008-2086
SHA-256 | 8ca3bf4453e1d97e1df8cb1777248b40098c96ebee21fac715d1bd6643e51396
Secunia Security Advisory 32985
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ImpressCMS, which can be exploited by malicious people to conduct session fixation attacks.

tags | advisory
SHA-256 | f49585a2c6c0366d63244e10588bb987b498eb0bcbb0938d423e4fcd9d03260b
Secunia Security Advisory 32986
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - NoGe has discovered a vulnerability in Multi SEO phpBB, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | ed3b510a087529956c036067f5f2916891a146949feedabf2fc36052fc3a8d2a
Secunia Security Advisory 32979
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 39b6e66edcacbd87e8db2120424935ebfd18531d2c52a381c221d73421c1c684
Secunia Security Advisory 32977
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a weakness in IBM HMC, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 94353db257679a135b986ae3eafcadab44594b94283fede57308da6d563a147b
Secunia Security Advisory 32964
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, php
SHA-256 | 8f311061792305c52846374b8b83af943e86b6f0a29009ccdf7568d53893cd39
Secunia Security Advisory 32933
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | 8cf46091e43f4d48b2311e8b3155f460fb8f89f74a1e4ec7d3007134572af87e
Secunia Security Advisory 32980
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local, perl, vulnerability
systems | linux, debian
SHA-256 | e2c21f8e512e73b84872a6040a4aadad256db82bba3853ae86ba9d440bd3db83
Secunia Security Advisory 32976
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - R3d D3v!L has reported a vulnerability in Gallery MX, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 0555c1c1393ddfdd08275de14b5256d9a223e47b58cb0b51874719a9686a2899
Secunia Security Advisory 32996
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Pouya_Server has reported a vulnerability in W3matter RevSense, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 690cd8475683045e77e0192179da7f9c80d73d820469217333bd9784d32f7cb0
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close