Section: .. / Last 50 Files /
| /// File Name: | TA10-068A.txt | Description:
| Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3802 | | Last Modified: | Mar 9 18:18:07 2010 | | MD5 Checksum: | 52a06df4c61def449f7f9c9f8bcad8b7 |
|
| /// File Name: | tor.uclibc.i686.20100309.iso | Description:
| Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. | | Author: | Anthony G. Basile | | Homepage: | http://opensource.dyc.edu/tor-ramdisk | | Changes: | Tor was updated to 0.2.1.24 and busybox to 1.15.3. The build scripts now allow the option of creating images with a fully featured busybox for debugging and a minimally configured busybox for production. | | File Size: | 4286464 | | Last Modified: | Mar 9 18:16:23 2010 | | MD5 Checksum: | 24b38d121c40ba789db06b32c48b1899 |
|
| /// File Name: | CORE-2009-1103.txt | Description:
| Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7741 | | Related CVE(s): | CVE-2010-0264 | | Last Modified: | Mar 9 18:13:44 2010 | | MD5 Checksum: | 3b4084cc3bd02ec3abcf8034a1cd52e2 |
|
| /// File Name: | CORE-2009-0813.txt | Description:
| Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12942 | | Related CVE(s): | CVE-2010-0265 | | Last Modified: | Mar 9 18:11:06 2010 | | MD5 Checksum: | c616fcba3c0a93ba3996a3ca8d8818b9 |
|
| /// File Name: | rivercms-sql.txt | Description:
| River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | Pouya Daneshmand | | File Size: | 799 | | Last Modified: | Mar 9 18:07:52 2010 | | MD5 Checksum: | 3f9fd122e2c9c13cf36e4141986c3d46 |
|
| /// File Name: | MDVSA-2010-058.txt | Description:
| Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 62736 | | Last Modified: | Mar 9 18:06:23 2010 | | MD5 Checksum: | 07bda32325dbbfc3f66329dadbc38dc9 |
|
| /// File Name: | nusnewssystem-sql.txt | Description:
| NUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability. | | Author: | n3w7u | | File Size: | 695 | | Last Modified: | Mar 9 18:05:34 2010 | | MD5 Checksum: | 73b85126d9a72c43885fe8f5015285eb |
|
| /// File Name: | jevci-disclose.txt | Description:
| Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability. | | Author: | indoushka | | File Size: | 1920 | | Last Modified: | Mar 9 18:04:28 2010 | | MD5 Checksum: | 8dc51a5f030e969191a583ba8fb34d42 |
|
| /// File Name: | ZDI-10-026.txt | Description:
| Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3057 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 18:02:35 2010 | | MD5 Checksum: | 7e8b4a4e56efc310c9d29affb2ee9a3f |
|
| /// File Name: | mhproducts-sql.txt | Description:
| Mhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1994 | | Last Modified: | Mar 9 18:01:22 2010 | | MD5 Checksum: | d9ed3069eabcbca64dc161d3fca09550 |
|
| /// File Name: | easyftp.rb.txt | Description:
| This Metasploit module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability. | | Author: | Blake | | Homepage: | http://www.metasploit.com | | File Size: | 2263 | | Last Modified: | Mar 9 18:00:35 2010 | | MD5 Checksum: | d732ec3c57befe33133a22a93ffe3bc9 |
|
| /// File Name: | HPSBMA02489-SSRT090065.txt | Description:
| HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands. | | Homepage: | http://www.hp.com/ | | File Size: | 6868 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 17:50:54 2010 | | MD5 Checksum: | d32dd84a89acc0ff85800e4c96e86450 |
|
| /// File Name: | energizer_duo_payload.rb.txt | Description:
| This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger. | | Author: | H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 2841 | | Related CVE(s): | CVE-2010-0103 | | Last Modified: | Mar 9 17:50:14 2010 | | MD5 Checksum: | d6d4fbfd8adf2bc89ff2a66c568d2df7 |
|
| /// File Name: | orbital_viewer_orb.rb.txt | Description:
| This Metasploit module exploits a stack-based buffer overflow in David Manthey's Orbital Viewer. When processing .ORB files, data is read from file into a fixed-size stack buffer using the fscanf function. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an ORB file. | | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 2851 | | Related OSVDB(s): | 62580 | | Related CVE(s): | CVE-2010-0688 | | Last Modified: | Mar 9 17:49:56 2010 | | MD5 Checksum: | 5aa02439f41605543223cc94d1459d02 |
|
| /// File Name: | rsstatic-sql.txt | Description:
| Rsstatic suffers from a remote SQL injection vulnerability. | | Author: | Itsecteam | | File Size: | 498 | | Last Modified: | Mar 9 17:36:56 2010 | | MD5 Checksum: | 36b80b3567abad8055fcf5b5022ef709 |
|
| /// File Name: | uebimiauwebmail-disclose.txt | Description:
| Uebimiau Webmail version 3.2.0-2.0 suffers from a remote email disclosure vulnerability. | | Author: | R4vax,Z3r0c0re | | File Size: | 1018 | | Last Modified: | Mar 9 17:35:11 2010 | | MD5 Checksum: | d8986001128e37ed03e54a8e5d292448 |
|
| /// File Name: | aef-xss.txt | Description:
| AEF version 1.0.8 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 686 | | Last Modified: | Mar 9 17:33:09 2010 | | MD5 Checksum: | dc6f4907b92f1b05e661dc65bc490c7b |
|
| /// File Name: | ibmenovia-xss.txt | Description:
| IBM ENOVIA SmarTeam version 5 suffers from a cross site scripting vulnerability. | | Author: | Yaniv Miron | | File Size: | 1349 | | Last Modified: | Mar 9 17:31:44 2010 | | MD5 Checksum: | 44229551878fc0a868b16aae04f085eb |
|
| /// File Name: | wildcms-sql.txt | Description:
| WILD CMS suffers from a remote SQL injection vulnerability. | | Author: | Ariko-Security | | File Size: | 1066 | | Last Modified: | Mar 9 17:30:43 2010 | | MD5 Checksum: | f1c9b20b4b3deac6cdf7619762dfe050 |
|
| /// File Name: | eleanorcms-xss.txt | Description:
| Eleanor CMS version Rc5.1 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 694 | | Last Modified: | Mar 9 17:29:26 2010 | | MD5 Checksum: | c2139058f58f69cd7a9b7bf522bd98c7 |
|
| /// File Name: | ddlcms-xss.txt | Description:
| DDL CMS version 2.1 suffers from a cross site scripting vulnerability. | | Author: | Itsecteam | | File Size: | 650 | | Last Modified: | Mar 9 17:28:15 2010 | | MD5 Checksum: | cee3294fc74b0d4bcf91e8420e6bdd73 |
|
| /// File Name: | ZDI-10-025.txt | Description:
| Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2575 | | Related CVE(s): | CVE-2010-0263 | | Last Modified: | Mar 9 16:44:29 2010 | | MD5 Checksum: | 345ea63cd930dcb5de4c5273d9c5df54 |
|
| /// File Name: | reverberation.c | Description:
| Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers. | | Author: | l0om | | Homepage: | http://www.excluded.org | | File Size: | 6896 | | Last Modified: | Mar 9 16:41:53 2010 | | MD5 Checksum: | 417ff5e37e88d914eff7eebf43090a98 |
|
| /// File Name: | Ravage.zip | Description:
| Ravage is a rogue DHCP server written in PHP. | | Author: | Nima Ghotbi | | Homepage: | http://h.ackerz.com/ | | File Size: | 2503 | | Last Modified: | Mar 9 16:29:14 2010 | | MD5 Checksum: | 2bc9aa4196308998346d25fdfa8dc4a0 |
|
| /// File Name: | phpfss-traversalxssupload.txt | Description:
| PHP File Sharing System version 1.5.1 suffers from cross site scripting, directory traversal and shell upload vulnerabilities. | | Author: | Blake | | File Size: | 1535 | | Last Modified: | Mar 9 16:28:09 2010 | | MD5 Checksum: | 78b5ecb1d5f83b46e7dec84be8a5407b |
|
| /// File Name: | jadclass-dos.txt | Description:
| JAD java decompiler .class file stack overflow denial of service exploit. | | Author: | l3D | | File Size: | 363 | | Last Modified: | Mar 9 16:26:09 2010 | | MD5 Checksum: | ac709c88a88cddfa178bacb66240a96b |
|
| /// File Name: | jadarg-crash.txt | Description:
| JAD java decompiler version 1.5.8g argument crash exploit. | | Author: | l3D | | File Size: | 568 | | Last Modified: | Mar 9 16:25:03 2010 | | MD5 Checksum: | aca219c4fc665d4afd1e8b0c699b29a8 |
|
| /// File Name: | reglookup-0.12.0.tar.gz | Description:
| RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. | | Author: | Timothy D. Morgan | | Homepage: | http://projects.sentinelchicken.org/reglookup/ | | Changes: | Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added. | | File Size: | 95483 | | Last Modified: | Mar 9 16:12:34 2010 | | MD5 Checksum: | 7fa5bd1f55f3f8345952bf6a03ef2e1a |
|
| /// File Name: | chaton-lfi.txt | Description:
| Chaton versions 1.5.2 and below suffer from a local file inclusion vulnerability. | | Author: | cr4wl3r | | File Size: | 2157 | | Last Modified: | Mar 8 21:12:31 2010 | | MD5 Checksum: | 302240f053a31a27d3f7bfa05133064f |
|
| /// File Name: | quickzip.py.txt | Description:
| QuickZip version 4.60 local buffer overflow proof of concept exploit that creates a malicious .zip file. This version does not have the egghunter. | | Author: | corelanc0d3r,mr_me | | File Size: | 3329 | | Last Modified: | Mar 8 21:10:35 2010 | | MD5 Checksum: | 855aae375aa00be2327a35c12ecd0a76 |
|
| /// File Name: | dsa-2008-1.txt | Description:
| Debian Linux Security Advisory 2008-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3554 | | Last Modified: | Mar 8 21:08:11 2010 | | MD5 Checksum: | c46bf7d8dec6a12a4086dae8214e55c0 |
|
| /// File Name: | quickzip0day.py.txt | Description:
| QuickZip version 4.60 local universal buffer overflow proof of concept exploit that creates a malicious .zip file. | | Author: | corelanc0d3r,mr_me | | File Size: | 4688 | | Last Modified: | Mar 8 21:06:12 2010 | | MD5 Checksum: | ab2f63007fd139e47124a3c8f10df8a5 |
|
| /// File Name: | dzauktionshaus-sql.txt | Description:
| DZ Auktionshaus V4.rgo suffers from a remote SQL injection vulnerability in news.php. | | Author: | Easy Laster | | File Size: | 1573 | | Last Modified: | Mar 8 21:02:28 2010 | | MD5 Checksum: | 789d93a66f94303162e11c587225bc02 |
|
| /// File Name: | codegate2010.txt | Description:
| The CodeGate 2010 Capture The Flag contest has been announced. It will take place from March 13th through the 14th. | | Homepage: | http://www.codegate.org/ | | File Size: | 1090 | | Last Modified: | Mar 8 20:59:09 2010 | | MD5 Checksum: | 1ba0dc6f2e6c77ddbd2268d15409c507 |
|
| /// File Name: | dev4u-sql.txt | Description:
| Dev4U CMS Personenseiten suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1684 | | Last Modified: | Mar 8 20:57:21 2010 | | MD5 Checksum: | 22fa1caa94c75599f1dc0f84e5712c1e |
|
| /// File Name: | opencart-sql.txt | Description:
| OpenCart version 1.3.2 suffers from a remote SQL injection vulnerability. | | Author: | Andres Gomez | | File Size: | 1609 | | Last Modified: | Mar 8 20:49:49 2010 | | MD5 Checksum: | bf6a6db84d6a93e312dfa8c340f9c457 |
|
| /// File Name: | khc_0.2.tar.gz | Description:
| Known Host Cracker (khc) is a small tool designed to recover hashed known_host files back to their plain-text equivalents. | | Author: | Benkei,Rembrandt | | File Size: | 8842 | | Last Modified: | Mar 8 16:57:49 2010 | | MD5 Checksum: | 00cea61517d93313c4a73cca64c0238e |
|
| /// File Name: | geoipgen-0.4.tar.gz | Description:
| GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries. | | Author: | Andrew Horton (urbanadventurer) | | Homepage: | http://www.morningstarsecurity.com/research/geoipgen | | Changes: | Faster and smaller memory usage. It now uses the fast-random algorithm by default instead of the bit-field method, Re-wrote README file, Simplified usage instructions. | | File Size: | 12332 | | Last Modified: | Mar 8 16:28:38 2010 | | MD5 Checksum: | edae9618c3413be8e380f1e10b5b91dd |
|
| /// File Name: | nessus-xmlrpc-0.3.tar.gz | Description:
| nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner. | | Author: | Vlatko Kosturjak | | Homepage: | http://rubyforge.org/projects/nessus-xmlrpc/ | | Changes: | Mostly speed improvements (will use keepalive and nokogiri if available). Support for some new functions. Better documentation. | | File Size: | 6371 | | Last Modified: | Mar 8 17:17:39 2010 | | MD5 Checksum: | 23bdc28e21bcf552777d338a9f54b94e |
|
| /// File Name: | lenovo-escalate.txt | Description:
| Lenovo laptops running the Hotkey Driver and Access Connections software versions 5.33 and below suffer from a privilege escalation vulnerability. Full exploitation details provided. | | Author: | Chilik Tamir | | File Size: | 3130 | | Last Modified: | Mar 8 17:14:44 2010 | | MD5 Checksum: | 197dc1c38c9c66cd38cc4d3ffe457f76 |
|
| /// File Name: | openssh-5.4p1.tar.gz | Description:
| This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. | | Author: | Damien Miller | | Homepage: | http://www.openssh.com/ | | Changes: | This is a major feature and bugfix release. Major changes include disabling SSH protocol 1 by default, removal of legacy OpenSC/libsectok smartcard support, addition of PKCS#11 support, introduction of a new certificate authentication method for users and hosts, revised session multiplexing code, many improvements to sftp from the Google Summer of Code 2009, and lots of bugfixes. | | File Size: | 1094604 | | Last Modified: | Mar 8 17:09:53 2010 | | MD5 Checksum: | da10af8a789fa2e83e3635f3a1b76f5e |
|
| /// File Name: | USN-907-1.txt | Description:
| Ubuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6239 | | Related CVE(s): | CVE-2010-0285, CVE-2010-0422 | | Last Modified: | Mar 8 17:08:49 2010 | | MD5 Checksum: | 0779341d5cb6e3ff11a2489dcba18547 |
|
| /// File Name: | tribisur-lfi.txt | Description:
| Tribisur versions 2.0 and below suffer from a local file inclusion vulnerability. | | Author: | cr4wl3r | | File Size: | 1965 | | Last Modified: | Mar 8 17:07:44 2010 | | MD5 Checksum: | b57f7e0fba10b70409a963b0229fc35a |
|
| /// File Name: | spamassassin-remoteroot.txt | Description:
| The Spamassassin Milter plugin suffers from a remote root command execution vulnerability. Full exploit details provided. | | Author: | Kingcope | | File Size: | 3309 | | Last Modified: | Mar 8 17:05:26 2010 | | MD5 Checksum: | 65f987b29f0f557007bd95469466936d |
|
| /// File Name: | bigforum-sql.txt | Description:
| BigForum version 4.5 remote SQL injection exploit that dumps user table information. | | Author: | Ctacok | | File Size: | 1541 | | Last Modified: | Mar 8 17:02:26 2010 | | MD5 Checksum: | 441885aaaffc20d9973a7ed18a3ca858 |
|
| /// File Name: | bildflirt-sql.txt | Description:
| Bild Flirt System version 2.0 suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1572 | | Last Modified: | Mar 8 16:55:19 2010 | | MD5 Checksum: | a642e3a8283ac1b6e538470c86012e5f |
|
| /// File Name: | dvbbs830-xss.txt | Description:
| DvBBS versions 7.1.x through 8.2.x suffer from a cross site scripting vulnerability. This is a variation of the flaw that affected versions prior to 7.1.0. | | Author: | Liscker | | Related Exploit: | dvbbsXSS.txt | | File Size: | 1086 | | Last Modified: | Mar 8 16:26:37 2010 | | MD5 Checksum: | 3cd304f7bfac9d084dea5dd5ad646661 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
