Section: .. / Last 100 Files /
| /// File Name: | powerdvd_bof.pl.txt | Description:
| CyberLink PowerDVD versions 8.0 and below crafted PLS/M3U playlist denial of service exploit. | | Author: | LiquidWorm | | Homepage: | http://www.zeroscience.org/ | | File Size: | 351 | | Last Modified: | Jul 25 21:04:39 2008 | | MD5 Checksum: | 7ad84dae8a4f1aec0fca8ea159b1fac3 |
|
| /// File Name: | MDVSA-2008-155.txt | Description:
| Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 50277 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 21:02:23 2008 | | MD5 Checksum: | c42b0d5c1d78fe93fed6e40c07dbe7cc |
|
| /// File Name: | ZDI-08-047.txt | Description:
| A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control. Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user. | | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3576 | | Related CVE(s): | CVE-2008-1309 | | Last Modified: | Jul 25 21:01:42 2008 | | MD5 Checksum: | c1dc5a2b4f3ec5b589d8087402e03e9d |
|
| /// File Name: | ZDI-08-046.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3360 | | Last Modified: | Jul 25 20:59:17 2008 | | MD5 Checksum: | 6aee3edef397f5bdbe93bef7b3d46705 |
|
| /// File Name: | ZDI-08-045.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3219 | | Related CVE(s): | CVE-2008-2317 | | Last Modified: | Jul 25 20:58:18 2008 | | MD5 Checksum: | fd7eab9f0357ba1ffd8f1eb1b36d1baa |
|
| /// File Name: | realplayer-exec.txt | Description:
| RealPlayer suffers from a vulnerability where the WindowName and Controls properties of rmoc3260.dll do not manage heap memory properly resulting in a use after free condition which can overwrite heap management structures resulting in code execution. RealPlayer 11, 10.5, 10, and Enterprise are all affected. | | Author: | Elazar Broad | | File Size: | 1485 | | Last Modified: | Jul 25 20:57:26 2008 | | MD5 Checksum: | 6770b3f1177517eb6841ebc11efa2528 |
|
| /// File Name: | SECOBJADV-2008-02.txt | Description:
| Security Objectives Advisory - The Cygwin installation and update process can be subverted to a lack of checksum verification. Cygwin setup.exe version 2.573.2.2 is affected. | | Author: | Derek Callaway | | Homepage: | http://www.security-objectives.com/ | | File Size: | 4453 | | Last Modified: | Jul 25 20:55:18 2008 | | MD5 Checksum: | 0d95149f3d415d7bc0ba049956304dd5 |
|
| /// File Name: | ezcontents-rfi.txt | Description:
| ezContents suffers from a remote file inclusion vulnerability in minicalendar.php. | | Author: | HACKERS PAL | | Homepage: | http://www.soqor.net/ | | File Size: | 447 | | Last Modified: | Jul 25 20:48:35 2008 | | MD5 Checksum: | 4d6181b5da7df0637e268ae0d80423fd |
|
| /// File Name: | phptest-sql.txt | Description:
| phpTest version 0.6.3 suffers from a remote SQL injection vulnerability in picture.php. | | Author: | cOndemned | | Homepage: | http://condemned.r00t.la/ | | File Size: | 1266 | | Last Modified: | Jul 25 20:47:08 2008 | | MD5 Checksum: | 55759742f8c9835119a0185ba04f023b |
|
| /// File Name: | fizzmedia-sql.txt | Description:
| FizzMedia version 1.51.2 suffers from a SQL injection vulnerability in comment.php. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1454 | | Last Modified: | Jul 25 20:46:18 2008 | | MD5 Checksum: | dda88b45e50ed2d18900b44872fc6c87 |
|
| /// File Name: | secunia-realnetworks.txt | Description:
| Secunia Research has discovered a vulnerability in RealPlayer, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a design error within the handling of frames in Shockwave Flash (SWF) files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Affected is RealNetworks RealPlayer version 10.5 Build 6.0.12.1483. | | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4353 | | Related CVE(s): | CVE-2007-5400 | | Last Modified: | Jul 25 14:24:02 2008 | | MD5 Checksum: | e44f432fc16d17e09063fe9acb1b39c4 |
|
| /// File Name: | dsa-1617-1.txt | Description:
| Debian Security Advisory 1617-1 - In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. | | Homepage: | http://www.debian.org/security | | File Size: | 5335 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 25 14:20:30 2008 | | MD5 Checksum: | 1f7434c7ae5c8345c7101b841bffb229 |
|
| /// File Name: | cameralife-sql.txt | Description:
| Camera Life version 2.6.2 suffers from a remote SQL injection vulnerability. | | Author: | nuclear | | File Size: | 359 | | Last Modified: | Jul 25 14:18:52 2008 | | MD5 Checksum: | 7a9325e67afe5ab8829bf79fdd0f4871 |
|
| /// File Name: | bind9x-poison.txt | Description:
| BIND 9.x remote DNS cache poisoning flaw exploit using the vulnerability discovered by Dan Kaminsky. | | Author: | Marc Bevand | | File Size: | 11891 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 25 14:13:41 2008 | | MD5 Checksum: | 738b0078ac8624dd2e7118cdec35a81b |
|
| /// File Name: | powerfuzzer_v1_beta.zip | Description:
| Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (including cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering a website and identifying inputs. | | Author: | Marcin Kozlowski | | Homepage: | http://powerfuzzer.sourceforge.net/ | | File Size: | 37148 | | Last Modified: | Jul 25 13:53:25 2008 | | MD5 Checksum: | 396b2d6d7bff4882890ef159d826b641 |
|
| /// File Name: | USN-629-1.txt | Description:
| Ubuntu Security Notice 629-1 - Various flaws in the mozilla-thunderbird package have been addressed including improper handling, weaknesses, denial of service, and code execution issues. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19876 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 13:49:41 2008 | | MD5 Checksum: | 6423df1ff327f2272abae252a822f5cf |
|
| /// File Name: | minix-panic.txt | Description:
| minix version 3.1.2a suffers from a remote tty panic vulnerability. | | Author: | kokanin | | File Size: | 482 | | Last Modified: | Jul 25 13:47:26 2008 | | MD5 Checksum: | 901fc1abec7cc082445ea01f095a495e |
|
| /// File Name: | aflog-xss.txt | Description:
| Aflog version 1.01 suffers from a cross site scripting vulnerability. | | Author: | Dentrasi | | File Size: | 445 | | Last Modified: | Jul 25 13:46:20 2008 | | MD5 Checksum: | 779983379703d1acce929f110f56cdb1 |
|
| /// File Name: | xrms-rfixss.txt | Description:
| xrms version 1.99.2 suffers from remote file inclusion and cross site scripting vulnerabilities. | | Author: | AzzCoder | | File Size: | 504 | | Last Modified: | Jul 25 13:44:55 2008 | | MD5 Checksum: | f0f5e7fb782ba3dcff05229e571a2b5b |
|
| /// File Name: | lmp-sql.txt | Description:
| Live Music Plus version 1.1.0 suffers from a remote SQL injection vulnerability. | | Author: | IRAQI | | File Size: | 916 | | Last Modified: | Jul 25 13:43:46 2008 | | MD5 Checksum: | 275d99def2fd5ea2dfe38b2a45ea0d80 |
|
| /// File Name: | fwknop-1.9.6.tar.gz | Description:
| fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. | | Author: | Michael Rash | | Homepage: | http://www.cipherdyne.org/fwknop/ | | Changes: | Added the ability to explicitly run major classes of tests 46 with two new command line arguments to the fwknop_test.pl script. Updated the fwknop client to randomize the UDP source port for default SPA packet generation. Various other updates and additions. | | File Size: | 566465 | | Last Modified: | Jul 24 12:23:37 2008 | | MD5 Checksum: | 9734c99a1c0b28b1522ce50396405d54 |
|
| /// File Name: | wordpressdm-upload.txt | Description:
| WordPress Download Manager plugin version 0.2 arbitrary file upload exploit. | | Author: | SaO | | Homepage: | http://www.saohackstyle.com/ | | File Size: | 886 | | Last Modified: | Jul 24 12:20:02 2008 | | MD5 Checksum: | ab5a1c03a0efe55d5896dd7fcf629eec |
|
| /// File Name: | ibase-disclose.txt | Description:
| ibase versions 2.03 and below suffer from a remote file disclosure vulnerability in download.php. | | Author: | Dyshoo | | File Size: | 254 | | Last Modified: | Jul 24 12:18:51 2008 | | MD5 Checksum: | fe43ec1fa0a052b7535851f9cb69cd63 |
|
| /// File Name: | atomphotoblog-sql.txt | Description:
| Atom PhotoBlog version 1.1.5b1 suffers from a remote SQL injection vulnerability. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1488 | | Last Modified: | Jul 24 12:17:57 2008 | | MD5 Checksum: | 69a36f18579002640832d44da0a6de28 |
|
| /// File Name: | dsa-1616-1.txt | Description:
| Debian Security Advisory 1616-1 - Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack. | | Homepage: | http://www.debian.org/security | | File Size: | 16558 | | Related CVE(s): | CVE-2008-2713 | | Last Modified: | Jul 24 12:14:46 2008 | | MD5 Checksum: | aedebbf953275b7079e71948199d5566 |
|
| /// File Name: | bailiwicked_domain.rb.txt | Description:
| This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain. | | Author: | I)ruid, H D Moore | | Homepage: | http://www.caughq.org/ | | File Size: | 15954 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 24 12:14:00 2008 | | MD5 Checksum: | 5882e859718d26d63b3bc1167eacb0fd |
|
| /// File Name: | pkd-1.1.tgz | Description:
| ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent. | | Author: | eric | | Changes: | Removed source port from hash. | | File Size: | 75401 | | Last Modified: | Jul 23 23:03:22 2008 | | MD5 Checksum: | 7ff6ab126922499e670b12c1882d5e7d |
|
| /// File Name: | bailiwicked_host.rb.txt | Description:
| This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. | | Author: | I)ruid, H D Moore | | Homepage: | http://www.caughq.org/ | | File Size: | 16025 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 23 20:05:48 2008 | | MD5 Checksum: | 4def3738d35dc00d760fa023d0106a29 |
|
| /// File Name: | SDTCleaner-v1.0.zip | Description:
| SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table). | | Author: | Nahuel Riva | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 243769 | | Last Modified: | Jul 23 19:57:13 2008 | | MD5 Checksum: | 9123411f2b13fc9ec9a831f7e8a6514d |
|
| /// File Name: | dsa-1615-1.txt | Description:
| Debian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | | Homepage: | http://www.debian.org/security | | File Size: | 31926 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2933 | | Last Modified: | Jul 23 19:50:15 2008 | | MD5 Checksum: | 814da2c25fb7c7e932ae2c2849d21d29 |
|
| /// File Name: | dsa-1614-1.txt | Description:
| Debian Security Advisory 1614-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation. | | Homepage: | http://www.debian.org/security | | File Size: | 8712 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 23 19:49:36 2008 | | MD5 Checksum: | 357a585f8c33728c1e761bc85d365a57 |
|
| /// File Name: | dsa-1540-3.txt | Description:
| Debian Security Advisory 1540-3 - This update fixes a regression in lighttpd introduced in DSA-1540, causing SSL failures. | | Homepage: | http://www.debian.org/security | | File Size: | 14614 | | Related CVE(s): | CVE-2008-1531 | | Last Modified: | Jul 23 19:48:43 2008 | | MD5 Checksum: | cccf48a06495b899a26c83ab12130eb3 |
|
| /// File Name: | USN-628-1.txt | Description:
| Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 62408 | | Related CVE(s): | CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829 | | Last Modified: | Jul 23 19:47:53 2008 | | MD5 Checksum: | 6cd6d0407e8f8ffd96589e18817d582e |
|
| /// File Name: | vimfiletype-exec.txt | Description:
| This advisory discusses the filetype.vim vulnerability in Vim version 7.2b.10 that allows for arbitrary code execution and also notes that the Vim patch 7.1.300 did not fix the vulnerability. | | Author: | Jan Minar | | File Size: | 6106 | | Last Modified: | Jul 23 19:46:43 2008 | | MD5 Checksum: | 525775816c2441f36c404a28644bb87a |
|
| /// File Name: | emc-sql.txt | Description:
| EMC's Centera Universal Access product version CUA4.0_4735.p4 suffers from a SQL injection vulnerability. | | Author: | Aaron Brown, Lars Heidelberg | | File Size: | 4007 | | Last Modified: | Jul 23 19:44:55 2008 | | MD5 Checksum: | 535213a9fae7b8708f9e219a84119c62 |
|
| /// File Name: | AST-2008-011.txt | Description:
| Asterisk Project Security Advisory - An attacker may request an Asterisk server to send part of a firmware image. However, as this firmware download protocol does not initiate a handshake, the source address may be spoofed. Therefore, an IAX2 FWDOWNL request for a firmware file may consume as little as 40 bytes, yet produces a 1040 byte response. Coupled with multiple geographically diverse Asterisk servers, an attacker may flood an victim site with unwanted firmware packets. | | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 10634 | | Related CVE(s): | CVE-2008-3264 | | Last Modified: | Jul 23 19:43:03 2008 | | MD5 Checksum: | 2185fd4b6b919de751e6fe7c8aab32a1 |
|
| /// File Name: | AST-2008-010.txt | Description:
| Asterisk Project Security Advisory - By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG. | | Author: | Jeremy McNamara | | Homepage: | http://www.asterisk.org/security | | File Size: | 10633 | | Related CVE(s): | CVE-2008-3263 | | Last Modified: | Jul 23 19:41:47 2008 | | MD5 Checksum: | c3e6feb71c399d84d8dc74877ffc992c |
|
| /// File Name: | MDVSA-2008-154.txt | Description:
| Mandriva Linux Security Advisory - A vulnerability in xemacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by xemacs. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3385 | | Related CVE(s): | CVE-2008-2142 | | Last Modified: | Jul 23 19:39:45 2008 | | MD5 Checksum: | 02de82850dc988def1ef4ff9e0c8f68e |
|
| /// File Name: | MDVSA-2008-153.txt | Description:
| Mandriva Linux Security Advisory - A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8619 | | Related CVE(s): | CVE-2008-2142 | | Last Modified: | Jul 23 19:26:54 2008 | | MD5 Checksum: | 317520423f82ed3a15b919a528d64ba9 |
|
| /// File Name: | MDVSA-2008-152.txt | Description:
| Mandriva Linux Security Advisory - A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7468 | | Related CVE(s): | CVE-2008-3145 | | Last Modified: | Jul 23 19:26:33 2008 | | MD5 Checksum: | 9deb077f278a874b21006d319120b3bb |
|
| /// File Name: | joomlamamml-upload.txt | Description:
| The Joomla Mamml component suffers from a remote file disclosure vulnerability. | | Author: | e.wiZz! | | File Size: | 627 | | Last Modified: | Jul 23 19:26:13 2008 | | MD5 Checksum: | 0a4d3aebca4602e890770992430bc74c |
|
| /// File Name: | mysql_injection.pdf | Description:
| Whitepaper discussing techniques for MySQL related SQL injection. Written in Spanish. | | Author: | ka0x | | File Size: | 316847 | | Last Modified: | Jul 23 19:24:09 2008 | | MD5 Checksum: | bd8ca795f2acde98ec699e5686fdc77f |
|
| /// File Name: | oss-bypass.txt | Description:
| Outpost Security Suite Pro version 2009 suffers from multiple bypass vulnerabilities when using special characters. | | Author: | Juan Pablo Lopez Yacubian | | File Size: | 2287 | | Last Modified: | Jul 23 19:21:59 2008 | | MD5 Checksum: | 7570d3a72f5096b9588136427c83cebc |
|
| /// File Name: | PR08-16.txt | Description:
| Moodle versions 1.7.4 and below suffer from a cross site request forgery vulnerability. | | Homepage: | http://www.procheckup.com/ | | File Size: | 4631 | | Last Modified: | Jul 23 19:20:03 2008 | | MD5 Checksum: | 3a664b6adfa3d72f4d9f2a8baec3e8ec |
|
| /// File Name: | PR08-13.txt | Description:
| A cross site scripting vulnerability exists in Moodle versions 1.7.4 and below. | | Homepage: | http://www.procheckup.com/ | | File Size: | 2955 | | Last Modified: | Jul 23 19:18:13 2008 | | MD5 Checksum: | 2c780311bb56dbfd1b088e81afe2297d |
|
| /// File Name: | CS-2008-2.txt | Description:
| SocialEngine versions below 2.83 suffer from an input validation vulnerability that allows for client take over. | | Author: | Tim Loshak | | File Size: | 1341 | | Last Modified: | Jul 23 19:16:38 2008 | | MD5 Checksum: | cd06e8756e37818b845ccfa76907f968 |
|
| /// File Name: | FGA-2008-16-3.txt | Description:
| EMC Dantz Retrospect 7 Backup Server version 7.5.508 suffers from a weak password hash arithmetic vulnerability in the authentication module. | | Author: | Zhenhua Liu | | Homepage: | http://www.fortinet.com/ | | File Size: | 2366 | | Last Modified: | Jul 23 19:08:16 2008 | | MD5 Checksum: | 0e4381d6c4e9206769d3e16fded8c491 |
|
| /// File Name: | presurveypoll-sql.txt | Description:
| Pre Survey Poll suffers from a SQL injection vulnerability in default.asp. | | Author: | DreamTurk | | File Size: | 723 | | Last Modified: | Jul 23 18:49:39 2008 | | MD5 Checksum: | 4c8cc48caee75fdfa46bf471483ffa69 |
|
| /// File Name: | ezwebalbum-cookie.txt | Description:
| EZWebAlbum suffers from an insecure cookie handling vulnerability that allows anyone to be an administrator. | | Author: | hadihadi | | Homepage: | http://www.virangar.org/ | | File Size: | 1539 | | Last Modified: | Jul 23 18:48:56 2008 | | MD5 Checksum: | dd69a0f4eeaba3414e0cf5efa2ed5988 |
|
| /// File Name: | minix-dos.txt | Description:
| Minix version 3.1.2a suffers from a tty panic local denial of service vulnerability. | | Author: | kokanin | | File Size: | 577 | | Last Modified: | Jul 23 18:47:56 2008 | | MD5 Checksum: | a22651fcf1856f9932203452a358dc4e |
|
| /// File Name: | intellitamper207-exec.txt | Description:
| IntelliTamper version 2.07 server header remote code execution exploit. | | Author: | Koshi | | File Size: | 3030 | | Last Modified: | Jul 23 18:46:53 2008 | | MD5 Checksum: | 74a2288e27182326674ac87efbcd2952 |
|
| /// File Name: | intellitamper207-overflow.c | Description:
| IntelliTamper version 2.0.7 html parser remote buffer overflow exploit. | | Author: | r0ut3r | | File Size: | 3008 | | Last Modified: | Jul 23 18:45:59 2008 | | MD5 Checksum: | 88adf11e2c77e652031d76ddfa50908f |
|
| /// File Name: | dns-writeup.txt | Description:
| Interesting write up discussing DNS cache poisoning then and now. | | Author: | Monsieur Aglie | | File Size: | 10778 | | Last Modified: | Jul 22 20:57:32 2008 | | MD5 Checksum: | a0d975e9261838a800c2ee206625f579 |
|
| /// File Name: | USN-627-1.txt | Description:
| Ubuntu Security Notice 627-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 2579 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 22 14:01:41 2008 | | MD5 Checksum: | 0b11fe1d320f9ebc0ce03f99670eab53 |
|
| /// File Name: | DSECRG-08-032.txt | Description:
| Claroline eLearning and eWorking Platform version 1.8.10 suffers from cross site scripting vulnerabilities. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 2842 | | Last Modified: | Jul 22 14:01:02 2008 | | MD5 Checksum: | f71ed888ac06312f64ea478ffcfbd3f2 |
|
| /// File Name: | dsa-1613-1.txt | Description:
| Debian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues: | | Homepage: | http://www.debian.org/security | | File Size: | 13291 | | Related CVE(s): | CVE-2007-3476, CVE-2007-3477, CVE-2007-3996, CVE-2007-2445 | | Last Modified: | Jul 22 13:59:59 2008 | | MD5 Checksum: | f8c950a3139d1a9b9ffb7c36183f28f7 |
|
| /// File Name: | MDVSA-2008-151.txt | Description:
| Mandriva Linux Security Advisory - A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6918 | | Related CVE(s): | CVE-2008-1767 | | Last Modified: | Jul 22 13:59:37 2008 | | MD5 Checksum: | 1bcd643704c45767fa68f8d446802e52 |
|
| /// File Name: | sipwitch-0.2.2.tar.gz | Description:
| GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate. | | Author: | David Sugar | | Homepage: | http://www.gnutelephony.org/ | | Changes: | Introduction of cgi control interface, server state support and use of state.xml config to set state properties, and more. | | File Size: | 434481 | | Last Modified: | Jul 22 13:46:03 2008 | | MD5 Checksum: | e9f61984910512e70c5c4f354ebefb9f |
|
| /// File Name: | shopcartdx-sql.txt | Description:
| ShopCartDx version 4.30 suffers from a remote SQL injection vulnerability. | | Author: | Cr@zy_King | | File Size: | 450 | | Last Modified: | Jul 22 13:38:51 2008 | | MD5 Checksum: | f0f09d010d615e954dc6bfdb548ae189 |
|
| /// File Name: | youtubeblog-rfisqlxss.txt | Description:
| YouTube Blog version 0.1 suffers from remote file inclusion, SQL injection, and cross site scripting vulnerabilities. | | Author: | unohope | | Homepage: | http://www.chroot.org/ | | File Size: | 1361 | | Last Modified: | Jul 22 13:38:13 2008 | | MD5 Checksum: | 9c83470e6b3fb9d7f64df17a816bc054 |
|
| /// File Name: | intellitamper-overflow.txt | Description:
| IntelliTamper version 2.0.7 html parser remote buffer overflow exploit. | | Author: | Guido Landi | | File Size: | 1934 | | Last Modified: | Jul 22 13:37:17 2008 | | MD5 Checksum: | 768f68895d134f16b4510549cd649793 |
|
| /// File Name: | modjk1219-overflow.txt | Description:
| Apache mod_jk version 1.2.19 remote buffer overflow exploit for win32. | | Author: | unohope | | Homepage: | http://www.chroot.org/ | | File Size: | 6190 | | Last Modified: | Jul 22 13:36:06 2008 | | MD5 Checksum: | 53fca1af8a7eee242ef26ee3bac1db44 |
|
| /// File Name: | zdaemonull.zip | Description:
| ZDaemon version 1.08.07 denial of service exploit that makes use of a NULL pointer vulnerability. | | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related File: | zdaemonull.txt | | File Size: | 489489 | | Last Modified: | Jul 21 18:18:59 2008 | | MD5 Checksum: | 5f9b6541fd39cf4504ce5850fe7e2902 |
|
| /// File Name: | zdaemonull.txt | Description:
| ZDaemon version 1.08.07 suffers from a NULL pointer vulnerability that allows for a denial of service. | | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | zdaemonull.zip | | File Size: | 1652 | | Last Modified: | Jul 21 18:17:27 2008 | | MD5 Checksum: | 8c85d8ec22bbb9062cb114f68f5402b1 |
|
| /// File Name: | glsa-200807-12.txt | Description:
| Gentoo Linux Security Advisory GLSA 200807-12 - bannedit reported a boundary error when handling overly long IRC MODE messages (CVE-2007-4584). Nico Golde reported an insecure creation of a temporary file within the e_hostname() function (CVE-2007-5839). Versions less than or equal to 1.1-r4 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3594 | | Related CVE(s): | CVE-2007-4584, CVE-2007-5839 | | Last Modified: | Jul 21 18:08:23 2008 | | MD5 Checksum: | 8100eca3c7360f4b84b412bf7550fda5 |
|
| /// File Name: | DSEGRG-08-31.txt | Description:
| Interact E-Learning System version 2.4.1 suffers from a local file inclusion vulnerability in help/help.php. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 2242 | | Last Modified: | Jul 21 18:06:52 2008 | | MD5 Checksum: | ccda3be106036a8fbfe5b9e8eace4a84 |
|
| /// File Name: | FGA-2008-16-2.txt | Description:
| EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a NULL pointer reference denial of service vulnerability. | | Author: | Zhenhua Liu | | Homepage: | http://www.fortinet.com/ | | File Size: | 2475 | | Last Modified: | Jul 21 18:04:08 2008 | | MD5 Checksum: | 812c10b6dc3e756242463147b8c58022 |
|
| /// File Name: | FGA-2008-16.txt | Description:
| EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a plaintext password hash disclosure vulnerability. | | Author: | Zhenhua Liu | | Homepage: | http://www.fortinet.com/ | | File Size: | 2562 | | Last Modified: | Jul 21 18:00:23 2008 | | MD5 Checksum: | cbb194fe670583886c0eed55f04e9339 |
|
| /// File Name: | html5whitepaper.pdf | Description:
| Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted. | | Author: | Alberto Trivero | | Homepage: | http://www.codebug.org | | File Size: | 572736 | | Last Modified: | Jul 21 17:56:20 2008 | | MD5 Checksum: | cd342087438c5a1b591b57870b770d41 |
|
| /// File Name: | mojoauto-sql.txt | Description:
| MojoAuto remote blind SQL injection exploit that leverages mojoAuto.cgi. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2936 | | Last Modified: | Jul 21 17:47:35 2008 | | MD5 Checksum: | d04691ad559e33cbbc59249c39579e5c |
|
| /// File Name: | mojojobs-sql.txt | Description:
| MojoJobs remote blind SQL injection exploit that leverages mojoJobs.cgi. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2924 | | Last Modified: | Jul 21 17:46:46 2008 | | MD5 Checksum: | 461b2c496a611ce5d039516b65ed8f42 |
|
| /// File Name: | mojopersonals-sql.txt | Description:
| MojoPersonals remote blind SQL injection exploit that leverages mojoClassified.cgi. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2931 | | Last Modified: | Jul 21 17:45:46 2008 | | MD5 Checksum: | f959e63710a57694341471469007bb5e |
|
| /// File Name: | glsa-200807-11.txt | Description:
| Gentoo Linux Security Advisory GLSA 200807-11 - Nico Golde reported a boundary error in the HTTP::getAuthUserPass() function when processing overly long HTTP Basic authentication requests. Versions less than 0.1218-r1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2849 | | Related CVE(s): | CVE-2008-2040 | | Last Modified: | Jul 21 17:28:36 2008 | | MD5 Checksum: | d1146df456660d542131ae60286a71a2 |
|
| /// File Name: | glsa-200807-10.txt | Description:
| Gentoo Linux Security Advisory GLSA 200807-10 - Matthijs Kooijman reported that the make_catalog_backup script uses the MySQL password as a command line argument when invoking other programs. Versions less than 2.4.1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2985 | | Related CVE(s): | CVE-2007-5626 | | Last Modified: | Jul 21 17:28:26 2008 | | MD5 Checksum: | 57f7c6379386e1685d50979f5ad3bd27 |
|
| /// File Name: | flip-rfi.txt | Description:
| Flip version 3.0 Final suffers from a remote file inclusion vulnerability. | | Author: | Cru3l.b0y | | Homepage: | http://www.deltahacking.ir/ | | File Size: | 1302 | | Last Modified: | Jul 21 17:28:07 2008 | | MD5 Checksum: | d13f757136b40e5a611448dcc02595fc |
|
| /// File Name: | arctic-sql.txt | Description:
| Arctic Issue Tracker version 2.0.0 remote SQL injection exploit that leverages index.php. | | Author: | ldma | | File Size: | 1983 | | Last Modified: | Jul 21 17:26:11 2008 | | MD5 Checksum: | b1f23ea989e1c019d664862d1792ab38 |
|
| /// File Name: | hifriend-xploit.txt | Description:
| hifriend.pl from Hibyte Software remote header injection exploit. | | Homepage: | http://www.DarK-CodeZ.com/ | | File Size: | 2297 | | Last Modified: | Jul 21 17:22:56 2008 | | MD5 Checksum: | b152ef48279d9317cf263588b84de23b |
|
| /// File Name: | myreview-disclose.txt | Description:
| The MyReview web application versions 1.9.9 and below and 2.0 Beta suffer from a mishandling of submissions allowing for unintended downloads of said data. | | Author: | Julien Thomas | | File Size: | 2862 | | Related CVE(s): | CVE-2008-3671 | | Last Modified: | Jul 21 17:20:22 2008 | | MD5 Checksum: | 3ed420fa8cc49cfcddd0d8c4764a1f05 |
|
| /// File Name: | maranphp-xss.txt | Description:
| Maran PHP Blog suffers from a cross site scripting vulnerability. | | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 1543 | | Last Modified: | Jul 21 17:11:48 2008 | | MD5 Checksum: | 555d84a35e490b3c45a7e77a177aed91 |
|
| /// File Name: | hrsmulti-sql.txt | Description:
| HRS Multi blind SQL injection exploit that makes use of picture_pic_bv.asp. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 3171 | | Last Modified: | Jul 21 17:11:00 2008 | | MD5 Checksum: | e8b51069e112a014af886b27d46e9a6a |
|
| /// File Name: | aproxcms-sql.txt | Description:
| Aprox CMS Engine version 5.1.0.4 suffers from a SQL injection vulnerability in index.php. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1555 | | Last Modified: | Jul 21 17:10:17 2008 | | MD5 Checksum: | 60bae2c0e5cb41e155f3fdd71b457b85 |
|
| /// File Name: | oracleidir-dos.txt | Description:
| Oracle Internet Directory version 10.1.4 remote pre-authentication denial of service exploit. | | Author: | Joxean Koret | | File Size: | 2771 | | Related CVE(s): | CVE-2008-2595 | | Last Modified: | Jul 21 17:09:31 2008 | | MD5 Checksum: | 328398ed786610a0e7c3c68a90cbac8b |
|
| /// File Name: | oracleuntrust-local.txt | Description:
| Oracle 10g R2 and Oracle 11g suffers from a local root compromise vulnerable via the extjob binary. | | Author: | Joxean Koret | | File Size: | 3833 | | Related CVE(s): | CVE-2008-2613 | | Last Modified: | Jul 21 17:07:34 2008 | | MD5 Checksum: | 3a19a5731f94ea904531a9aee0a3f8c6 |
|
| /// File Name: | MDVSA-2008-150.txt | Description:
| Mandriva Linux Security Advisory - Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code. a denial of service via a special Hello packet. Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10153 | | Related CVE(s): | CVE-2008-0226, CVE-2008-0227, CVE-2008-2079 | | Last Modified: | Jul 21 15:49:13 2008 | | MD5 Checksum: | 07351dd07cd3e2a27d6bac3909ab4c6f |
|
| /// File Name: | MDVSA-2008-149.txt | Description:
| Mandriva Linux Security Advisory - Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4893 | | Related CVE(s): | CVE-2008-2079 | | Last Modified: | Jul 21 15:48:59 2008 | | MD5 Checksum: | 2bdc41c71cf2f26c4859d39710d22810 |
|
| /// File Name: | easypublish-sqlxssdisclose.txt | Description:
| EasyPublish 3.0tr remote cross site scripting, SQL injection, and file disclosure exploit. | | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 5498 | | Last Modified: | Jul 21 15:47:55 2008 | | MD5 Checksum: | ad2d339e9b8b2d6309b73735501ea17c |
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
