what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2009-10-15

Ubuntu Security Notice 849-1
Posted Oct 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 849-1 - Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a user or automated system processed a crafted VOC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Erik de Castro Lopo discovered a similar heap-based buffer overflow when processing AIFF files. If a user or automated system processed a crafted AIFF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1788, CVE-2009-1791
SHA-256 | 79c4365c987c4d606975c35ed877397db5a44a7d007e2e8b85e9ab1a670891bf
Spider Solitaire Local Crash
Posted Oct 15, 2009
Authored by SirGod

Spider Solitaire local crash proof of concept exploit for Windows XP SP2.

tags | exploit, local, proof of concept
systems | windows
SHA-256 | 39456be0748817e71f86b0bfe87df870a909b478cf76b80d9b9afc5f2a7098e8
Mandriva Linux Security Advisory 2009-279
Posted Oct 15, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-279 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. This update fixes this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-2942
SHA-256 | 2b62a55e24b7aa26c401cd16cb4872b8b758d488485ade3ea6a720c8f6d15442
Snitz Forums 2000 3.4.07 Cross Site Scripting
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fbe830d076100f57e540a54da49f464fced24007b9a5d42ebb17e035b7cbfe6b
Millenium MP3 Studio 2.0 Stack Overflow
Posted Oct 15, 2009
Authored by dellnull

Millenium MP3 Studio version 2.0 local stack overflow universal exploit that creates a malicious .m3u file.

tags | exploit, overflow, local
SHA-256 | 9cdb533043a4cefd15514421c32add6846459f97d10abe6dc40cc0c0100a7264
Mongoose Web Server 2.8.0 Source Disclosure
Posted Oct 15, 2009
Authored by Dr_IDE

Mongoose Web Server versions 2.8.0 and below suffer from a remote source disclosure vulnerability.

tags | exploit, remote, web, info disclosure
SHA-256 | abaf4a5c974c4287f018e8c66823ccd3d87043abdb1d88ed986b9cb2fd2ac270
Eclipse BIRT 2.2.1 Cross Site Scripting
Posted Oct 15, 2009
Authored by euronymous

Eclipse BIRT versions 2.2.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 76aaa9ef642b127b8f3769f2e8f89c652d6655bb52ea7728108117500596d207
Pentaho 1.7.0.1062 XSS / Disclosure
Posted Oct 15, 2009
Authored by euronymous

Pentaho version 1.7.0.1062 and below suffer from cross site scripting and disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 49597cb26cd53ef0182ae67b4e95514579433cf0c35d17be9d1532ca908e5593
iDEFENSE Security Advisory 2009-10-13.4
Posted Oct 15, 2009
Authored by iDefense Labs, Marsu | Site idefense.com

iDefense Security Advisory 10.13.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer. iDefense has confirmed the existence of this vulnerability in Office XP SP3.

tags | advisory, remote, arbitrary
advisories | CVE-2009-2528
SHA-256 | 46af8ea0d27e803521a04613c0afa93c64815bbde88e5c32277735b5dbec88c0
iDEFENSE Security Advisory 2009-10-13.3
Posted Oct 15, 2009
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 10.13.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Windows GDI+ could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing a malformed TIFF file. By supplying incorrect values in a BitsPerSample tag, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Windows XP Service Pack 2. Please see the Microsoft bulletin for additional details on affected software.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-2502
SHA-256 | cf6057235dc06deabb97059dcda36a22488060fd8671a6c4fbe352badb98d851
Debian Linux Security Advisory 1911-1
Posted Oct 15, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1911-1 - It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string(), which takes the database connection as a first argument. The old function escape_string() has been preserved as well for backwards compatibility.

tags | advisory, python
systems | linux, debian
advisories | CVE-2009-2940
SHA-256 | 7172bcdaaf63fe0d62e1d2bc48815208e542c66a12e260a70767490b814d8ce0
Debian Linux Security Advisory 1910-1
Posted Oct 15, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1910-1 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2942
SHA-256 | c5ca7235cabdedc4c8be457ce3d37c7fdff2134e1f51a6791415879047c3e383
Debian Linux Security Advisory 1909-1
Posted Oct 15, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1909-1 - It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2943
SHA-256 | ce02c757e270106dcad9d45d562406b0f3343ee90986be350d3ee9a9dde985cc
MSIE Content-Encoding: Deflate Memory Corruption
Posted Oct 15, 2009
Authored by SkyLined

Microsoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability.

tags | exploit
advisories | CVE-2009-1547
SHA-256 | 80fa117d24dc8845f2994b4d1e1342b08f6ff97d25b492bb4f924064b92e3e2c
Adobe Objects Memory Corruption
Posted Oct 15, 2009
Authored by SkyLined

Various reproduction code that demonstrates memory corruption when loading/unloading Adobe objects through an EMBED tag in Firefox.

tags | exploit
advisories | CVE-2009-2983
SHA-256 | cbfab4ccb60d417d49251f98b1b677a08ea4a6fa400b4d5b3cd721ce1aeb2be8
Secunia Security Advisory 37023
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | e29623c42b0de4fddfe9bda1a162280d86f1336c945044040b23dc048143f733
Secunia Security Advisory 37034
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | 65d4e2ac3a9df4fd133b4055eb7766ffd15786c10db55d028990c74d1a3f8e21
Secunia Security Advisory 37047
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mysql-ocaml. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
systems | linux, debian
SHA-256 | e8604de15f25aef4c7c8550f0208397c1e6a20c26a71ee00a75435f89fa099ed
Secunia Security Advisory 37048
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for postgresql-ocaml. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
systems | linux, debian
SHA-256 | 6d221fc5399adacf5927be4e1c19bbd7ec0da7613c8167165454fdd82736df45
Secunia Security Advisory 37046
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for pygresql. This fixes a weakness, which can potentially cause SQL injection vulnerabilities

tags | advisory, vulnerability, sql injection
systems | linux, debian
SHA-256 | c439bb8868cbba9f77122f165f4e59322b64739219753f80774076f4f165fba2
Secunia Security Advisory 37060
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Organic Groups Vocabulary module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 155fb02724a2bdc44227bab5c4fd9ac880ab12882d5032c9b27136d2e92dfe3c
Secunia Security Advisory 37021
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Webform module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
SHA-256 | ab4e8ae47de505068ed8928d4c7b18798b5a5ae0668df81f4f31235f3172ec98
Secunia Security Advisory 37020
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in bloofoxCMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | b7e7fa24637be2827913c999815279cf65004a74206e9140a35751c283caa492
Secunia Security Advisory 37058
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the RealName module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 5a5bd45dd6be7ffb4f2e60421801b1e4496a16dba7335d742cff70667089b98c
Secunia Security Advisory 37014
Posted Oct 15, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Dr_IDE has discovered a vulnerability in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 3a83ac14cc7924e214482a5efa4057c8ff39695e5677091ea8b0d0a2fa752644
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close