PunBB Extension Attachment versions 1.0.2 and below remote SQL injection exploit.
b7c237448c8b803bb5bbc27f2eefe2060171440d5d65de2508d18f0735c24d85Mandriva Linux Security Advisory 2009-293 - Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities.
739b835d96c30bcffa913c64349d4b16321822040ca8acb6f0e82a29ca742ce8Mandriva Linux Security Advisory 2009-292 - Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file. The wireshark package has been updated to fix these vulnerabilities.
e0edf17f818ff70e0e8c8d9c50b96df80e90d9cb2f2ea708bc3ab4dbdc5e8fe5Xion Audio Player version 1.0 build 121 local buffer overflow exploit.
9fe8f6658b4b6b8a229b0f92ef86e601a9421567effd4ad2b338d0beed4c076bZero Day Initiative Advisory 09-075 - This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to port 389/TCP for handling LDAP requests. When the service processes a search request with an undefined BaseDN, it will become unresponsive resulting in an inability to query or authenticate to that server.
57153f026696d18067c3cb651c937e1389d2fa3ef961008254ff7ca0840f7504QuahogCon is a new regional conference for the hacker culture in all forms. Hardware, Software, Security, Social, Eco Hacking, Zero Impact Living. Like most hacker cons, it will run Friday to Sunday. It will be held from April 23rd through the 25th, 2010 at Hotel Providence in Providence, Rhode Island.
98263cceccad8fe336529eed5a51b81472a12933e8248fdffdba360970406eefSecunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system.
e78f944fbaf144e3dca6e2669b263153ce633873f43a396b76fcfced452b97edSecunia Security Advisory - A vulnerability has been reported in Documentum eRoom, which can be exploited by malicious people to compromise a vulnerable system.
fd49048657faa19212b5f85da3e7a86bc80c38545533c903abb04deb0e45a893kmotion is a Web based video surveillance front end to the "motion" program.
2554bcffa0dba61b497fa7af02110cd18de984c1502ceb362c4265e193d23e28dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
303b1f5e9a3f6d4e4a2dc0c2be86ade9e859fe5050f268725ed11ecbd17e261dGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
b5b1e4d5cc7f188f06ffae425b33102c9461e28b698cf121ce6edc4854372d48Ubuntu Security Notice 850-3 - USN-850-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for Ubuntu 9.10. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
63c3ccfbae71b61e42605e0cd81a7cff6e1cf05926b86d413a70fe812affcec3Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. Firmware Routines on the card ensure that the attack is identified right down to host/port with zero load on the PCI bus. This is the pre-port to FPGA beta version written in "c" with PCAP and BPF.
b67e244ec592a0c5a1242966f36937d8dfd7d5e17d6725951479d2a05fc108b9This Metasploit module exploits a stack overflow in Symantec ConsoleUtilities. By sending an overly long string to the "BrowseAndSaveFile()" method located in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to execute arbitrary code.
7c2677559b384201501422a3ddf86666515f1b169805b0d9200c4c0e134447b3The Symantec ConsoleUtilities Active-X control suffers from a buffer overflow vulnerability.
5f09948f29db082ce2353ab83f2d2593b1645423033ffb0e75a67bbc53c8101fACROS Security Problem Report #2009-10-30-1 - There is an HTML Injection vulnerability in the WebLogic server version 10.3 administration console that allows the attacker to gain administrative access to the server.
afb874f67261c2f5e3869658a0249ee9cea2ebb6a0e437486664f71a9744d1c9Whois Server version 2.0 suffers from a cross site scripting vulnerability.
9e6ef5321120293c1597396313fe2aed40c38728e59ce37d6349ece7f9a2d08fRhinosoft.com Serv-U web client version 9.0.0.5 suffers from a remote buffer overflow vulnerability. Proof of concept code included.
c8498ca90838fe61c74043cbaf8479e8f9e2c3db44ef86f7f5686195db8f4055Remote code execution exploit for Joomla 1.5.12 using a file upload vulnerability in TinyMCE.
18c8fa558ef85b78307bb24e45108f134150fed7e68dfca7c1a3ac7859e32926strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
cc502afbcbc3cebc94c18855db4e5f7718b08646de52b97e6f973d99467392d0MapSweeper version 1.0 ping sweeping script.
78c58f4e6a6537b3dfef8851eccfd453b7b677c8f62d6b7760cde32ccbb49583Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
dc734ad1f8bdce30d7604c3eb4176dbaf92cf0e5c54d3ea12ec6cd3128e402actinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
add18b68710a08dd1d209f177154f9d8c7614031050abf16139dd9c3fc56be84This archive contains all of the 209 exploits added to Packet Storm in October, 2009.
5697ab5dcc7ffeecbcba58d5b84254e484f579a3d6f2dfed3d07259c461ae668This is a back-connect script written for NetBSD and was made as a result of playing with /dev/tcp.
b1e1f945ff91749198f69e35483773726b0afeb19cd8fbdb424ce3d6698f1376
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed