Section: .. / Last 100 Files /
| /// File Name: | winxpcalc-shellcode.txt | Description:
| 36 bytes small Microsoft Windows XP Professional SP2 Italian calc.exe shellcode. | | Author: | Stoke | | File Size: | 494 | | Last Modified: | Mar 11 20:58:18 2010 | | MD5 Checksum: | 876b6183e3a9c1a2ab177c4d77e25567 |
|
| /// File Name: | 03.11.10-1.txt | Description:
| iDefense Security Advisory 03.11.10 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Google Chrome 3.0.195.38 and Safari 4.0.4. Previous versions are suspected to be vulnerable. A full list of affected Apple products can be found in Security Advisory APPLE-SA-2010-03-11-1 Safari 4.0.5. | | Author: | iDefense Labs,wushi | | Homepage: | http://www.idefense.com/ | | File Size: | 4088 | | Related CVE(s): | CVE-2010-0040 | | Last Modified: | Mar 11 20:21:21 2010 | | MD5 Checksum: | eff6f9943174490b261bb46a955f26ee |
|
| /// File Name: | joomlaparty-sql.txt | Description:
| The Joomla Party component suffers from a remote SQL injection vulnerability. | | Author: | DevilZ TM | | File Size: | 1414 | | Last Modified: | Mar 11 20:17:50 2010 | | MD5 Checksum: | ce0ae8f9f4d45eac2a4590beaa1ab368 |
|
| /// File Name: | joomlacolor-sql.txt | Description:
| The Joomla Color component suffers from a remote SQL injection vulnerability. | | Author: | DevilZ TM | | File Size: | 1449 | | Last Modified: | Mar 11 20:15:51 2010 | | MD5 Checksum: | 3c362e6cffb1716902544ae975b04d16 |
|
| /// File Name: | joomlagigfe-sql.txt | Description:
| The Joomla Gigfe component suffers from a remote SQL injection vulnerability. | | Author: | DevilZ TM | | File Size: | 1450 | | Last Modified: | Mar 11 20:15:09 2010 | | MD5 Checksum: | 0cf4a909a3dbcd6e06df2fd42a318bdf |
|
| /// File Name: | joomlaproducts-sql.txt | Description:
| The Joomla Product component suffers from a remote SQL injection vulnerability. | | Author: | N2n-Hacker | | File Size: | 1246 | | Last Modified: | Mar 11 20:13:22 2010 | | MD5 Checksum: | 3c2bc1bbd54f4f9e4464b14d056dc94a |
|
| /// File Name: | samagraph-sql.txt | Description:
| Samagraph CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | K053 | | File Size: | 747 | | Last Modified: | Mar 11 20:10:50 2010 | | MD5 Checksum: | a1de667bb9dd361924e1e3179944d19d |
|
| /// File Name: | nuxkeylogger0.0.1.c | Description:
| Nux Keylogger monitors keyboard activity on a Linux system. It's possible to hide and daemonize this process and it supports azerty and qwerty keyboard modes. | | Author: | Vilmain Nicolas | | File Size: | 8842 | | Last Modified: | Mar 11 20:07:37 2010 | | MD5 Checksum: | b1722e529843adb0f24d54309479dd36 |
|
| /// File Name: | dsa-2013-1.txt | Description:
| Debian Linux Security Advisory 2013-1 - Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 7435 | | Last Modified: | Mar 11 18:22:49 2010 | | MD5 Checksum: | 97f5f98b2702c940fec433fe369eccb6 |
|
| /// File Name: | samhain-2.6.3.tar.gz | Description:
| Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris. | | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes a regression in the email module which caused messages of the highest priority to be queued along with lower priority messages, instead of being mailed immediately. | | File Size: | 1908972 | | Last Modified: | Mar 10 15:06:36 2010 | | MD5 Checksum: | d0b25c09bad153304f4aadba4b449c0e |
|
| /// File Name: | MDVSA-2010-061.txt | Description:
| Mandriva Linux Security Advisory 2010-061 - sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8905 | | Related CVE(s): | CVE-2010-0790, CVE-2010-0791 | | Last Modified: | Mar 11 17:30:57 2010 | | MD5 Checksum: | 8eddb3ad2d5d24403b0b99e52c566d3b |
|
| /// File Name: | ZDI-10-027.txt | Description:
| Zero Day Initiative Advisory 10-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments to Skype through the registered 'skype:' protocol handler. Insufficient sanity checking to the /datapath argument allows an attacker to construct a link that will execute Skype with arbitrary arguments. This can be abused to specify a remote configuration storage directory which can be leveraged to glean target user credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3574 | | Last Modified: | Mar 11 17:29:44 2010 | | MD5 Checksum: | a5b3d84df1886a5f304313233a95f00f |
|
| /// File Name: | ZDI-10-028.txt | Description:
| Zero Day Initiative Advisory 10-028 - This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handling of the 'skype-plugin:' protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3137 | | Last Modified: | Mar 11 17:29:18 2010 | | MD5 Checksum: | 793f05951ab9ec0a9302555f95d6603b |
|
| /// File Name: | eroserotikwebkat-sql.txt | Description:
| Eros Erotik Webkatalog suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1748 | | Last Modified: | Mar 11 17:27:39 2010 | | MD5 Checksum: | ae621f66ffcba455b27d5cdf9ad07b63 |
|
| /// File Name: | atutor-xss.txt | Description:
| ATutor version 1.6.4 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 1001 | | Last Modified: | Mar 11 17:26:45 2010 | | MD5 Checksum: | 6eb8260401fb838bd22c79acf9a71cd6 |
|
| /// File Name: | skype-input.txt | Description:
| Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution. | | Author: | Paul Craig | | Homepage: | http://www.security-assessment.com/ | | File Size: | 5783 | | Last Modified: | Mar 11 17:17:27 2010 | | MD5 Checksum: | 0a20a3178c435cdde8c2ce8645f77c7b |
|
| /// File Name: | ms10_002_aurora.rb.txt | Description:
| This Metasploit module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the "Operation Aurora" attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited. | | Homepage: | http://www.metasploit.com | | File Size: | 5377 | | Related OSVDB(s): | 61697 | | Related CVE(s): | CVE-2010-0249 | | Last Modified: | Mar 11 17:15:45 2010 | | MD5 Checksum: | e10bb1dd4089bb4b0d4a689573918f4d |
|
| /// File Name: | ane-xsrf.txt | Description:
| ANE CMS version 1 suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 2188 | | Last Modified: | Mar 11 11:26:29 2010 | | MD5 Checksum: | 75931499966409c4e4d5bd37b38f2270 |
|
| /// File Name: | ane-xss.txt | Description:
| ANE CMS version 1 suffers from a cross site scripting vulnerability. | | Author: | Pratul Agrawal | | File Size: | 11204 | | Last Modified: | Mar 11 11:25:29 2010 | | MD5 Checksum: | baaa652f16f1938c75702a9aace1a1d5 |
|
| /// File Name: | USN-909-1.txt | Description:
| Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11987 | | Related CVE(s): | CVE-2010-0396 | | Last Modified: | Mar 11 11:24:59 2010 | | MD5 Checksum: | 7d4e4c416e8850722bfebfb1f166c1df |
|
| /// File Name: | abton-sql.txt | Description:
| Abton CMS suffers from a remote SQL injection vulnerability. | | Author: | MustLive | | File Size: | 1385 | | Last Modified: | Mar 11 11:24:15 2010 | | MD5 Checksum: | 52f6b36dba1fbd3b137ebb090d43ddf1 |
|
| /// File Name: | dsa-2011-1.txt | Description:
| Debian Linux Security Advisory 2011-1 - William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 7029 | | Related CVE(s): | CVE-2010-0396 | | Last Modified: | Mar 11 11:23:39 2010 | | MD5 Checksum: | c4b2f418358eb264d4bb4d72a3b63d6a |
|
| /// File Name: | MDVSA-2010-060.txt | Description:
| Mandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5924 | | Related CVE(s): | CVE-2010-0639 | | Last Modified: | Mar 10 21:34:20 2010 | | MD5 Checksum: | 414b8437f31d74850426f8a525a3e1e8 |
|
| /// File Name: | cookiemonster_v1.6.zip | Description:
| Cookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible. | | Author: | Tom Neaves | | Homepage: | http://www.tomneaves.com/ | | File Size: | 3450 | | Last Modified: | Mar 10 21:31:44 2010 | | MD5 Checksum: | c8965e9b954a6b7684b304c5e80a7dda |
|
| /// File Name: | super-vulns.tgz | Description:
| SUPERAntiSpyware and Super Ad Blocker have almost identical device drivers in order to set up hooks and perform other duties from kernel space. These device drivers suffer from lack of validation of parameters passed from user mode. Additionally, some of the functions accessible from user mode are inherently insecure and lead to easy privilege escalation. All vulnerabilities are applicable to both applications. Proof of concept code included with full advisory. | | Author: | Luka Milkovic | | File Size: | 33557 | | Last Modified: | Mar 10 21:30:19 2010 | | MD5 Checksum: | 3170b366c6223e86743528719242746a |
|
| /// File Name: | joomlaabout-sql.txt | Description:
| The Joomla About component suffers from a remote SQL injection vulnerability. | | Author: | Snakespc | | File Size: | 866 | | Last Modified: | Mar 10 21:27:25 2010 | | MD5 Checksum: | 75053d91412433bd2af46e8bc384850d |
|
| /// File Name: | USN-908-1.txt | Description:
| Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 38935 | | Related CVE(s): | CVE-2010-0408, CVE-2010-0434 | | Last Modified: | Mar 10 21:26:31 2010 | | MD5 Checksum: | c325fa7847fc469032e3592c119cde4f |
|
| /// File Name: | MDVSA-2010-059.txt | Description:
| Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 18565 | | Related CVE(s): | CVE-2009-3940 | | Last Modified: | Mar 10 21:26:09 2010 | | MD5 Checksum: | 48a4c84f6d63d9b13bd485a788bc892d |
|
| /// File Name: | secunia-xnviewdicom.txt | Description:
| Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4126 | | Related CVE(s): | CVE-2009-4001 | | Last Modified: | Mar 10 21:23:39 2010 | | MD5 Checksum: | 06aae772fe010c07ca5d04fd20ac13e2 |
|
| /// File Name: | excel-codeexec.txt | Description:
| VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed "EntExU2" records in an Excel document, which could be exploited by attackers to execute arbitrary code. | | Author: | Nicolas JOLY | | Homepage: | http://www.vupen.com/ | | File Size: | 2681 | | Related CVE(s): | CVE-2010-0257 | | Last Modified: | Mar 10 21:21:05 2010 | | MD5 Checksum: | f66a1be4abfb1a54cae69d7791394e13 |
|
| /// File Name: | ie_iepeers_pointer.rb.txt | Description:
| This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected. | | Author: | Trancer | | Homepage: | http://www.metasploit.com | | File Size: | 4796 | | Related OSVDB(s): | 62810 | | Related CVE(s): | CVE-2010-0806 | | Last Modified: | Mar 10 21:18:10 2010 | | MD5 Checksum: | 148df6b886dc2dbed56a1580848c30f7 |
|
| /// File Name: | phpcityportal-sqlrfi.txt | Description:
| PHPCityPortal suffers from remote file inclusion and SQL injection vulnerabilities. | | Author: | R3d-D3v!L | | File Size: | 1751 | | Last Modified: | Mar 10 21:13:59 2010 | | MD5 Checksum: | b3cf8067188dddf195e8aa0379efcb9a |
|
| /// File Name: | Botan-1.9.4.tgz | Description:
| Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. | | Homepage: | http://botan.randombit.net/ | | Changes: | This version adds a SSLv3/TLSv1.0 implementation, the GOST 34.10-2001 signature scheme, and the XSalsa20 stream cipher. New countermeasures against fault attacks on signature schemes are included. New SIMD optimizations for the IDEA and Noekeon block ciphers are available, and CBC and XTS modes can now make use of cipher implementations that use SIMD. A SQLite-like amalgamation option is now available, making botan very easy to distribute in applications. The dependency on TR1 for ECC has been removed, making ECDSA/ECDH available on Windows and with older compilers. | | File Size: | 3415352 | | Last Modified: | Mar 10 11:10:20 2010 | | MD5 Checksum: | 8ff9f7929b05295e9701adf1c8859a32 |
|
| /// File Name: | gnupg-2.0.15.tar.bz2 | Description:
| GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. | | Homepage: | http://www.gnupg.org | | Changes: | A regression in 2.0.14 which prevented unprotection of new or changed gpg-agent passphrases was fixed. A new command "--passwd" was added. libassuan 2.0 is now used. | | File Size: | 3976879 | | Last Modified: | Mar 10 11:08:27 2010 | | MD5 Checksum: | c1286e85b66349879dc4b760dd83e2f1 |
|
| /// File Name: | fwbuilder-4.0.0.tar.gz | Description:
| Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists. | | Homepage: | http://www.fwbuilder.org | | Changes: | This is a major upgrade. It comes with support for high availability firewall configurations, including heartbeat, vrrpd, keepalived, and conntrackd on Linux, CARP and pfsync on OpenBSD, and PIX failover configuration. It can generate configuration scripts to manage IP addresses, VLAN, bridge, and bonding interfaces on the firewall. Drop-in support for OpenWRT firewall script is now available, as well as experimental integration with IPCOP firewall appliances. The has supports undo and redo of unlimited depth and was generally streamlined and improved. | | File Size: | 5275041 | | Last Modified: | Mar 10 11:03:43 2010 | | MD5 Checksum: | 211788146729375d450756f104441068 |
|
| /// File Name: | anantasoft-xsrf.txt | Description:
| Anantasoft Gazelle CMS suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 2808 | | Last Modified: | Mar 10 10:59:29 2010 | | MD5 Checksum: | dad820e563724bc7b8c491876c9048fa |
|
| /// File Name: | secunia-etsdisclose.txt | Description:
| Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the "mysqldump" utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4385 | | Related CVE(s): | CVE-2010-0124 | | Last Modified: | Mar 10 10:57:24 2010 | | MD5 Checksum: | 5c55f50ca9c91dbe8978a3bb60746a6c |
|
| /// File Name: | secunia-etssql.txt | Description:
| Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4407 | | Related CVE(s): | CVE-2010-0122 | | Last Modified: | Mar 10 10:55:45 2010 | | MD5 Checksum: | 97deca06ff6efb5d59e274ff9355eacb |
|
| /// File Name: | notepadpoc.zip | Description:
| The MS HTML Help control activex is prone to a remote CHM help file hijack vulnerability when applications invoke help. Multiple built-in applications are vulnerable to this. The impact of the vulnerability is the loading of the incorrect CHM help file when it resides in the same directory the application invoking help starts in. This proof of concept exploit leverages Notepad to demonstrate the vulnerability. | | Author: | Eduardo Prado | | File Size: | 28918 | | Last Modified: | Mar 10 10:51:10 2010 | | MD5 Checksum: | 3f0edb83fb8c525b3c7a93556ab16cc7 |
|
| /// File Name: | tarcpio-overflow.txt | Description:
| GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected. | | Author: | Jakob Lell | | File Size: | 5110 | | Related CVE(s): | CVE-2010-0624 | | Last Modified: | Mar 10 10:48:29 2010 | | MD5 Checksum: | f12725e9c18845e64dcff526a6f7d29f |
|
| /// File Name: | ispcp-rfi.txt | Description:
| ispCP Omega versions 1.0.4 and below suffer from a remote file inclusion vulnerability. | | Author: | cr4wl3r | | File Size: | 2068 | | Last Modified: | Mar 10 10:47:10 2010 | | MD5 Checksum: | 1ecfa63512e948355cf15fd528e4c374 |
|
| /// File Name: | secunia-etsb.txt | Description:
| Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4397 | | Related CVE(s): | CVE-2010-0123 | | Last Modified: | Mar 10 10:44:55 2010 | | MD5 Checksum: | 691c19edbe543e11cd7b2a8326ea3cd9 |
|
| /// File Name: | softbizjobsrecruitment-sql.txt | Description:
| Softbiz Jobs and Recruitment script suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1605 | | Last Modified: | Mar 10 10:42:00 2010 | | MD5 Checksum: | a2b901cd5a4520daee9be76aab46b150 |
|
| /// File Name: | campsite-xsrf.txt | Description:
| Campsite version 3.3.5 suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 1620 | | Last Modified: | Mar 10 10:22:41 2010 | | MD5 Checksum: | 02c5f2f26afd7f5d5c3d519bb791a6fe |
|
| /// File Name: | 03.09.10-4.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3817 | | Related CVE(s): | CVE-2010-0260 | | Last Modified: | Mar 10 10:20:50 2010 | | MD5 Checksum: | 361cae51b434d20705f58c6f7cde7793 |
|
| /// File Name: | 03.09.10-3.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3813 | | Related CVE(s): | CVE-2010-0261 | | Last Modified: | Mar 10 10:19:19 2010 | | MD5 Checksum: | fcd3d4df59f6a8656e954ecae6950e45 |
|
| /// File Name: | 03.09.10-2.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs due to Excel using a local function variable without properly initializing it. This error occurs when parsing several related records inside of an Excel worksheet. When Excel parses certain records in a particular order, a stack variable may not be initialized properly. If an attacker can control the area of memory used for this variable, then it is possible to execute arbitrary code on the targeted host. iDefense has confirmed the existence of this vulnerability in Excel versions 2003 SP3, 2007 SP0, SP1, and SP3 . Previous versions do not appear to be affected. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3939 | | Related CVE(s): | CVE-2010-0262 | | Last Modified: | Mar 10 10:17:18 2010 | | MD5 Checksum: | 4c6d869c98aaa46c8b7d0dec92b565e3 |
|
| /// File Name: | 60cyclecms-xss.txt | Description:
| 60cycleCMS suffers from a cross site scripting vulnerability. | | Author: | Pratul Agrawal | | File Size: | 3606 | | Last Modified: | Mar 10 10:15:49 2010 | | MD5 Checksum: | 47b9959eebc266e101924d1fd6e37482 |
|
| /// File Name: | 03.09.10-1.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is a type confusion vulnerability that occurs when parsing several related Excel record types. In this case, the type confusion is due to multiple records containing fields that identify the type of an object shared between them. By controlling memory outside of the bounds of the allocated heap chunk, an attacker can control a C++ object pointer used in a virtual function call. This can result in an area of memory being treated as a different type of object than it actually is, resulting in access outside of the bounds of the allocated object. iDefense has confirmed the existence of this vulnerability in all currently supported versions of Excel (2007 SP1/SP2, 2003 SP3, XP SP3), and also the currently unsupported Excel 2000 SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 4148 | | Related CVE(s): | CVE-2010-0258 | | Last Modified: | Mar 10 10:09:49 2010 | | MD5 Checksum: | bc5319861ff9ff807a6e7bfce8180ecb |
|
| /// File Name: | friendlytr69-sql.txt | Description:
| Friendly-Tech FriendlyTR69 CPE remote management version 2.8.9 suffers from a remote SQL injection vulnerability. | | Author: | Yaniv Miron | | File Size: | 1792 | | Last Modified: | Mar 10 10:08:22 2010 | | MD5 Checksum: | e9c939b6efcdae9fd324a8ff61d3f247 |
|
| /// File Name: | hydra-sqlxss.txt | Description:
| Hydra CMS suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | MustLive | | File Size: | 1083 | | Last Modified: | Mar 10 10:07:08 2010 | | MD5 Checksum: | 1e7bf05f74db4c8d6bb5c916597f23bf |
|
| /// File Name: | dsa-2009-1.txt | Description:
| Debian Linux Security Advisory 2009-1 - It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitizing in the TrackBack transmission plugin. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3903 | | Related CVE(s): | CVE-2010-0726 | | Last Modified: | Mar 10 10:04:15 2010 | | MD5 Checksum: | 17479d9fa7fc431d68a341d436fda6a2 |
|
| /// File Name: | TA10-068A.txt | Description:
| Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3802 | | Last Modified: | Mar 9 18:18:07 2010 | | MD5 Checksum: | 52a06df4c61def449f7f9c9f8bcad8b7 |
|
| /// File Name: | tor.uclibc.i686.20100309.iso | Description:
| Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. | | Author: | Anthony G. Basile | | Homepage: | http://opensource.dyc.edu/tor-ramdisk | | Changes: | Tor was updated to 0.2.1.24 and busybox to 1.15.3. The build scripts now allow the option of creating images with a fully featured busybox for debugging and a minimally configured busybox for production. | | File Size: | 4286464 | | Last Modified: | Mar 9 18:16:23 2010 | | MD5 Checksum: | 24b38d121c40ba789db06b32c48b1899 |
|
| /// File Name: | CORE-2009-1103.txt | Description:
| Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7741 | | Related CVE(s): | CVE-2010-0264 | | Last Modified: | Mar 9 18:13:44 2010 | | MD5 Checksum: | 3b4084cc3bd02ec3abcf8034a1cd52e2 |
|
| /// File Name: | CORE-2009-0813.txt | Description:
| Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12942 | | Related CVE(s): | CVE-2010-0265 | | Last Modified: | Mar 9 18:11:06 2010 | | MD5 Checksum: | c616fcba3c0a93ba3996a3ca8d8818b9 |
|
| /// File Name: | rivercms-sql.txt | Description:
| River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Pouya Daneshmand | | File Size: | 799 | | Last Modified: | Mar 9 18:07:52 2010 | | MD5 Checksum: | 3f9fd122e2c9c13cf36e4141986c3d46 |
|
| /// File Name: | MDVSA-2010-058.txt | Description:
| Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 62736 | | Last Modified: | Mar 9 18:06:23 2010 | | MD5 Checksum: | 07bda32325dbbfc3f66329dadbc38dc9 |
|
| /// File Name: | nusnewssystem-sql.txt | Description:
| NUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability. | | Author: | n3w7u | | File Size: | 695 | | Last Modified: | Mar 9 18:05:34 2010 | | MD5 Checksum: | 73b85126d9a72c43885fe8f5015285eb |
|
| /// File Name: | jevci-disclose.txt | Description:
| Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability. | | Author: | indoushka | | File Size: | 1920 | | Last Modified: | Mar 9 18:04:28 2010 | | MD5 Checksum: | 8dc51a5f030e969191a583ba8fb34d42 |
|
| /// File Name: | ZDI-10-026.txt | Description:
| Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3057 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 18:02:35 2010 | | MD5 Checksum: | 7e8b4a4e56efc310c9d29affb2ee9a3f |
|
| /// File Name: | mhproducts-sql.txt | Description:
| Mhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1994 | | Last Modified: | Mar 9 18:01:22 2010 | | MD5 Checksum: | d9ed3069eabcbca64dc161d3fca09550 |
|
| /// File Name: | easyftp.rb.txt | Description:
| This Metasploit module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability. | | Author: | Blake | | Homepage: | http://www.metasploit.com | | File Size: | 2263 | | Last Modified: | Mar 9 18:00:35 2010 | | MD5 Checksum: | d732ec3c57befe33133a22a93ffe3bc9 |
|
| /// File Name: | HPSBMA02489-SSRT090065.txt | Description:
| HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands. | | Homepage: | http://www.hp.com/ | | File Size: | 6868 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 17:50:54 2010 | | MD5 Checksum: | d32dd84a89acc0ff85800e4c96e86450 |
|
| /// File Name: | energizer_duo_payload.rb.txt | Description:
| This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger. | | Author: | H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 2841 | | Related CVE(s): | CVE-2010-0103 | | Last Modified: | Mar 9 17:50:14 2010 | | MD5 Checksum: | d6d4fbfd8adf2bc89ff2a66c568d2df7 |
|
| /// File Name: | orbital_viewer_orb.rb.txt | Description:
| This Metasploit module exploits a stack-based buffer overflow in David Manthey's Orbital Viewer. When processing .ORB files, data is read from file into a fixed-size stack buffer using the fscanf function. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an ORB file. | | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 2851 | | Related OSVDB(s): | 62580 | | Related CVE(s): | CVE-2010-0688 | | Last Modified: | Mar 9 17:49:56 2010 | | MD5 Checksum: | 5aa02439f41605543223cc94d1459d02 |
|
| /// File Name: | rsstatic-sql.txt | Description:
| Rsstatic suffers from a remote SQL injection vulnerability. | | Author: | Itsecteam | | File Size: | 498 | | Last Modified: | Mar 9 17:36:56 2010 | | MD5 Checksum: | 36b80b3567abad8055fcf5b5022ef709 |
|
| /// File Name: | uebimiauwebmail-disclose.txt | Description:
| Uebimiau Webmail version 3.2.0-2.0 suffers from a remote email disclosure vulnerability. | | Author: | R4vax,Z3r0c0re | | File Size: | 1018 | | Last Modified: | Mar 9 17:35:11 2010 | | MD5 Checksum: | d8986001128e37ed03e54a8e5d292448 |
|
| /// File Name: | aef-xss.txt | Description:
| AEF version 1.0.8 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 686 | | Last Modified: | Mar 9 17:33:09 2010 | | MD5 Checksum: | dc6f4907b92f1b05e661dc65bc490c7b |
|
| /// File Name: | ibmenovia-xss.txt | Description:
| IBM ENOVIA SmarTeam version 5 suffers from a cross site scripting vulnerability. | | Author: | Yaniv Miron | | File Size: | 1349 | | Last Modified: | Mar 9 17:31:44 2010 | | MD5 Checksum: | 44229551878fc0a868b16aae04f085eb |
|
| /// File Name: | wildcms-sql.txt | Description:
| WILD CMS suffers from a remote SQL injection vulnerability. | | Author: | Ariko-Security | | File Size: | 1066 | | Last Modified: | Mar 9 17:30:43 2010 | | MD5 Checksum: | f1c9b20b4b3deac6cdf7619762dfe050 |
|
| /// File Name: | eleanorcms-xss.txt | Description:
| Eleanor CMS version Rc5.1 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 694 | | Last Modified: | Mar 9 17:29:26 2010 | | MD5 Checksum: | c2139058f58f69cd7a9b7bf522bd98c7 |
|
| /// File Name: | ddlcms-xss.txt | Description:
| DDL CMS version 2.1 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 650 | | Last Modified: | Mar 9 17:28:15 2010 | | MD5 Checksum: | cee3294fc74b0d4bcf91e8420e6bdd73 |
|
| /// File Name: | ZDI-10-025.txt | Description:
| Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2575 | | Related CVE(s): | CVE-2010-0263 | | Last Modified: | Mar 9 16:44:29 2010 | | MD5 Checksum: | 345ea63cd930dcb5de4c5273d9c5df54 |
|
| /// File Name: | reverberation.c | Description:
| Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers. | | Author: | l0om | | Homepage: | http://www.excluded.org | | File Size: | 6896 | | Last Modified: | Mar 9 16:41:53 2010 | | MD5 Checksum: | 417ff5e37e88d914eff7eebf43090a98 |
|
| /// File Name: | Ravage.zip | Description:
| Ravage is a rogue DHCP server written in PHP. | | Author: | Nima Ghotbi | | Homepage: | http://h.ackerz.com/ | | File Size: | 2503 | | Last Modified: | Mar 9 16:29:14 2010 | | MD5 Checksum: | 2bc9aa4196308998346d25fdfa8dc4a0 |
|
| /// File Name: | phpfss-traversalxssupload.txt | Description:
| PHP File Sharing System version 1.5.1 suffers from cross site scripting, directory traversal and shell upload vulnerabilities. | | Author: | Blake | | File Size: | 1535 | | Last Modified: | Mar 9 16:28:09 2010 | | MD5 Checksum: | 78b5ecb1d5f83b46e7dec84be8a5407b |
|
| /// File Name: | jadclass-dos.txt | Description:
| JAD java decompiler .class file stack overflow denial of service exploit. | | Author: | l3D | | File Size: | 363 | | Last Modified: | Mar 9 16:26:09 2010 | | MD5 Checksum: | ac709c88a88cddfa178bacb66240a96b |
|
| /// File Name: | jadarg-crash.txt | Description:
| JAD java decompiler version 1.5.8g argument crash exploit. | | Author: | l3D | | File Size: | 568 | | Last Modified: | Mar 9 16:25:03 2010 | | MD5 Checksum: | aca219c4fc665d4afd1e8b0c699b29a8 |
|
| /// File Name: | reglookup-0.12.0.tar.gz | Description:
| RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. | | Author: | Timothy D. Morgan | | Homepage: | http://projects.sentinelchicken.org/reglookup/ | | Changes: | Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added. | | File Size: | 95483 | | Last Modified: | Mar 9 16:12:34 2010 | | MD5 Checksum: | 7fa5bd1f55f3f8345952bf6a03ef2e1a |
|
| /// File Name: | chaton-lfi.txt | Description:
| Chaton versions 1.5.2 and below suffer from a local file inclusion vulnerability. | | Author: | cr4wl3r | | File Size: | 2157 | | Last Modified: | Mar 8 21:12:31 2010 | | MD5 Checksum: | 302240f053a31a27d3f7bfa05133064f |
|
| /// File Name: | quickzip.py.txt | Description:
| QuickZip version 4.60 local buffer overflow proof of concept exploit that creates a malicious .zip file. This version does not have the egghunter. | | Author: | corelanc0d3r,mr_me | | File Size: | 3329 | | Last Modified: | Mar 8 21:10:35 2010 | | MD5 Checksum: | 855aae375aa00be2327a35c12ecd0a76 |
|
| /// File Name: | dsa-2008-1.txt | Description:
| Debian Linux Security Advisory 2008-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3554 | | Last Modified: | Mar 8 21:08:11 2010 | | MD5 Checksum: | c46bf7d8dec6a12a4086dae8214e55c0 |
|
| /// File Name: | quickzip0day.py.txt | Description:
| QuickZip version 4.60 local universal buffer overflow proof of concept exploit that creates a malicious .zip file. | | Author: | corelanc0d3r,mr_me | | File Size: | 4688 | | Last Modified: | Mar 8 21:06:12 2010 | | MD5 Checksum: | ab2f63007fd139e47124a3c8f10df8a5 |
|
| /// File Name: | dzauktionshaus-sql.txt | Description:
| DZ Auktionshaus V4.rgo suffers from a remote SQL injection vulnerability in news.php. | | Author: | Easy Laster | | File Size: | 1573 | | Last Modified: | Mar 8 21:02:28 2010 | | MD5 Checksum: | 789d93a66f94303162e11c587225bc02 |
|
| /// File Name: | codegate2010.txt | Description:
| The CodeGate 2010 Capture The Flag contest has been announced. It will take place from March 13th through the 14th. | | Homepage: | http://www.codegate.org/ | | File Size: | 1090 | | Last Modified: | Mar 8 20:59:09 2010 | | MD5 Checksum: | 1ba0dc6f2e6c77ddbd2268d15409c507 |
|
| /// File Name: | dev4u-sql.txt | Description:
| Dev4U CMS Personenseiten suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1684 | | Last Modified: | Mar 8 20:57:21 2010 | | MD5 Checksum: | 22fa1caa94c75599f1dc0f84e5712c1e |
|
| /// File Name: | opencart-sql.txt | Description:
| OpenCart version 1.3.2 suffers from a remote SQL injection vulnerability. | | Author: | Andres Gomez | | File Size: | 1609 | | Last Modified: | Mar 8 20:49:49 2010 | | MD5 Checksum: | bf6a6db84d6a93e312dfa8c340f9c457 |
|
| /// File Name: | khc_0.2.tar.gz | Description:
| Known Host Cracker (khc) is a small tool designed to recover hashed known_host files back to their plain-text equivalents. | | Author: | Benkei,Rembrandt | | File Size: | 8842 | | Last Modified: | Mar 8 16:57:49 2010 | | MD5 Checksum: | 00cea61517d93313c4a73cca64c0238e |
|
| /// File Name: | geoipgen-0.4.tar.gz | Description:
| GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries. | | Author: | Andrew Horton (urbanadventurer) | | Homepage: | http://www.morningstarsecurity.com/research/geoipgen | | Changes: | Faster and smaller memory usage. It now uses the fast-random algorithm by default instead of the bit-field method, Re-wrote README file, Simplified usage instructions. | | File Size: | 12332 | | Last Modified: | Mar 8 16:28:38 2010 | | MD5 Checksum: | edae9618c3413be8e380f1e10b5b91dd |
|
| /// File Name: | nessus-xmlrpc-0.3.tar.gz | Description:
| nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner. | | Author: | Vlatko Kosturjak | | Homepage: | http://rubyforge.org/projects/nessus-xmlrpc/ | | Changes: | Mostly speed improvements (will use keepalive and nokogiri if available). Support for some new functions. Better documentation. | | File Size: | 6371 | | Last Modified: | Mar 8 17:17:39 2010 | | MD5 Checksum: | 23bdc28e21bcf552777d338a9f54b94e |
|
| /// File Name: | lenovo-escalate.txt | Description:
| Lenovo laptops running the Hotkey Driver and Access Connections software versions 5.33 and below suffer from a privilege escalation vulnerability. Full exploitation details provided. | | Author: | Chilik Tamir | | File Size: | 3130 | | Last Modified: | Mar 8 17:14:44 2010 | | MD5 Checksum: | 197dc1c38c9c66cd38cc4d3ffe457f76 |
|
| /// File Name: | openssh-5.4p1.tar.gz | Description:
| This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. | | Author: | Damien Miller | | Homepage: | http://www.openssh.com/ | | Changes: | This is a major feature and bugfix release. Major changes include disabling SSH protocol 1 by default, removal of legacy OpenSC/libsectok smartcard support, addition of PKCS#11 support, introduction of a new certificate authentication method for users and hosts, revised session multiplexing code, many improvements to sftp from the Google Summer of Code 2009, and lots of bugfixes. | | File Size: | 1094604 | | Last Modified: | Mar 8 17:09:53 2010 | | MD5 Checksum: | da10af8a789fa2e83e3635f3a1b76f5e |
|
| /// File Name: | USN-907-1.txt | Description:
| Ubuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6239 | | Related CVE(s): | CVE-2010-0285, CVE-2010-0422 | | Last Modified: | Mar 8 17:08:49 2010 | | MD5 Checksum: | 0779341d5cb6e3ff11a2489dcba18547 |
|
| /// File Name: | tribisur-lfi.txt | Description:
| Tribisur versions 2.0 and below suffer from a local file inclusion vulnerability. | | Author: | cr4wl3r | | File Size: | 1965 | | Last Modified: | Mar 8 17:07:44 2010 | | MD5 Checksum: | b57f7e0fba10b70409a963b0229fc35a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
