what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files Date: 2007-05-15

Posted May 15, 2007
Site rsbac.org

Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.

Changes: Various updates and code fixes.
tags | kernel
systems | linux
SHA-256 | d2f7efe7637cd9363466a80de70b288221b2c67b2aebea5ebadd611b0221bcbb
Posted May 15, 2007
Site kapheine.hypa.net

Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.

Changes: Various bug fixes.
tags | web, cracker
SHA-256 | 366adfda9dbdb2c6dfefa9c50f143fa535a77db17cbe0b7ef338f835e211f7db
Posted May 15, 2007
Site aircrack-ng.org

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Changes: Multiple bug fixes and some enhancements.
tags | tool, wireless
SHA-256 | 64a9815f2897c5f4c544ece5357acb569770e125493793f59b7d8f208415dba7
Posted May 15, 2007
Authored by Ian Ventura-Whiting | Site sourceforge.net

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.

Changes: Multiple bug fixes.
systems | cisco, juniper
SHA-256 | a75128e2626f14ada625af996d0cc31e1ef291817127bdbba5e261920efd95a3
Posted May 15, 2007
Authored by Kingcope

The sftp server in ssh- from ssh.com may suffer from a remote off by one vulnerability.

tags | advisory, remote
SHA-256 | 8c93956e7669b4b8dc0b881882b3149e989a9c3c49c14cf81f26ba0dd84b0f15
Mandriva Linux Security Advisory 2007.104
Posted May 15, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.

tags | advisory, remote, overflow, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2007-2446, CVE-2007-2447
SHA-256 | 6c83583361b6eac643ad28ec00b69b37e84140638e39e45f6f79b68236618c56
Ubuntu Security Notice 459-1
Posted May 15, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 459-1 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0244
SHA-256 | 24139dfc21ec59756c03bff1b83a00a6e14f1c1709941f173dac2cab3ee8a8d9
Posted May 15, 2007
Authored by beNi

WordPress Akismet suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c58b33c5a88700c17f8a49c1e3dd50be6bbe12464020d73ce653e8e1337cc2b4
iDEFENSE Security Advisory 2007-05-14.1
Posted May 15, 2007
Authored by iDefense Labs | Site idefense.com

Remote exploitation of a command injection vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with nobody privileges. The vulnerability exists within the code responsible for updating a user's password in the SAM database. Unfiltered user input is passed to "/bin/sh". This allows an attacker to execute arbitrary shell commands with the privileges of the nobody user. iDefense has confirmed the existence of this vulnerability in Samba version 3.0.24. Previous versions of Samba release 3 may be vulnerable. Release version 2 and below did not have this feature.

tags | advisory, remote, arbitrary, shell
advisories | CVE-2007-2447
SHA-256 | 09d8dddb1bdf4c327afcf8233bd530bb69472f703ec593e9e88197895baafe67
Posted May 15, 2007
Authored by Xpl017Elz | Site x82.inetcop.org

Fedora Core 6 (exec-shield) based Webdesproxy version 0.0.1 remote root exploit.

tags | exploit, remote, root
systems | linux, fedora
SHA-256 | a597e3eae30fff3e173ea50fa5b8d93a0a45a5fcfe86ce236cd50280358629bf
Posted May 15, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

SonicBB version 1.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2007-1903
SHA-256 | 89536131142d22ebd0721e958f80cf261f62023d19c2d6999a6346c95e57e740
Posted May 15, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

SonicBB version 1.0 suffers from multiple path disclosure vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2007-1901
SHA-256 | 1c74034eb2de7721f913efcc5bf99efb37250f57eb5c5834677497a4c212e738
Posted May 15, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

SonicBB version 1.0 suffers from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-1902
SHA-256 | 4238c5016d152f8249eae9a5bbfc2ea21a285513e6295e6c5aab388c1261a687
Posted May 15, 2007
Authored by Cody "CypherXero" Rester | Site cypherxero.net

Proof of concept code that demonstrates spamming vulnerabilities in Facebook.

tags | exploit, vulnerability, proof of concept
SHA-256 | 0776225008a16e8ed6ea054c317572231bb5b9457af120343f808944c84a3ab9
Posted May 15, 2007
Authored by Cody "CypherXero" Rester | Site cypherxero.net

Facebook is vulnerable to a flaw that could allow an attacker to use Facebook to send mass emails to any victim address.

tags | advisory
SHA-256 | d9a1c44ef80d285e6f91bf3459dc786ba1623c63f4b02f3da1d1c378f35342e4
Posted May 15, 2007
Site nruns.com

BTCrack is a pairing handshake cracker against Bluetooth versions 1.0 through 2.0.

tags | tool, wireless
SHA-256 | 71e2be893da896bed2cd0fae228574c166f77063bfa981483bd59f634b1e59cd
Posted May 15, 2007
Site samba.org

In Samba versions 3.0.0 through 3.0.25rc3, unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.

tags | advisory, remote
advisories | CVE-2007-2447
SHA-256 | 9e82fbe530a6ed212e4491072b4a99d5bc21489dc265219a522241d11631d74c
Posted May 15, 2007
Site samba.org

In Samba versions 3.0.0 through 3.0.25rc3, various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.

tags | advisory
advisories | CVE-2007-2446
SHA-256 | 44a5bc88e32a784d90945493cb57c7cf6908f3a04ebe6ced34ff53e174361231
Posted May 15, 2007
Site samba.org

In Samba versions 3.0.23d through 3.0.25pre2, a bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root.

tags | advisory, local, root, protocol
advisories | CVE-2007-2444
SHA-256 | 02de903ea0f07758ea335309c38eb5f014df4b420fb1e348b4cbb54cbf6097e6
Gentoo Linux Security Advisory 200705-14
Posted May 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-14 - XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. Versions less than 5.02 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1859
SHA-256 | dfeb074b5484bc8d9d64dac02e870671ebc4317e59431cfd071d2065879a29c1
Posted May 15, 2007
Authored by Liz0ziM | Site expw0rm.com

iFdate 2.x suffers from an unauthorized administrative access vulnerability.

tags | exploit, bypass
SHA-256 | 219d01bcd37375c560406ea7ef180f6f8f821031304c136521ef59feeac8e9b0
Debian Linux Security Advisory 1290-1
Posted May 15, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1290-1 - It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2007-1262
SHA-256 | be082b77c7a63122764d74206a6f9145da3669a0fa16d4defe10da27fa295b3f
Debian Linux Security Advisory 1289-1
Posted May 15, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1289-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-1496, CVE-2007-1497, CVE-2007-1861
SHA-256 | c64e166fec13c2f963ed9074005676ddd21d12486c57ecd130b1cc58bb345e02
Posted May 15, 2007
Authored by calcite

spamd as included with Exim version 4.66 suffers from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 4b0f98d331b7749c0d64a655240d9befac04d5f48f9211580eb945a6b6df053f
Posted May 15, 2007
Authored by vade79

notepad++ version 4.1 ruby file processing buffer overflow exploit for win32.

tags | exploit, overflow, ruby
systems | windows
SHA-256 | a94c3b69ca7e1bf525c7e26b2d1417c794a90e1191e066b5bf7ec61ad95b9338
Page 1 of 2

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By