Section: .. / Last 100 Files /
/// File Name: | CORE-2009-0727.txt | Description:
| Core Security Technologies Advisory - A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration). Libpurple versions 2.5.8 and below are affected. | Homepage: | http://www.coresecurity.com/corelabs/ | File Size: | 10757 | Related CVE(s): | CVE-2009-2694 | Last Modified: | Aug 18 18:32:27 2009 | MD5 Checksum: | 2fde839930feef8f1f74e04404076031 |
|
/// File Name: | CA20090818-02.txt | Description:
| CA's technical support is alerting customers to a security risk with CA Internet Security Suite. A vulnerability exists that can allow a local attacker to cause a denial of service. CA has issued updates to address the vulnerability. | Author: | Kevin Kotas | File Size: | 2616 | Related CVE(s): | CVE-2009-0682 | Last Modified: | Aug 18 18:22:13 2009 | MD5 Checksum: | 686a7b6d7ed106ad217096a57596156a |
|
/// File Name: | android-root-20090816.tar.gz | Description:
| Linux 2.x kernel sock_sendpage() local root exploit. Written to exploit kernels on Android released prior to August of 2009. | Author: | Zinx | Homepage: | http://zenthought.org/ | File Size: | 4067 | Related CVE(s): | CVE-2009-2692 | Last Modified: | Aug 18 18:24:17 2009 | MD5 Checksum: | ef04c91c72156971a4a0b244c6d4c0b1 |
|
/// File Name: | vuplayer249m3u-overflow.txt | Description:
| VUPlayer versions 2.49 and below universal buffer overflow exploit that creates a malicious .m3u file. | Author: | mr_me | File Size: | 2133 | Last Modified: | Aug 18 18:22:32 2009 | MD5 Checksum: | fee6fe7f5bc73b60ca7a3ab736c21d49 |
|
/// File Name: | CA20090818-01.txt | Description:
| CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability. | Author: | Kevin Kotas | File Size: | 2591 | Related CVE(s): | CVE-2009-2740 | Last Modified: | Aug 18 18:20:51 2009 | MD5 Checksum: | 35741fa852c5c838affd2ff0c3557850 |
|
/// File Name: | glsa-200908-10.txt | Description:
| Gentoo Linux Security Advisory GLSA 200908-10 - An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. Tilei Wang reported an integer overflow in the Png_datainfo_callback() function, possibly leading to a heap-based buffer overflow. Versions less than 2.1.1 are affected. | Homepage: | http://security.gentoo.org | File Size: | 2590 | Related CVE(s): | CVE-2009-2294 | Last Modified: | Aug 18 18:19:44 2009 | MD5 Checksum: | 48d28a1e69a43e55063e4b7a1d76c02d |
|
/// File Name: | glsa-200908-09.txt | Description:
| Gentoo Linux Security Advisory GLSA 200908-09 - An input sanitation error in DokuWiki might lead to the disclosure of local files or even the remote execution of arbitrary code. girex reported that data from the config_cascade parameter in inc/init.php is not properly sanitized before being used. Versions less than 2009-02-14b are affected. | Homepage: | http://security.gentoo.org | File Size: | 2690 | Related CVE(s): | CVE-2009-1960 | Last Modified: | Aug 18 18:18:06 2009 | MD5 Checksum: | 4a2295db05e875238848ea0fc16d2390 |
|
/// File Name: | asaherpro-disclose.txt | Description:
| asaher pro 1.0.4 suffers from a remote database backup vulnerability. | Author: | alnjm33 | File Size: | 511 | Last Modified: | Aug 18 18:16:19 2009 | MD5 Checksum: | 6887c187a4c79fb8f265b5d880cba087 |
|
/// File Name: | srm-1.2.10.tar.gz | Description:
| secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised. | Author: | Matthew Gauthier | Homepage: | http://srm.sourceforge.net | Changes: | The program now compiles and works on Mac OS X again. A DoE wipe mode was added. Deletion of named pipes/FIFOs was fixed. Debian and Win32 fixes were applied. | File Size: | 119081 | Last Modified: | Aug 18 18:10:45 2009 | MD5 Checksum: | 127732632dde102688888c70ede89491 |
|
/// File Name: | glsa-200908-08.txt | Description:
| Gentoo Linux Security Advisory GLSA 200908-08 - dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using dhcp-client-identifier and hardware ethernet. Versions less than 3.1.2_p1 are affected. | Homepage: | http://security.gentoo.org | File Size: | 2568 | Related CVE(s): | CVE-2009-1892 | Last Modified: | Aug 18 18:09:48 2009 | MD5 Checksum: | e244fee226646494ee97704a054bfb4f |
|
/// File Name: | glsa-200908-07.txt | Description:
| Gentoo Linux Security Advisory GLSA 200908-07 - An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Versions less than 2.020 are affected. | Homepage: | http://security.gentoo.org | File Size: | 3349 | Related CVE(s): | CVE-2009-1391, CVE-2009-1884 | Last Modified: | Aug 18 18:09:27 2009 | MD5 Checksum: | 9b5d5882a6ff2803aee61c9e4cfb13b9 |
|
/// File Name: | broid-overflow.txt | Description:
| broid version 1.0 Beta 3a local stack overflow proof of concept exploit that creates a malicious .mp3 file. | Author: | HACK4LOVE | File Size: | 967 | Last Modified: | Aug 18 18:08:11 2009 | MD5 Checksum: | c784fa4fb8c15f494755e67738535716 |
|
/// File Name: | cfg80211-remote-dos.c | Description:
| Linux kernel versions prior to 2.6.30.5 cfg80211 remote denial of service exploit. | Author: | Jon Oberheide | File Size: | 4107 | Last Modified: | Aug 18 18:05:49 2009 | MD5 Checksum: | 999d928aa852f96be0483b3d76cc9cec |
|
/// File Name: | glsa-200908-06.txt | Description:
| Gentoo Linux Security Advisory GLSA 200908-06 - Multiple heap-based buffer overflows in CDF might result in the execution of arbitrary code. Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and CDFsel64() functions. Versions less than 3.3.0 are affected. | Homepage: | http://security.gentoo.org | File Size: | 2698 | Related CVE(s): | CVE-2009-2850 | Last Modified: | Aug 18 18:05:04 2009 | MD5 Checksum: | 5f17d6f8a1ffee036ec6430a79fc35fe |
|
/// File Name: | glsa-200908-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200908-05 - Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Versions less than 1.6.4 are affected. | Homepage: | http://security.gentoo.org | File Size: | 2788 | Related CVE(s): | CVE-2009-2411 | Last Modified: | Aug 18 18:04:45 2009 | MD5 Checksum: | a1095bb07889de4a49d0d45e9c1ea33c |
|
/// File Name: | phpem-sql.txt | Description:
| PHP Email Manager suffers from a remote SQL injection vulnerability in remove.php. | Author: | MuShTaQ | Homepage: | http://www.sec-code.com/ | File Size: | 913 | Last Modified: | Aug 18 18:02:50 2009 | MD5 Checksum: | ab218cb8046b145974cbb6e2b14995c4 |
|
/// File Name: | videosby-sql.txt | Description:
| Videos Broadcast Yourself version 2 suffers from a remote SQL injection vulnerability. | Author: | Mr.SQL | Homepage: | http://www.pal-hacker.com/ | File Size: | 1694 | Last Modified: | Aug 18 18:02:01 2009 | MD5 Checksum: | 0a602588c2020d96507a4ff4c305ce92 |
|
/// File Name: | spip-copy.txt | Description:
| SPIP CMS versions prior to 2.0.9 copy all passwords to XML file exploit. | Author: | Kernel_Panik | File Size: | 1875 | Last Modified: | Aug 18 17:56:53 2009 | MD5 Checksum: | 47799b3fc1c1fe927fd19d9134705c94 |
|
/// File Name: | ultimatefadein-upload.txt | Description:
| Ultimate Fade-in Slideshow version 1.51 suffers from a shell upload vulnerability. | Author: | NeX HaCkeR | File Size: | 813 | Last Modified: | Aug 18 17:02:33 2009 | MD5 Checksum: | 5d28d4127c341b1aa39c82410f56036c |
|
/// File Name: | ntop-dos.txt | Description:
| ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability. | Author: | Brad Antoniewicz | File Size: | 3038 | Related CVE(s): | CVE-2009-2732 | Last Modified: | Aug 18 17:00:02 2009 | MD5 Checksum: | d1fb4a39713aae08dae6c722ae37d63f |
|
/// File Name: | xenoratemp-overflow.txt | Description:
| Xenorate Media Player version 2.6.0.0 universal local buffer overflow exploit that creates a malicious .xpl file. | Author: | HACK4LOVE | File Size: | 2341 | Last Modified: | Aug 18 16:56:18 2009 | MD5 Checksum: | bb9aa46c6c78fbc77b51c899a282ae5c |
|
/// File Name: | fotoshowpro-sql.txt | Description:
| Fotoshow PRO suffers from a remote SQL injection vulnerability. | Author: | darkmasking | File Size: | 3102 | Last Modified: | Aug 18 16:55:25 2009 | MD5 Checksum: | d19e9249186d6a7b56d8b33f657307d8 |
|
/// File Name: | uloki-xss.txt | Description:
| ULoKI version 2.1 suffers from cross site scripting vulnerabilities. | Author: | Moudi | File Size: | 1041 | Last Modified: | Aug 18 16:53:59 2009 | MD5 Checksum: | c7cbc07c800f9fe347f253ced91bb41b |
|
/// File Name: | joomlamisterestate-sql.txt | Description:
| Joomla MisterEstate remote blind SQL injection exploit. | Author: | jdc | File Size: | 2507 | Last Modified: | Aug 18 16:52:59 2009 | MD5 Checksum: | 39781abd6c90276064328e5940598863 |
|
/// File Name: | infinity-disclose.txt | Description:
| Infinity version 2.x.x suffers from a local file disclosure vulnerability. | Author: | SwEET-DeViL | File Size: | 2285 | Last Modified: | Aug 18 16:51:52 2009 | MD5 Checksum: | b8f2494e1e152d0cde9626b0483b1397 |
|
/// File Name: | stivaforum-xss.txt | Description:
| Stiva Forum version 1.0 suffers from cross site scripting vulnerabilities. | Author: | Moudi | File Size: | 1462 | Last Modified: | Aug 18 16:50:38 2009 | MD5 Checksum: | 8a7db4fbf912927d921c7cad8e34fc9d |
|
/// File Name: | autonomouslan-rfi.txt | Description:
| Autonomous LAN Party versions 0.98.3 and below suffer from a remote file inclusion vulnerability. | Author: | cr4wl3r | File Size: | 4166 | Last Modified: | Aug 18 16:49:27 2009 | MD5 Checksum: | 211815c8b94f437909c4f6fd501c518a |
|
/// File Name: | ecms10-sql.txt | Description:
| E CMS versions 1.0 and below suffer from a remote SQL injection vulnerability. | Author: | Red-D3v1L | Related Exploit: | ecms-sql.txt | File Size: | 1618 | Last Modified: | Aug 18 16:47:00 2009 | MD5 Checksum: | 45fc8db1f82b774dfd81c0417b912bb5 |
|
/// File Name: | kolplayer-overflow.txt | Description:
| KOL Player version 1.0 local buffer overflow proof of concept exploit. | Author: | Evil.Man | Homepage: | http://www.tryag.cc/ | File Size: | 718 | Last Modified: | Aug 18 16:45:41 2009 | MD5 Checksum: | 455b9903451d1cc549875844cf6efe24 |
|
/// File Name: | bds-upload.txt | Description:
| Best Dating Script suffers from an arbitrary shell upload vulnerability. | Author: | jetli007 | Homepage: | http://www.vxx9.cc/ | File Size: | 1238 | Last Modified: | Aug 18 16:44:53 2009 | MD5 Checksum: | 10e45528b8d7c6a42d9e9ba44542c07f |
|
/// File Name: | phpfreebb-sql.txt | Description:
| phpfreeBB version 1.0 suffers from a remote blind SQL injection vulnerability. | Author: | Moudi | File Size: | 1453 | Last Modified: | Aug 18 16:43:51 2009 | MD5 Checksum: | 31794a35032c10893cc1ec31981f2e76 |
|
/// File Name: | MDVSA-2009-205.txt | Description:
| Mandriva Linux Security Advisory 2009-205 - The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. | Homepage: | http://www.mandriva.com/security/ | File Size: | 85652 | Related CVE(s): | CVE-2009-2692 | Last Modified: | Aug 18 16:39:58 2009 | MD5 Checksum: | 11fc644d3411928431aacb42e69033d8 |
|
/// File Name: | cbauthority-sql.txt | Description:
| CBAuthority ClickBank Affiliate Management suffers from a remote SQL injection vulnerability. | Author: | Angela Chang | File Size: | 1237 | Last Modified: | Aug 18 16:36:35 2009 | MD5 Checksum: | b6bfac40c04b2dde7104219944554029 |
|
/// File Name: | msiesa-crash.txt | Description:
| Microsoft Internet Explorer crash exploit that relates to the javascript setAttribute function. | Author: | Irfan Asrar | File Size: | 370 | Last Modified: | Aug 18 16:34:46 2009 | MD5 Checksum: | 54b952288edf0350e22a10ea9ad4ac3e |
|
/// File Name: | safari402-dos.txt | Description:
| Safari 4.0.2 suffers from a local buffer overflow vulnerability related to the webkit parsing of floating point numbers. | Author: | Leon Juranic | Homepage: | http://www.infigo.hr/ | File Size: | 1206 | Last Modified: | Aug 18 16:33:17 2009 | MD5 Checksum: | 79d61bdb05775d6a92a61c7dff05b3de |
|
/// File Name: | prosysinfo-overflow.txt | Description:
| ProSysInfo TFTP Server TFTPDWIN version 0.4.2 remote buffer overflow exploit that binds a shell to port 4444. | Author: | Wraith | File Size: | 1987 | Last Modified: | Aug 18 16:30:13 2009 | MD5 Checksum: | cd5277be0b696ebd38ac1a1745034b66 |
|
/// File Name: | babb-inject.txt | Description:
| BaBB version 2.8 suffers from a code injection vulnerability. | Author: | IRCRASH | Homepage: | http://ircrash.com/ | File Size: | 1955 | Last Modified: | Aug 18 16:29:22 2009 | MD5 Checksum: | bd473dd4b155589d2df8f9ba7c461dda |
|
/// File Name: | plm-overflow.txt | Description:
| Playlistmaker version 1.51 local buffer overflow exploit that creates a malicious .m3u file. | Author: | Blake | File Size: | 4069 | Last Modified: | Aug 18 16:25:57 2009 | MD5 Checksum: | d368ae2d83539cd5b33cc82466e36d2c |
|
/// File Name: | ajauctionoopd2-sql.txt | Description:
| AJ Auction Pro OOPD version 2.x SQL injection exploit that leverages store.php. | Author: | NoGe | Related Exploit: | ajauctionprooopd-sql.txt | File Size: | 2303 | Last Modified: | Aug 18 16:23:15 2009 | MD5 Checksum: | 3e75f575b396020a89e5459a8afcd9de |
|
/// File Name: | zte-bypass.txt | Description:
| The ZTE ZXDSL 831 II modem suffers from an arbitrary configuration access vulnerability. | Author: | SuNHouSe2 | File Size: | 1184 | Last Modified: | Aug 18 16:21:58 2009 | MD5 Checksum: | 5729442c037f74056a2ee61e608067e6 |
|
/// File Name: | zte-addadmin.txt | Description:
| The ZTE ZXDSL 831 II modem suffers from an arbitrary add administrator vulnerability. | Author: | SuNHouSe2 | File Size: | 977 | Last Modified: | Aug 18 16:20:24 2009 | MD5 Checksum: | 3a9907b79f8675bc651cc9b972fdb4a5 |
|
/// File Name: | cisco-sa-20090818-bgp.txt | Description:
| Cisco Security Advisory - Cisco IOS XR will reset a Border Gateway Protocol (BGP) peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. | Homepage: | http://www.cisco.com/ | File Size: | 19594 | Related CVE(s): | CVE-2009-2055 | Last Modified: | Aug 18 15:56:04 2009 | MD5 Checksum: | a4d2e78d790342ef196868828e52e6dc |
|
/// File Name: | USN-818-1.txt | Description:
| Ubuntu Security Notice USN-818-1 - Scott Cantor discovered that Curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. | Homepage: | http://security.ubuntu.com/ | File Size: | 21370 | Related CVE(s): | CVE-2009-2417 | Last Modified: | Aug 17 14:52:26 2009 | MD5 Checksum: | a07f79f3dcf4498184a2bed6f7986181 |
|
/// File Name: | greenbow-dos.txt | Description:
| TheGreenBow VPN client versions 4.61.003 suffers from a local denial of service vulnerability in tgbvpn.sys. | Author: | Evilcry | Homepage: | http://evilcry.altervista.org/ | File Size: | 2723 | Last Modified: | Aug 17 14:51:12 2009 | MD5 Checksum: | a61e3c21eebf4953ef8187ba6369eb4a |
|
/// File Name: | DSECRG-09-051.txt | Description:
| Adobe JRun Application Server version 4 updater 7 suffers from a directory traversal vulnerability. | Author: | Sh2kerr | Homepage: | http://www.dsec.ru/ | File Size: | 1805 | Related CVE(s): | CVE-2009-1873 | Last Modified: | Aug 17 14:48:09 2009 | MD5 Checksum: | 445f414eea72c40b2e559ac50ebfefaf |
|
/// File Name: | DSECRG-09-022.txt | Description:
| Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. | Author: | Sh2kerr | Homepage: | http://www.dsec.ru/ | File Size: | 2846 | Related CVE(s): | CVE-2009-1872 | Last Modified: | Aug 17 14:46:20 2009 | MD5 Checksum: | cef433badd090f31b15ba805e6134c86 |
|
/// File Name: | SOS-09-007.txt | Description:
| Piwigo version 2.0.0 suffers from a remote SQL injection vulnerability. | Homepage: | http://www.senseofsecurity.com/ | File Size: | 1880 | Last Modified: | Aug 17 14:38:50 2009 | MD5 Checksum: | 648d7672a58110591693cdcb56afde01 |
|
/// File Name: | MDVSA-2009-204.txt | Description:
| Mandriva Linux Security Advisory 2009-204 - Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. | Homepage: | http://www.mandriva.com/security/ | File Size: | 12861 | Related CVE(s): | CVE-2009-2369 | Last Modified: | Aug 17 14:35:55 2009 | MD5 Checksum: | b030853c6041f24200da51b80d061b3d |
|
/// File Name: | eth0.c | Description:
| eth0 network card disabling polymorphic shellcode for Linux/x86. | Author: | Jonathan Salwan | Homepage: | http://www.shell-storm.org/ | File Size: | 2043 | Last Modified: | Aug 17 14:34:28 2009 | MD5 Checksum: | 80f34aaec2cfdaf0e86144196fb35bb3 |
|
/// File Name: | dsa-1864-1.txt | Description:
| Debian Security Advisory 1864-1 - A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. | Homepage: | http://www.debian.org/security | File Size: | 24829 | Related CVE(s): | CVE-2009-2692 | Last Modified: | Aug 17 14:32:51 2009 | MD5 Checksum: | 75d6f001ad41577772984e74bf2e2756 |
|
/// File Name: | dsa-1863-1.txt | Description:
| Debian Security Advisory 1863-1 - Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. | Homepage: | http://www.debian.org/security | File Size: | 9273 | Related CVE(s): | CVE-2009-0668, CVE-2009-0669 | Last Modified: | Aug 17 14:32:15 2009 | MD5 Checksum: | ea0f49ddbc10326c589b529fd96df32a |
|
/// File Name: | rackspace-sql.txt | Description:
| www.rackspace.com suffered from a remote SQL injection vulnerability. | Author: | Rohit Bansal | File Size: | 4437 | Last Modified: | Aug 17 14:30:26 2009 | MD5 Checksum: | 56fd2c0d4e68d346b5e056047dcbff05 |
|
/// File Name: | hyenae-0.31-1.tar.gz | Description:
| Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks. | Author: | Robin Richter | Homepage: | http://sourceforge.net/projects/hyenae/ | Changes: | This release has bugfixes, an improved attack assistant, extended / fixed documentation, a TCP-Land attack in the attack assistant, and an ICMP-Smurf attack in the attack assistant. It changes the daemon max clients argument (from -C to -m). | File Size: | 142420 | Last Modified: | Aug 17 14:26:22 2009 | MD5 Checksum: | 5ca31cca7222bfbdf4a4592b7b40e4cd |
|
/// File Name: | emp1002wav-overflow.txt | Description:
| Easy Music Player version 1.0.0.2 .wav file universal local buffer overflow exploit. | Author: | Ostoure Sazan | File Size: | 2240 | Last Modified: | Aug 17 14:26:39 2009 | MD5 Checksum: | 6b926097548de957bbe1202d44bb4f1e |
|
/// File Name: | trafscrambler-0.2.tgz | Description:
| Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well. | Author: | Maxim Bourmistrov | Homepage: | http://en.roolz.org/trafscrambler.html | Changes: | This release implements fake data injection, userland binary tsctrl to control NKE, minor re-work of NKE. | File Size: | 8788 | Last Modified: | Aug 15 16:37:41 2009 | MD5 Checksum: | 2b9fbbb730fe3a425956a9ef93185be4 |
|
/// File Name: | dsa-1862-1.txt | Description:
| Debian Security Advisory 1862-1 - A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. | Homepage: | http://www.debian.org/security | File Size: | 26090 | Related CVE(s): | CVE-2009-2692 | Last Modified: | Aug 15 16:28:30 2009 | MD5 Checksum: | 527f593800372b13bb5beb1f54e242eb |
|
/// File Name: | clubhack2009-cfp.txt | Description:
| The Call For Papers for ClubHack 2009 has been announced. For a full list of topics and more information on the convention, hit the home page. | Homepage: | http://clubhack.com/2009/CFP | File Size: | 855 | Last Modified: | Aug 15 16:26:47 2009 | MD5 Checksum: | d6b9b9e64491aa6e19b2cecb3e961c14 |
|
/// File Name: | wunderbar_emporium.tgz | Description:
| Linux 2.x kernel sock_sendpage() local root exploit. It works on 2.4, 2.6, x86, x64, 4k stacks, 8k stacks, with/without cred framework, bypasses mmap_min_addr in any public way possible (auto-detecting which method to use). | Author: | Brad Spengler | Related File: | linux-null.txt | File Size: | 3491991 | Last Modified: | Aug 15 16:21:49 2009 | MD5 Checksum: | 0db39d0131fc0666b3a101e1dc45a7d4 |
|
/// File Name: | bluecoatref-bypass.txt | Description:
| The BlueCoat Proxy 8100 series suffers from a bypass vulnerability when a forged Referer header is used. | Author: | Antoine Santo | File Size: | 2933 | Last Modified: | Aug 15 16:16:59 2009 | MD5 Checksum: | e40206da6a71b25a0625b2901d50e46d |
|
/// File Name: | icq-inject.txt | Description:
| ICQ version 6.5 suffers from a HTML injection vulnerability. | Author: | ShineShadow | File Size: | 2223 | Last Modified: | Aug 15 16:15:08 2009 | MD5 Checksum: | 360807ab9149e39c1c174842125db110 |
|
/// File Name: | SUSE-SA-2009-044.txt | Description:
| SUSE Security Announcement - The ibsvn_delta library in Subversion is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. | Homepage: | http://www.suse.com | File Size: | 18805 | Related CVE(s): | CVE-2009-2411 | Last Modified: | Aug 15 16:13:24 2009 | MD5 Checksum: | e663b83938276fa296901c7c1dd63e00 |
|
/// File Name: | naroun-bypass.txt | Description:
| Naroun ADSL-Tools suffers from an authentication bypass vulnerability. | Author: | Ostoure Sazan | File Size: | 1015 | Last Modified: | Aug 15 16:12:10 2009 | MD5 Checksum: | a815b9fef8869f6a18a97bd683c30415 |
|
/// File Name: | MDVSA-2009-203.txt | Description:
| Mandriva Linux Security Advisory 2009-203 - lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability. | Homepage: | http://www.mandriva.com/security/ | File Size: | 7227 | Related CVE(s): | CVE-2009-2417 | Last Modified: | Aug 15 14:54:29 2009 | MD5 Checksum: | 64e61fa3b83cb86c8f9210c9cb2d06d0 |
|
/// File Name: | samhain-2.5.8.tar.gz | Description:
| Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris. | Author: | Rainer Wichmann | Homepage: | http://samhain.sourceforge.net | Changes: | This release fixes two bugs in the mailer code: MX resolving would fail sometimes, and a deadlock could occur. | File Size: | 1052672 | Last Modified: | Aug 15 14:52:04 2009 | MD5 Checksum: | 4870c9a0fb5fc8faff8b0ec5fe4004de |
|
/// File Name: | MDVSA-2009-202.txt | Description:
| Mandriva Linux Security Advisory 2009-202 - Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. | Homepage: | http://www.mandriva.com/security/ | File Size: | 3884 | Related CVE(s): | CVE-2009-2415 | Last Modified: | Aug 15 14:30:52 2009 | MD5 Checksum: | cc04db39107d95991f12a463fa55d7fc |
|
/// File Name: | dsa-1861-1.txt | Description:
| Debian Security Advisory 1861-1 - Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. | Homepage: | http://www.debian.org/security | File Size: | 6973 | Related CVE(s): | CVE-2009-2416, CVE-2009-2414 | Last Modified: | Aug 15 14:30:21 2009 | MD5 Checksum: | d9339a2c3cdb82222afd3822067f9d90 |
|
/// File Name: | vlcmpuri-overflow.txt | Description:
| VLC Media Player versions 1.0.1 and below smb:// URI buffer overflow exploit. | Author: | Stack | Homepage: | http://v4-team.com/ | File Size: | 1369 | Last Modified: | Aug 15 14:29:06 2009 | MD5 Checksum: | 197c48b23a93bf24e25f4748cef5d401 |
|
/// File Name: | myweight-upload.txt | Description:
| MyWeight version 1.0 suffers from a remote shell upload vulnerability. | Author: | Mr.tro0oqy | File Size: | 737 | Last Modified: | Aug 15 14:28:16 2009 | MD5 Checksum: | 3fd8477bf117166ad7994185bf56e871 |
|
/// File Name: | dscms-sql.txt | Description:
| DS CMS version 1.0 suffers from a remote SQL injection vulnerability. | Author: | Mr.tro0oqy | File Size: | 823 | Last Modified: | Aug 15 14:27:15 2009 | MD5 Checksum: | 0e52f8d90fcc0d4a5d5c1d78ac7a6d76 |
|
/// File Name: | proto_ops.tgz | Description:
| Local root sock_sendpage() exploit for the Linux 2.x kernel. Versions 2.4.4 through 2.4.37.4 and 2.6.0 through 2.6.30.4 are affected. | Author: | Przemyslaw Frasunek | Related File: | linux-null.txt | File Size: | 1550 | Last Modified: | Aug 14 20:51:00 2009 | MD5 Checksum: | 5dcca62a3c7951b4b7101baf7b71c4c9 |
|
/// File Name: | linux-null.txt | Description:
| The Linux kernel suffers from a NULL pointer dereference vulnerability due to incorrect proto_ops initializations. Versions 2.4.4 through 2.4.37.4 and 2.6.0 through 2.6.30.4 are affected. | Author: | Tavis Ormandy | Related Exploit: | proto_ops.tgz | File Size: | 3729 | Last Modified: | Aug 14 20:49:22 2009 | MD5 Checksum: | 17e6502150ab61d3d2ac35ef03881fb8 |
|
/// File Name: | Botan-1.8.6.tgz | Description:
| Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. | Homepage: | http://botan.randombit.net/ | Changes: | This release adds a new password-based encryption interface intended for application use. Build problems on Linux/MIPS systems and under Sun C++ were fixed, and support for the Open64 compiler and Dragonfly BSD operating system was added. | File Size: | 3464318 | Last Modified: | Aug 14 20:42:51 2009 | MD5 Checksum: | f1fe32d1a1e56ea3bbc78b9e37df9bb2 |
|
/// File Name: | windows7_firewire_physical_attacks.pdf | Description:
| Whitepaper called Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker. | Author: | Benjamin Boeck | File Size: | 231076 | Last Modified: | Aug 14 20:39:23 2009 | MD5 Checksum: | d1e374eb7be3ea6d97c8ba5fa55f8371 |
|
/// File Name: | etaw-overflow.txt | Description:
| EmbedThis Appweb version 3.0B.2-4 suffers from multiple buffer overflow vulnerabilities. | Author: | Dr_IDE | File Size: | 1068 | Last Modified: | Aug 14 20:32:45 2009 | MD5 Checksum: | 389420e5405f71d28681c33c313c788a |
|
/// File Name: | vlcuri-overflow.txt | Description:
| VLC Media Player versions 1.0.0 and 1.0.1 smb:// URI buffer overflow proof of concept exploit. | Author: | Dr_IDE | File Size: | 2394 | Last Modified: | Aug 14 20:31:29 2009 | MD5 Checksum: | 935c16b98f2ae3ce009fcf8d12d171f3 |
|
/// File Name: | pcs-sql.txt | Description:
| PHP Competition System versions 0.84 and below suffer from a remote SQL injection vulnerability. | Author: | Mr.SQL | Homepage: | http://www.pal-hacker.com/ | File Size: | 1569 | Last Modified: | Aug 14 20:29:41 2009 | MD5 Checksum: | 64b851df7affb2c33d2b3863da7d6e26 |
|
/// File Name: | ignition-exec.txt | Description:
| Ignition version 1.2 suffers from a remote code execution vulnerability. | Author: | IRCRASH | Homepage: | http://ircrash.com/ | File Size: | 1896 | Last Modified: | Aug 14 20:27:19 2009 | MD5 Checksum: | 285b0171530fcbe343c08797a82cc810 |
|
/// File Name: | tgscms-sqlxss.txt | Description:
| TGS CMS version 0.x suffers from cross site scripting, SQL injection, and source code disclosure vulnerabilities. | Author: | []ViZiOn | Homepage: | http://toxicmindz.org/ | File Size: | 8304 | Last Modified: | Aug 14 20:25:43 2009 | MD5 Checksum: | 67780f7866901b8894e60dfad9a12f82 |
|
/// File Name: | elkapax-xss.txt | Description:
| Elkapax CMS suffers from a cross site scripting vulnerability. | Author: | Isfahan University of Technology | File Size: | 781 | Last Modified: | Aug 14 20:24:15 2009 | MD5 Checksum: | 4e8eb9e98dd9a28c4183099289359bb0 |
|
/// File Name: | snom-bypass.txt | Description:
| COMPASS SECURITY ADVISORY - Snom VoIP/SIP phones suffer from an authentication bypass vulnerability on the web interface. | Author: | Walter Sprenger | Homepage: | http://www.csnc.ch/ | File Size: | 3411 | Related CVE(s): | CVE-2009-1048 | Last Modified: | Aug 14 20:22:01 2009 | MD5 Checksum: | 73f7ae1234df96c9ea5380156d801d7b |
|
/// File Name: | gazellecms-upload.txt | Description:
| Gazelle CMS version 1.0 suffers from a remote arbitrary shell upload vulnerability. | Author: | RoMaNcYxHaCkEr | File Size: | 1378 | Last Modified: | Aug 14 20:20:26 2009 | MD5 Checksum: | d232061da1d8a7fa66d9e5babe340271 |
|
/// File Name: | wpsyntax-exec.txt | Description:
| WordPress WP-Syntax component versions 0.9.1 and below remote command execution exploit. | Author: | Inj3ct0r | Homepage: | http://Inj3ct0r.com/ | File Size: | 6328 | Last Modified: | Aug 14 20:17:39 2009 | MD5 Checksum: | 3fcbe0bc7cc5207da11d291cb2e1fe93 |
|
/// File Name: | jblog-sql.txt | Description:
| JBLOG version 1.5.1 remote SQL table backup exploit. | Author: | Ams | File Size: | 3256 | Last Modified: | Aug 14 20:16:34 2009 | MD5 Checksum: | 4c6dca4c586c9234b4f743dae615096f |
|
/// File Name: | pipl-overflow.txt | Description:
| pIPL version 2.5.0 universal local buffer overflow exploit that creates a malicious .pls file. | Author: | HACK4LOVE | File Size: | 2348 | Last Modified: | Aug 14 20:15:35 2009 | MD5 Checksum: | 202b72bb854c0b9e547eb0af503c2cb4 |
|
/// File Name: | ftpshellclient-overflow.txt | Description:
| FTPShell Client version 4.1 RC2 Name Session stack overflow exploit. | Author: | zec | File Size: | 5333 | Last Modified: | Aug 14 20:13:59 2009 | MD5 Checksum: | 3793686f3b82006223d8076e20a4f193 |
|
/// File Name: | kiwicon2009-cfp.txt | Description:
| Kiwicon '09 Call For Papers - This year Kiwicon will be held from November 28th through 29th, 2009. | Homepage: | http://www.kiwicon.org/ | File Size: | 4792 | Last Modified: | Aug 12 23:50:37 2009 | MD5 Checksum: | 09652a5422ee3d4f2faab6b2495d541e |
|
/// File Name: | USN-816-1.txt | Description:
| Ubuntu Security Notice USN-816-1 - Moxie Marlinspike discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. | Homepage: | http://security.ubuntu.com/ | File Size: | 7880 | Related CVE(s): | CVE-2009-2666 | Last Modified: | Aug 12 23:48:25 2009 | MD5 Checksum: | 0a51d00fe2ea559604ff3de4aff9e6a4 |
|
/// File Name: | DSECRG-09-033.txt | Description:
| SAP NetWeaver Application Server version 7.0 suffers from a cross site scripting vulnerability. | Author: | Sh2kerr | Homepage: | http://www.dsec.ru/ | File Size: | 2653 | Last Modified: | Aug 12 23:46:10 2009 | MD5 Checksum: | e172bb9e94b9a7e9297d999c81578242 |
|
/// File Name: | soloartist-sql.txt | Description:
| Solo Artist websites suffer from a remote SQL injection vulnerability. | Author: | S3T4N | Homepage: | http://sux0r.net/ | File Size: | 1869 | Last Modified: | Aug 12 23:44:28 2009 | MD5 Checksum: | 219f6c81e9d2e30e136db4d81d5b8e76 |
|
/// File Name: | mswordpad-crash.txt | Description:
| Microsoft Wordpad on Windows XP SP3 memory exhaustion exploit. | Author: | murderkey | File Size: | 2431 | Last Modified: | Aug 12 23:42:42 2009 | MD5 Checksum: | 3eb8df16e20b39d7e49e370ac23f8899 |
|
|
|
|
|