.:[ packet storm ]:.
                           
pushing oppressive envelopes
pushing oppressive envelopes

 Section:  .. / Last 20 Files /

 ///  File Name:dsa-1698-1.txt
Description:
Debian Security Advisory 1698-1 - It was discovered that GForge, a collaborative development tool, insufficiently sanitizes some input allowing a remote attacker to perform SQL injection.
Homepage:http://www.debian.org/security
File Size:7780
Related CVE(s):CVE-2008-2381
Last Modified:Jan 9 15:52:58 2009
MD5 Checksum:29c1b4ba2b7bdfca14d2a2b0df04b7be

 ///  File Name:MDVSA-2009-001.txt
Description:
Mandriva Linux Security Advisory 2009-001 - A vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, which would then bypass the certificate validation. The updated packages have been patched to prevent this issue.
Homepage:http://www.mandriva.com/security/
File Size:7847
Related CVE(s):CVE-2008-5077
Last Modified:Jan 9 15:52:12 2009
MD5 Checksum:1c6c72c0bc98167e9bf07aa33780150a

 ///  File Name:vuplayerasx-overflow.txt
Description:
VUPlayer version 2.49 local buffer overflow exploit that creates a malicious .asx file.
Author:H-T Team
Homepage:http://no-hack.fr/
File Size:7495
Last Modified:Jan 9 15:50:36 2009
MD5 Checksum:5d9d5dc22051cf0bfd9c5002d2aac7bf

 ///  File Name:mp3trackmaker-overflow.txt
Description:
MP3 TrackMaker version 1.5 local heap overflow proof of concept exploit that creates a malicious .mp3 file.
Author:H-T Team
Homepage:http://no-hack.fr/
File Size:871
Last Modified:Jan 9 15:49:18 2009
MD5 Checksum:bb1a84c7a2d4a3d7d8a7fa0a98ca8345

 ///  File Name:USN-706-1.txt
Description:
Ubuntu Security Notice USN-706-1 - It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
Homepage:http://security.ubuntu.com/
File Size:37624
Related CVE(s):CVE-2009-0025
Last Modified:Jan 8 19:59:32 2009
MD5 Checksum:506056264ebfe80a7eaba22a136f9c66

 ///  File Name:cupp.tar.bz2
Description:
CUPP is the Common User Passwords Profiler. It takes in various user about a given human target and then generates a logical dictionary for password cracking.
Author:Muris Kurgas
File Size:14309
Last Modified:Jan 8 19:55:57 2009
MD5 Checksum:bd7782044e4a77d19a6893f1435d8ff5

 ///  File Name:google-insecurexss.txt
Description:
Google Chrome appears to suffer from denial of service issues through misuse of the view-source URI.
Author:e.wiZz!
File Size:1672
Last Modified:Jan 8 19:43:59 2009
MD5 Checksum:ba0b82575944b29f4ab5a0e3fa49310b

 ///  File Name:ibmxs40-dos.txt
Description:
The IBM DataPower XS40 Security Gateway automatically reboots when fed random data to TCP port 443 over SSL allowing for a remote and unauthenticated denial of service.
Author:Erik
File Size:532
Last Modified:Jan 8 19:39:48 2009
MD5 Checksum:05851714af04d19476baf44ebf62d309

 ///  File Name:lsa.zip
Description:
Samba versions below 3.0.20 heap overflow exploit. Written for older versions of Debian, Slackware, and Mandrake.
Author:zuc
File Size:8112
Last Modified:Jan 8 19:35:11 2009
MD5 Checksum:043d719fc037091a570b1970f725c510

 ///  File Name:AST-2009-001.txt
Description:
Asterisk Project Security Advisory - IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts.
Author:Tilghman Lesher
Homepage:http://www.asterisk.org/security
File Size:10478
Related CVE(s):CVE-2009-0041
Last Modified:Jan 8 19:27:39 2009
MD5 Checksum:51f47441fcd4678b7c237afe816ab371

 ///  File Name:CORE-2008-1128.txt
Description:
Core Security Technologies Advisory - Openfire is a real time collaboration (RTC) server licensed under the Open Source GPL. It uses the widely adopted open protocol for instant messaging XMPP, also called Jabber. Multiple cross-site scripting vulnerabilities have been found, which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code. Openfire version 3.6.2 is affected.
Homepage:http://www.coresecurity.com/corelabs/
File Size:10820
Last Modified:Jan 8 18:52:31 2009
MD5 Checksum:b9fd4563590b32ef7388cb4cfc403cf8

 ///  File Name:gomplayerasx-overflow.txt
Description:
GOM Player version 2.0.12 stack overflow exploit that creates a malicious .ASX file which will spawn calc.exe.
Author:DATA_SNIPER
File Size:3730
Last Modified:Jan 8 17:34:42 2009
MD5 Checksum:7d19ca40734d4d1003d8de26c737a0ee

 ///  File Name:pizziscms-sql.txt
Description:
Pizzis CMS versions 1.5.1 and below blind SQL injection exploit.
Author:darkjoker
Homepage:http://darkjokerside.altervista.org/
File Size:1939
Last Modified:Jan 8 17:32:53 2009
MD5 Checksum:80f5a76b4c9f395be2df23bc3a331f39

 ///  File Name:layerone2009-cfp.txt
Description:
LayerOne 2009 Information Technology Conference Call for Papers - The sixth annual LayerOne security conference is now accepting submissions for topic and speaker selection.This conference will be held May 23 and 24, 2009 in Anaheim, California.
Homepage:http://layerone.info/
File Size:2299
Last Modified:Jan 8 17:31:18 2009
MD5 Checksum:34ca4d4e8d07fab89c563822ebb46f07

 ///  File Name:xoops232-exec.txt
Description:
XOOPS version 2.3.2 remote php code execution exploit.
Author:StAkeR
File Size:3244
Last Modified:Jan 8 17:29:52 2009
MD5 Checksum:d14a5e2a777fb2fb6ec444174efe968c

 ///  File Name:intellitamperlang-overflow.txt
Description:
IntelliTamper versions 2.07 and 2.08 Language Catalog SEH overflow exploit.
Author:Cn4phux
File Size:2293
Last Modified:Jan 8 17:28:17 2009
MD5 Checksum:48f3e884cd23b353ab70b8e5fa83fa4c

 ///  File Name:USN-705-1.txt
Description:
Ubuntu Security Notice USN-705-1 - It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature.
Homepage:http://security.ubuntu.com/
File Size:12500
Related CVE(s):CVE-2009-0021
Last Modified:Jan 8 17:27:06 2009
MD5 Checksum:14a35d7392f9fb849678e1dc2fb2c6f8

 ///  File Name:phpfusionarcade-sql.txt
Description:
The PHP-Fusion vArcade module version 1.8 suffers from a remote SQL injection vulnerability.
Author:IRCRASH
Homepage:http://ircrash.com/
File Size:1041
Last Modified:Jan 8 17:24:54 2009
MD5 Checksum:0a14f1ed873453901fd8b5c6eabf2f63

 ///  File Name:cutenew-xssexec.txt
Description:
CuteNews versions 1.4.6 and below remote cross site scripting and remote command execution exploit.
Author:StAkeR
File Size:4614
Last Modified:Jan 8 17:23:43 2009
MD5 Checksum:e66dbbde1a7ce181267950221f7ed84c

 ///  File Name:FreeBSD-SA-09-01.lukemftpd.txt
Description:
FreeBSD Security Advisory - lukemftpd suffers from a cross site request forgery vulnerability.
Homepage:http://security.freebsd.org/
File Size:6834
Related CVE(s):CVE-2008-4247
Last Modified:Jan 7 18:29:30 2009
MD5 Checksum:789204aa23caec29ac8ae20f577becc4