Section: .. / Last 100 Files /
| /// File Name: | FreeBSD-SA-09-02.openssl.txt | Description:
| FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys. | | Homepage: | http://security.freebsd.org/ | | File Size: | 9519 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 17:43:21 2009 | | MD5 Checksum: | 2328586310ef4612f8f258d3c8e4f921 |
|
| /// File Name: | USN-704-1.txt | Description:
| Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19482 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 17:42:50 2009 | | MD5 Checksum: | 077790a3f249b28578aa11ebed3c7d63 |
|
| /// File Name: | CA20090107-01.txt | Description:
| CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1. | | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4398 | | Related CVE(s): | CVE-2009-0043 | | Last Modified: | Jan 7 17:39:25 2009 | | MD5 Checksum: | 29eac4fb82df696ee49b0366799f009d |
|
| /// File Name: | dsa-1697-1.txt | Description:
| Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. | | Homepage: | http://www.debian.org/security | | File Size: | 23670 | | Related CVE(s): | CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 7 17:38:42 2009 | | MD5 Checksum: | ea76c5b29f1d0319d27fce26bab370e7 |
|
| /// File Name: | dsa-1696-1.txt | Description:
| Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. | | Homepage: | http://www.debian.org/security | | File Size: | 21741 | | Related CVE(s): | CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 7 17:37:26 2009 | | MD5 Checksum: | 210d8ff45d55800a263974339b0aa0df |
|
| /// File Name: | quotebook-disclose.txt | Description:
| QuoteBook suffers from a remote configuration file disclosure vulnerability. | | Author: | Moudi | | File Size: | 1632 | | Last Modified: | Jan 7 17:36:13 2009 | | MD5 Checksum: | 334416236b2d1646866c721e1217db07 |
|
| /// File Name: | cts2009-cfp.txt | Description:
| Call For Papers for the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009). It will be held from May 18th through May 22nd, 2009 at the Westin Baltimore Washington International Airport Hotel. | | Homepage: | http://cisedu.us/cis/cts/09/main/callForPapers.jsp | | File Size: | 8604 | | Last Modified: | Jan 7 15:26:35 2009 | | MD5 Checksum: | 0c4e7f9a7eb7cef5b9bdcebe31b1a2f1 |
|
| /// File Name: | cisco-sa-20090107-gss.txt | Description:
| Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. | | Homepage: | http://www.cisco.com/ | | File Size: | 13432 | | Related CVE(s): | CVE-2008-3819 | | Last Modified: | Jan 7 15:24:21 2009 | | MD5 Checksum: | 111832b44a96a01d091ace59ff081afd |
|
| /// File Name: | secadv_20090107.txt | Description:
| Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation. | | Homepage: | http://www.openssl.org/ | | Related File: | oCERT-2008-016.txt | | File Size: | 7906 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 15:21:31 2009 | | MD5 Checksum: | 5ff1f702db3b6ad0f391aaa8dc65fdbb |
|
| /// File Name: | oCERT-2008-016.txt | Description:
| Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation. | | Author: | Will Drewry | | Homepage: | http://www.ocert.org/ | | File Size: | 3545 | | Related CVE(s): | CVE-2008-5077, CVE-2008-0021, CVE-2008-0025 | | Last Modified: | Jan 7 15:17:20 2009 | | MD5 Checksum: | be0e81721da50c8f104a4d26e99d8d02 |
|
| /// File Name: | msienull-dos.txt | Description:
| A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta. | | Author: | SkyLined | | File Size: | 330 | | Last Modified: | Jan 7 15:10:42 2009 | | MD5 Checksum: | f739f49d13fa6d3d74c4fc6650a3ff73 |
|
| /// File Name: | winamp-overflow.txt | Description:
| WinAmp GEN_MSN plugin heap buffer overflow proof of concept exploit that creates a malicious .pls file. | | Author: | SkD | | File Size: | 1755 | | Last Modified: | Jan 7 15:07:57 2009 | | MD5 Checksum: | 5824fe2861b742b0866cae3c6aee3970 |
|
| /// File Name: | secunia-sapgui.txt | Description:
| Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4916 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 15:02:45 2009 | | MD5 Checksum: | f6d854e9387019c1663440299fd11826 |
|
| /// File Name: | secunia-tsc2.txt | Description:
| Secunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4185 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 15:01:12 2009 | | MD5 Checksum: | 8e5f09145f01b0c4f776688b090702fa |
|
| /// File Name: | secunia-componentone.txt | Description:
| Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 5118 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 14:59:14 2009 | | MD5 Checksum: | 8ad3f227012766eb7fe25b07b3b6a9ec |
|
| /// File Name: | phpfusionecart-sql.txt | Description:
| The PHP-Fusion E-Cart module suffers from a remote SQL injection vulnerability. | | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 2149 | | Last Modified: | Jan 7 14:57:15 2009 | | MD5 Checksum: | 10b75350d8ccf4d47ec487d656641dff |
|
| /// File Name: | audacity162-crash.txt | Description:
| Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file. | | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 2284 | | Last Modified: | Jan 7 14:54:39 2009 | | MD5 Checksum: | e4e644f47dbb544d96d84f420806f0c2 |
|
| /// File Name: | perceptionliteserve-overflow.txt | Description:
| Perception LiteServe version 2.0.1 remote buffer overflow proof of concept exploit. | | Author: | H-T Team | | Homepage: | http://no-hack.fr/ | | File Size: | 995 | | Last Modified: | Jan 7 14:39:51 2009 | | MD5 Checksum: | e7c676fe749e9e01fdca731255cba651 |
|
| /// File Name: | phpfusionmembers-sql.txt | Description:
| The PHP-Fusion module Members Bewerb suffers from a remote SQL injection vulnerability. | | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 2140 | | Last Modified: | Jan 7 14:38:10 2009 | | MD5 Checksum: | dd24bca015dab33e17bdf41a15c4de28 |
|
| /// File Name: | secunia-hpopenview.txt | Description:
| Secunia Research has discovered vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. HP OpenView Network Node Manager 7.51 with NNM_01168 is affected. | | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 6405 | | Related CVE(s): | CVE-2008-0067 | | Last Modified: | Jan 7 14:23:56 2009 | | MD5 Checksum: | 9c680d6e547825ea20cdc34d517ebe8b |
|
| /// File Name: | vuplayer249-overflow.txt | Description:
| VUPlayer versions 2.49 .PLS file universal buffer overflow exploit that spawns calc.exe. | | Author: | SkD | | File Size: | 3137 | | Last Modified: | Jan 7 14:20:29 2009 | | MD5 Checksum: | 5d1718187c57260695e6c64f36af49f1 |
|
| /// File Name: | joomla-traversal.txt | Description:
| Joomla versions 1.5.8 and below local directory traversal exploit. | | Author: | irk4z | | File Size: | 1977 | | Last Modified: | Jan 7 03:54:53 2009 | | MD5 Checksum: | e16d90f9e4705bee3f949a6d68642dd5 |
|
| /// File Name: | cainabel4925-overflow.txt | Description:
| Cain and Abel version 4.9.25 that outputs a file that must be imported as a configuration file under Cracker -> Cisco IOS-MD5 Hashes. Spawns calc.exe. | | Author: | send9 | | File Size: | 2286 | | Last Modified: | Jan 7 03:49:37 2009 | | MD5 Checksum: | 383b9f74c5e7aa6b75be200bbc5f5232 |
|
| /// File Name: | pollhelper-disclose.txt | Description:
| PollHelper suffers from a remote configuration file disclosure vulnerability. | | Author: | ahmadbady | | File Size: | 722 | | Last Modified: | Jan 7 03:48:04 2009 | | MD5 Checksum: | f798eda099d92c6ac35b3265525b87a6 |
|
| /// File Name: | bloghelper-disclose.txt | Description:
| BlogHelper suffers from a remote configuration file disclosure vulnerability. | | Author: | ahmadbady | | File Size: | 736 | | Last Modified: | Jan 7 03:45:46 2009 | | MD5 Checksum: | 763c6088d5e5177d9ff9318009738828 |
|
| /// File Name: | dsa-1694-2.txt | Description:
| Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences. | | Homepage: | http://www.debian.org/security | | File Size: | 4950 | | Related CVE(s): | CVE-2008-2383 | | Last Modified: | Jan 6 20:59:43 2009 | | MD5 Checksum: | 63fc5c0e5f6a119a647f787b6a6b68e9 |
|
| /// File Name: | debianxterm-weakness.txt | Description:
| Debian GNU/Linux suffers from a XTERM DECRQSS weakness that allows for remote code execution as the user id viewing the content. | | Author: | Rembrandt | | File Size: | 710 | | Last Modified: | Jan 6 20:45:29 2009 | | MD5 Checksum: | 18b82dbdc3db815481360e1c0dc9cc30 |
|
| /// File Name: | USN-701-2.txt | Description:
| Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6686 | | Related CVE(s): | CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 6 20:54:59 2009 | | MD5 Checksum: | 8ee27bf646d62f2d7d36ea846501908d |
|
| /// File Name: | USN-701-1.txt | Description:
| Ubuntu Security Notice USN-701-1 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14473 | | Related CVE(s): | CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 6 20:51:28 2009 | | MD5 Checksum: | b633c149416e4d009e56252ffe61c45f |
|
| /// File Name: | ip-array_0.05.74c.tar.gz | Description:
| IP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP. | | Author: | AllKind | | Homepage: | http://sourceforge.net/projects/ip-array/ | | Changes: | Three important bug fixes and one minor bug fix. | | File Size: | 92933 | | Last Modified: | Jan 6 20:47:26 2009 | | MD5 Checksum: | ee4fc91d7d50983fa0a1a6c5a3d6e1bb |
|
| /// File Name: | mandos_1.0.3.orig.tar.gz | Description:
| The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. | | Author: | Teddy | | Homepage: | http://www.fukt.bsnet.se/mandos | | Changes: | Now tries to change to user and group "_mandos" before falling back to trying the old values "mandos", "nobody:nogroup", and "65534". Does not abort on startup even if no clients are defined in clients.conf. Other improvements and changes. | | File Size: | 93549 | | Last Modified: | Jan 6 20:42:36 2009 | | MD5 Checksum: | 4f0d7b541e6908ca87944a612866cdec |
|
| /// File Name: | playsms093-rfilfi.txt | Description:
| playSMS version 0.9.3 suffers from multiple remote and local file inclusion vulnerabilities. | | Author: | ahmadbady | | File Size: | 1691 | | Last Modified: | Jan 6 20:39:46 2009 | | MD5 Checksum: | d4f70a8f8b1f3d127d45ee803c4a2f08 |
|
| /// File Name: | oracleworkspace-sql.txt | Description:
| Oracle 10g SYS.LT.REMOVEWORKSPACE SQL injection exploit that grants DBA access and creates a new user using the advanced extproc method. | | Author: | Sh2kerr | | Homepage: | http://www.dsec.ru/ | | Related File: | shatter-workspace.txt | | File Size: | 2741 | | Last Modified: | Jan 6 20:10:25 2009 | | MD5 Checksum: | c44444b2a06cfdea1e6d397b435521df |
|
| /// File Name: | seamonkey1114-dos.txt | Description:
| SeaMonkey versions 1.1.14 and below denial of service exploit that leverages a vulnerability found in September of 2008 for version 1.1.11. | | Author: | StAkeR | | Related Exploit: | seamonkey-dos.txt | | File Size: | 986 | | Last Modified: | Jan 6 20:03:50 2009 | | MD5 Checksum: | f10574d061f23f00fb0f136468fd549c |
|
| /// File Name: | itcms-sql.txt | Description:
| IT!CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | certaindeath | | File Size: | 824 | | Last Modified: | Jan 6 20:01:57 2009 | | MD5 Checksum: | b17e9705f8f9d405a7ad46aafc311456 |
|
| /// File Name: | ezpack-sqlxss.txt | Description:
| ezPack version 4.2b2 suffers from cross site scripting and SQL injection vulnerabilities. | | Author: | !-BUGJACK-! | | Homepage: | http://www.it-dark.com/ | | File Size: | 1265 | | Last Modified: | Jan 6 20:00:34 2009 | | MD5 Checksum: | c48b8add89a1d951beb8d6f8e31074d4 |
|
| /// File Name: | vuplayer-dos.txt | Description:
| VUPlayer version 2.49 local denial of service proof of concept exploit that creates a malicious file. | | Author: | AlpHaNiX | | File Size: | 734 | | Last Modified: | Jan 6 19:56:52 2009 | | MD5 Checksum: | e5b35ddc35541c682132bd87cadf7055 |
|
| /// File Name: | rosoft421-overflow.txt | Description:
| Rosoft Media Player version 4.2.1 local buffer overflow exploit that spawns calc.exe. | | Author: | Encrypt3d.M!nd | | Related Exploit: | rosoft-overflow.txt | | File Size: | 1589 | | Last Modified: | Jan 6 19:51:50 2009 | | MD5 Checksum: | a3adb2a184d1c44a31025a39efc92957 |
|
| /// File Name: | riotpix-bypass.txt | Description:
| RiotPix versions 0.61 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | ZoRLu | | File Size: | 840 | | Last Modified: | Jan 6 19:50:34 2009 | | MD5 Checksum: | feed4166fb24c9c7b766c16637584d10 |
|
| /// File Name: | riotpix-sql.txt | Description:
| RiotPix versions 0.61 and below blind remote SQL injection exploit. | | Author: | cOndemned | | Homepage: | http://condemned.r00t.la/ | | File Size: | 1548 | | Last Modified: | Jan 6 19:49:10 2009 | | MD5 Checksum: | ff407c3eb919afd2d222f7c3e42e9043 |
|
| /// File Name: | USN-703-1.txt | Description:
| Ubuntu Security Notice USN-703-1 - Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6861 | | Related CVE(s): | CVE-2006-7236, CVE-2008-2383 | | Last Modified: | Jan 5 21:02:54 2009 | | MD5 Checksum: | 9352865d1436dc3218db4a78e9ce1d04 |
|
| /// File Name: | USN-702-1.txt | Description:
| Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10900 | | Related CVE(s): | CVE-2009-0022 | | Last Modified: | Jan 5 21:00:41 2009 | | MD5 Checksum: | 16c06750eef20e3808874ed0c796b230 |
|
| /// File Name: | phpauctionsystem-insecure.txt | Description:
| PHP Auction System suffers from an insecure cookie handling vulnerability. | | Author: | ZoRLu | | File Size: | 1265 | | Last Modified: | Jan 5 20:59:51 2009 | | MD5 Checksum: | 40f2f0c3660aee65abfa178d0a395854 |
|
| /// File Name: | phpauctionsystem-sqlxss.txt | Description:
| PHP Auction System suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | X0r | | File Size: | 1924 | | Last Modified: | Jan 5 20:58:16 2009 | | MD5 Checksum: | dff3935d238a050c0de9d81375c92e77 |
|
| /// File Name: | joomlaphoca-sql.txt | Description:
| Joomla Phoca Documentation remote SQL injection exploit that makes use of index.php. | | Author: | EcHoLL | | Homepage: | http://www.warezturk.org/ | | File Size: | 1560 | | Last Modified: | Jan 5 20:55:31 2009 | | MD5 Checksum: | a42915d816e3b2ea44e5e52cf5d103fc |
|
| /// File Name: | lfi-rfi2.txt | Description:
| Local / Remote file inclusion scanner that attempts to make use of a c99 shell on a vulnerable host. | | Author: | baltazar | | Homepage: | http://www.darkc0de.com/ | | File Size: | 6218 | | Last Modified: | Jan 5 20:52:19 2009 | | MD5 Checksum: | a1530ae1679861ae4a4d3387842eac0e |
|
| /// File Name: | walusoft-traversal.txt | Description:
| Walusoft TFTPServer2000 version 3.6.1 suffers from a directory traversal vulnerability. | | Author: | princeofnigeria | | File Size: | 2845 | | Last Modified: | Jan 5 20:46:20 2009 | | MD5 Checksum: | 64146b5fc1a21ec677636cddac2a0ac7 |
|
| /// File Name: | dmp161lst4-overflow.txt | Description:
| Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. | | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 1537 | | Last Modified: | Jan 5 20:42:34 2009 | | MD5 Checksum: | 950e82dd52b76be3b441537b1c8946d6 |
|
| /// File Name: | seacureit-cfp2009.txt | Description:
| SEaCURE.IT is the first international technical conference ever held in Italy on security related topics, aimed at bringing together the leading experts from all over the world, to create a unique setting for networking and discussion among the speakers and the attendees. The 2009 edition will be held from May 19th to the 22nd in Villasimius, Sardinia. | | Homepage: | http://www.seacure.it/ | | File Size: | 5347 | | Last Modified: | Jan 5 20:30:16 2009 | | MD5 Checksum: | 28e55afb975a46ebd64652a868002743 |
|
| /// File Name: | plxautoreminder-sql.txt | Description:
| plxAutoReminder version 3.7 suffers from a remote SQL injection vulnerability. | | Author: | ZoRLu | | File Size: | 1188 | | Last Modified: | Jan 5 20:28:23 2009 | | MD5 Checksum: | 0da4a3c15c3933f0b1db0d73d765c906 |
|
| /// File Name: | safari-heap.txt | Description:
| Safari array integer overflow proof of concept exploit. | | Author: | SkyLined | | File Size: | 26629 | | Last Modified: | Jan 5 20:27:13 2009 | | MD5 Checksum: | dd9f8f395b56e7be0ccfd2abb77be20d |
|
| /// File Name: | dmp161lst3-overflow.txt | Description:
| Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. | | Author: | H-T Team | | Homepage: | http://no-hack.fr/ | | File Size: | 1557 | | Last Modified: | Jan 5 20:26:06 2009 | | MD5 Checksum: | 895b67587da6e19c6b19ca60e24184aa |
|
| /// File Name: | tor.uclibc.i686.20090105.iso | Description:
| Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. | | Author: | Anthony G. Basile | | Homepage: | http://opensource.dyc.edu/tor-ramdisk | | Changes: | Tor updated to 0.2.0.32. Kernel updated to Linux-2.6.25.17 plus Gentoo\'s hardened-patches-2.6.25-12.extras. | | File Size: | 4145152 | | Last Modified: | Jan 5 20:23:11 2009 | | MD5 Checksum: | 62155716de0033efdbbbfcd30e7a289e |
|
| /// File Name: | solucion-sql.txt | Description:
| SolucionWeb suffers from a remote SQL injection vulnerability in main.php. | | Author: | Ehsan_Hp200 | | File Size: | 1406 | | Last Modified: | Jan 5 20:08:35 2009 | | MD5 Checksum: | 76a412aa82f1d4dfa57dac80a5a5d664 |
|
| /// File Name: | pollpro-xsrf.txt | Description:
| PollPro version 3.0 appears to suffer from a cross site request forgery vulnerability. | | Author: | The_0nur-n0x | | File Size: | 1851 | | Last Modified: | Jan 5 20:04:43 2009 | | MD5 Checksum: | c2ab74358b5bd4e0c25d3f8c9080eed2 |
|
| /// File Name: | webspell-edit.txt | Description:
| webSPELL versions 4.01.02 and below suffer from a remote edit topics vulnerability. | | Author: | StAkeR | | File Size: | 953 | | Last Modified: | Jan 5 20:03:51 2009 | | MD5 Checksum: | aea9f27babb831af8e900adb5c17f3f4 |
|
| /// File Name: | pnphpbb212i-lfi.txt | Description:
| PNphpBB2 versions 1.2i and below suffer from multiple local file inclusion vulnerabilities. | | Author: | StAkeR | | File Size: | 1157 | | Last Modified: | Jan 5 20:00:00 2009 | | MD5 Checksum: | 0021ce7144c2aef7db09e77c28f743ea |
|
| /// File Name: | msfxdc-contest.txt | Description:
| MSFXDC (MetaSploit Framework eXploits Development Contest) is a challenge where the main goal is to code the largest number of new Metasploit Framework exploits modules. MSFXDC is organized by JA-PSI. | | Homepage: | http://www.ja-psi.com/ | | File Size: | 1776 | | Last Modified: | Jan 5 19:55:31 2009 | | MD5 Checksum: | 32fe7daf5d86671fd2920b2e4eec0af3 |
|
| /// File Name: | wsnguest123-sql.txt | Description:
| WSN Guest version 1.23 suffers from a remote SQL injection vulnerability in search.php. | | Author: | DaiMon | | Homepage: | http://www.cwdaimon.com/ | | File Size: | 1327 | | Last Modified: | Jan 5 19:52:57 2009 | | MD5 Checksum: | 618ac54e798ece3629eafa095ec9a018 |
|
| /// File Name: | phpmesfilms-sql.txt | Description:
| PhpMesFilms version 1.0 suffers from a remote SQL injection vulnerability in index.php. | | Author: | SuB-ZeRo | | Homepage: | http://www.dz-security.com/ | | File Size: | 1176 | | Last Modified: | Jan 5 19:51:46 2009 | | MD5 Checksum: | 9f2ba3d7b84754a10983c7c779233e38 |
|
| /// File Name: | vuplayer-overflow.txt | Description:
| VUPlayer version 2.49 .wax file local buffer overflow exploit that spawns calc.exe. | | Author: | H-T Team | | Homepage: | http://no-hack.fr/ | | File Size: | 1752 | | Last Modified: | Jan 5 19:49:41 2009 | | MD5 Checksum: | e3276064b96817aef53fca9c4948490b |
|
| /// File Name: | dmp161lst2-overflow.txt | Description:
| Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. | | Author: | suN8Hclf | | Homepage: | http://www.dark-coders.pl/ | | File Size: | 1571 | | Last Modified: | Jan 5 19:48:13 2009 | | MD5 Checksum: | d658c66d0826a718399e917d4d3c9603 |
|
| /// File Name: | dmp161lst1-overflow.txt | Description:
| Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. | | Author: | sCORPINo | | Homepage: | http://www.snoop-security.com/ | | File Size: | 2152 | | Last Modified: | Jan 5 11:05:33 2009 | | MD5 Checksum: | eb86011c4aa4e7d92c538d034a1faf12 |
|
| /// File Name: | ayemsisemlak-sql.txt | Description:
| Ayemsis Emlak Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | ByALBAYX | | Homepage: | http://www.c4team.org/ | | File Size: | 378 | | Last Modified: | Jan 5 10:57:41 2009 | | MD5 Checksum: | 57085fb9abf4f9c03e9e985ac9bfe337 |
|
| /// File Name: | joomlasimplereview-sql.txt | Description:
| The Joomla Simple Review component version 1.x suffers from a remote SQL injection vulnerability. | | Author: | EcHoLL | | Homepage: | http://www.warezturk.org/ | | File Size: | 880 | | Last Modified: | Jan 5 10:55:12 2009 | | MD5 Checksum: | edf3ffde2162a729d7b842f7147eb467 |
|
| /// File Name: | RFIDIOt-0.1v.tgz | Description:
| RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version. | | Author: | Adam Laurie | | Homepage: | http://rfidiot.org/ | | Changes: | Fixed ATS position and length in RFIDIOT.py. Multiple additions and a couple of other tweaks. | | File Size: | 392620 | | Last Modified: | Jan 5 10:52:50 2009 | | MD5 Checksum: | 066edfb1a202fe2abd20e9c53e7f9c25 |
|
| /// File Name: | indianinstitute-sql.txt | Description:
| The Indian Institute of Technology in Kharagpur suffers from a remote SQL injection vulnerability. | | Author: | Rohit Bansal | | File Size: | 1375 | | Last Modified: | Jan 4 15:48:21 2009 | | MD5 Checksum: | 1e40523527d08b2c7f671843e4b8f5d2 |
|
| /// File Name: | destiny161lst-overflow.txt | Description:
| Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit. | | Author: | Encrypt3d.M!nd | | File Size: | 460 | | Last Modified: | Jan 4 15:23:14 2009 | | MD5 Checksum: | 860a37459e6487b825536aba40de8534 |
|
| /// File Name: | webspell4-sql.txt | Description:
| Webspell version 4 suffers from a SQL injection vulnerability that allows for authentication bypass. | | Author: | h0yt3r | | File Size: | 2253 | | Last Modified: | Jan 4 15:20:12 2009 | | MD5 Checksum: | 4b21224db9230cc002e5326a09c3a6dd |
|
| /// File Name: | destiny161-overflow.txt | Description:
| Destiny Media Player version 1.61 .m3u file local stack overflow exploit. | | Author: | His0k4 | | File Size: | 1680 | | Last Modified: | Jan 4 15:18:56 2009 | | MD5 Checksum: | 94a408c32ef4ff231eed29acb2a8d390 |
|
| /// File Name: | dsa-1695-1.txt | Description:
| Debian Security Advisory 1695-1 - The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443). | | Homepage: | http://www.debian.org/security | | File Size: | 36870 | | Related CVE(s): | CVE-2008-3443 | | Last Modified: | Jan 2 19:45:45 2009 | | MD5 Checksum: | a8ee321a95a6272a724768a1fe3bed2e |
|
| /// File Name: | dsa-1694-1.txt | Description:
| Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383). | | Homepage: | http://www.debian.org/security | | File Size: | 5253 | | Related CVE(s): | CVE-2008-2383 | | Last Modified: | Jan 2 19:45:14 2009 | | MD5 Checksum: | aa67e5228c1b8bb3bcc0a928a6a27de9 |
|
| /// File Name: | destiny-dos.txt | Description:
| Destiny Media Player version 1.61.0 .m3u file local stack overflow proof of concept exploit. | | Author: | aBo MoHaMeD | | Homepage: | http://www.v4-team.net/ | | File Size: | 1895 | | Last Modified: | Jan 2 19:42:14 2009 | | MD5 Checksum: | 1d7be42d4ea9160a98423ca35f4a47e5 |
|
| /// File Name: | phpskelsite-rfilfixss.txt | Description:
| phpSkelSite version 1.4 suffers from remote file inclusion, local file inclusion, and cross site scripting vulnerabilities. | | Author: | ahmadbady | | File Size: | 906 | | Last Modified: | Jan 2 19:40:47 2009 | | MD5 Checksum: | 03c68859bd89afcea5fbed52f0ee9782 |
|
| /// File Name: | phpratemyphoto-upload.txt | Description:
| Built2Go PHP Rate My Photo version 1.46.4 is susceptible to a remote file upload vulnerability. | | Author: | ZoRLu | | File Size: | 1508 | | Last Modified: | Jan 2 19:39:45 2009 | | MD5 Checksum: | d5bd44ec4e4d65a071a7728f7a9e8d95 |
|
| /// File Name: | phplinkportal-upload.txt | Description:
| Built2Go PHP Link Portal version 1.95.1 is susceptible to a remote file upload vulnerability. | | Author: | ZoRLu | | File Size: | 1447 | | Last Modified: | Jan 2 19:38:13 2009 | | MD5 Checksum: | 426a5cbbd51cdfdc8dcc53daced487c3 |
|
| /// File Name: | vmware251-dos.txt | Description:
| VMware versions 2.5.1 and below remote denial of service exploit. | | Author: | laurent gaffi | | File Size: | 2019 | | Last Modified: | Jan 2 19:37:14 2009 | | MD5 Checksum: | 918090c873fe391fb0c2e18d414fdba6 |
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
