Section: .. / Last 20 Files /
| /// File Name: | MDVSA-2010-170.txt | Description:
| Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5600 | | Related CVE(s): | CVE-2010-2252 | | Last Modified: | Sep 2 23:47:14 2010 | | MD5 Checksum: | 1d5d76c35a7524b8752e4dfab043cf0f |
|
| /// File Name: | glsa-201009-01.txt | Description:
| Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected. | | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 3040 | | Related CVE(s): | CVE-2009-2369 | | Last Modified: | Sep 2 23:46:38 2010 | | MD5 Checksum: | fdf7e822a65781e0b83fcc9be4491798 |
|
| /// File Name: | onecms-xss.txt | Description:
| OneCMS version 2.6.1 suffers from a cross site scripting vulnerability. | | Author: | anT!-Tr0J4n | | File Size: | 897 | | Last Modified: | Sep 2 23:45:56 2010 | | MD5 Checksum: | 740f705d0901e689fd0d4c44af86aedf |
|
| /// File Name: | path-attacks.txt | Description:
| Whitepaper called PATH Attacks. Written in German. | | Author: | fred777 | | File Size: | 4731 | | Last Modified: | Sep 2 23:43:29 2010 | | MD5 Checksum: | 7933cf7d3dc0e60c44aa420b47a80c47 |
|
| /// File Name: | webmanagerpro-sql.txt | Description:
| CMS WebManager-Pro suffers from a remote SQL injection vulnerability. | | Author: | MustLive | | File Size: | 1025 | | Last Modified: | Sep 2 23:21:13 2010 | | MD5 Checksum: | e5db11a98db2675d2b09d59fb6743fc3 |
|
| /// File Name: | suricata-1.0.2.tar.gz | Description:
| Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools. | | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | An SSH module was added. Several TCP evasions were fixed. Language compatibility was improved. HTTP detection accuracy was improved. Inline mode was improved. | | File Size: | 1630936 | | Last Modified: | Sep 2 23:18:47 2010 | | MD5 Checksum: | 57c93a22602ecc9bbe5857beeb79cb5d |
|
| /// File Name: | checksum-shellcode.txt | Description:
| This shellcode is an egg hunter checksum routine. | | Author: | Ron Henry | | File Size: | 2395 | | Last Modified: | Sep 2 23:15:53 2010 | | MD5 Checksum: | 86a11690f9577c5dbe008bd3b2a7d903 |
|
| /// File Name: | USN-982-1.txt | Description:
| Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11134 | | Related CVE(s): | CVE-2010-2252 | | Last Modified: | Sep 2 23:15:02 2010 | | MD5 Checksum: | 772e3ecddbb0e78f9ad1482e49e5c2b0 |
|
| /// File Name: | PRL-2010-07.txt | Description:
| A flaw exists within SSHD.NLM of Novell Netware version 6.5. When the application attempts to resolve an absolute path on the server, a 512 byte destination buffer is used without bounds checking. By providing a large enough value, an attacker can cause a buffer to be overflowed. Successful exploitation results in remote code execution under the context of the server. | | Author: | Francis Provencher | | File Size: | 3448 | | Last Modified: | Sep 2 23:12:50 2010 | | MD5 Checksum: | 0f072e2d9e7ec5d12c5cefae31d95aeb |
|
| /// File Name: | MDVSA-2010-169.txt | Description:
| Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 74322 | | Related CVE(s): | CVE-2010-2754, CVE-2010-0654, CVE-2010-1213, CVE-2010-2753, CVE-2010-1211 | | Last Modified: | Sep 2 23:08:28 2010 | | MD5 Checksum: | 0f02f3eda393e2a0d929deb75ea471a5 |
|
| /// File Name: | moovida-dllhijack.tgz | Description:
| Moovida Media Player versions 2.0.0.15 and below DLL hijacking exploit. | | Author: | Aung Khant | | Homepage: | http://yehg.net/ | | File Size: | 11434 | | Last Modified: | Sep 2 23:06:50 2010 | | MD5 Checksum: | a822bb5288d37ba5b82362025654c4e9 |
|
| /// File Name: | cvechecker-0.5.tar.gz | Description:
| cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage. | | Author: | Sven Vermeulen | | Homepage: | http://cvechecker.sourceforge.net/ | | Changes: | The tool should now build properly on NetBSD and FreeBSD (although more user experience here is still welcome). This release introduces a cvereport command (example output can be found at the project site), and has lowered its initial dependency requirements. pullcves now only loads the CVE XML changes in the database, rather than iterating across all CVE XML entries. | | File Size: | 132624 | | Last Modified: | Sep 2 23:01:40 2010 | | MD5 Checksum: | d6c5e5538ebcc6e87a24a1ff70d38942 |
|
| /// File Name: | moaub-quicktime.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 34415 | | Related CVE(s): | CVE-2010-0519 | | Last Modified: | Sep 2 22:57:48 2010 | | MD5 Checksum: | 3b8e0f535bf0ba3739f15044c0249d16 |
|
| /// File Name: | vbshout-rfilfi.txt | Description:
| vbShout version 5.2.2 suffers from remote and local file inclusion vulnerabilities. | | Author: | fred777 | | File Size: | 1653 | | Last Modified: | Sep 2 22:56:07 2010 | | MD5 Checksum: | 5cb9fe845a66a395c3d63fa172edaaba |
|
| /// File Name: | moaub-rainbowportal.txt | Description:
| Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | File Size: | 7143 | | Last Modified: | Sep 2 22:54:57 2010 | | MD5 Checksum: | 8ae0ef410cda573b1cdcf2b600096f27 |
|
| /// File Name: | shopalacart-sqlxss.txt | Description:
| Shop A La Cart suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | Ariko-Security | | File Size: | 2532 | | Last Modified: | Sep 2 22:47:44 2010 | | MD5 Checksum: | 9e41de6d42151e83c7437d485141d13a |
|
| /// File Name: | accton-backdoor.txt | Description:
| Accton-based switches which are commonly rebranded as 3Com, Dell, SMC, Foundry and EdgeCore suffer from a backdoor password vulnerability. | | Author: | Edwin Eefting,Erik Smit,Erwin Drent | | File Size: | 6586 | | Last Modified: | Sep 2 22:46:06 2010 | | MD5 Checksum: | 24a33d38be40a5f54dc4a7cea823c455 |
|
| /// File Name: | nullconGoa2011-CFP.txt | Description:
| The Call For Papers for nullcon Dwitiya 2.0 is now open. It takes place February 25th through the 26th, 2011 in Goa, India. | | Homepage: | http://nullcon.net/ | | File Size: | 2908 | | Last Modified: | Sep 1 16:40:25 2010 | | MD5 Checksum: | ef8b994b84ef1796e447f7f903b43bfd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
