exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 63 RSS Feed

Files

getware.txt
Posted Jan 20, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. WebCam Live versions 2.01 and below and Photohost versions 4.0 and below are all susceptible to a denial of service attack when the Content-Length parameter is set to a negative number during a transaction.

tags | advisory, web, denial of service
SHA-256 | f1e754c06a56a62a8a54d2c97ef2aec69f3c5c8cb9126843431d8d1bf463efca
networker60.txt
Posted Jan 19, 2004
Authored by l0om

A plausible symlink attack exists in networker version 6.0 in the shutdown script.

tags | advisory
SHA-256 | f71446ef6211d128c354e2004097b4569b81064c3ae7c06613e3f72160b90019
qmailcrash.html
Posted Jan 19, 2004
Authored by Georgi Guninski | Site guninski.com

Georgi Guninski security advisory #65, 2004 - Qmail version 1.03 is susceptible to a couple attacks. A crash in qmail-smtpd occurs with a long SMTP session. The crash is not global, it affects only the current SMTP session. It is also possible to trigger a segmentation violation (SEGV) from the network.

tags | advisory
SHA-256 | 10dae39fc506d25c870163518f0077627ecaf939966caa0aad04678186ced065
pablo-ftp.txt
Posted Jan 19, 2004
Authored by Arnaud Jacques | Site securiteinfo.co

Pablo FTP server version 1.77 allows for information disclosure by detecting whether or not a file exists outside of the FTP root directory, allow a remote attack to peruse the system at will.

tags | advisory, remote, root, info disclosure
SHA-256 | 30472f2da0279acae8a308c9b219bd017b1c9a745f39a30ef1595f0e3ec6872e
mambo.txt
Posted Jan 19, 2004
Authored by FraMe | Site kernelpanik.org

The Mambo Open Source web content management system allows for remote command execution as the webserver user id due to a lack of input validation.

tags | advisory, remote, web
SHA-256 | da6f8e308f6903ca98dc9383805abc68a8004be17d4c4787d292645cd9e1a4cb
SRT2004-01-17-0628.txt
Posted Jan 17, 2004
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations Advisory SRT2004-01-17-0628 - Outpost Firewall versions 1.0 and 2.0 run with SYSTEM access, allowing a local user to escalate privileges.

tags | advisory, local
SHA-256 | e49c627bab85454145a426c7095bea20f3c2fa3995513f89ae6b5529a37a335b
metadot.txt
Posted Jan 16, 2004
Authored by James Bercegay | Site gulftech.org

MetaDot Portal versions 5.6.5.4b5 and below are susceptible to SQL injection vulnerabilities, Cross Site Scripting, and information disclosure attacks.

tags | advisory, vulnerability, xss, sql injection, info disclosure
SHA-256 | 2f18758617babfb1684f97c043b085cc1427dc8ed63c02c6f2033bd498c2ebce
isec-0013v2-mremap.txt
Posted Jan 15, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.

tags | advisory, arbitrary, kernel, local
systems | linux
advisories | CVE-2003-0985
SHA-256 | 0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95
phpdig16x.txt
Posted Jan 15, 2004
Authored by FraMe | Site kernelpanik.org

PhpDig version 1.6.x allows for remote command execution in its config.php script. Anybody can inject a url in the relative_script_path variable and obtain command execution with web server privileges.

tags | advisory, remote, web, php
SHA-256 | b24e855c02a2ea8f3937595116627162c9ebfb2051a870e2bd9c0282161bf0f6
KDE Security Advisory 2004-01-14.1
Posted Jan 14, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: All versions of kdepim, as distributed with KDE versions 3.1.0 through 3.1.4 inclusive, have a buffer overflow in the file information reader of VCF files.

tags | advisory, overflow
SHA-256 | 4bc3105bfc840db454199fc6055e58f5d0bb7a20944a902bb13c82ac0a4a15a3
nCipher08.txt
Posted Jan 14, 2004
Site ncipher.com

nCipher Security Advisory No. 8 - Versions 1.3.12, 1.5.18, and 1.6.18 of the payShield SPP library may return Status_OK regardless of what the real reply status should be.

tags | advisory
SHA-256 | 5c8eacd2a6a36cd561e7674a8b96098272d42a7be2267074d5251cc298560d9b
CA-2004-01.H323.txt
Posted Jan 14, 2004
Site cert.org

CERT Advisory CA-2004-01 - A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. Exploitation of these vulnerabilities may result in the execution of arbitrary code or cause a denial of service, which in some cases may require a system reboot.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
SHA-256 | 0cb8f99ad246f6fa9ef0d349c392489042110ed97fa233c5e150ecff6cf4d6e1
fishcart.txt
Posted Jan 14, 2004
Authored by Luke Campbell

FishCart versions 3.0 and below suffer from an integer overflow when using PHP2 and receiving an order of a billion or more. Patch available here.

tags | advisory, overflow
SHA-256 | 2946a8743904f2413e9d0cb500b30f4a0b3084aa946a8a95dc72993514a01cc6
racoon.txt
Posted Jan 14, 2004
Authored by Thomas Walpuski

racoon, KAME's IKE daemon, contains multiple flaws which allow for the unauthorized deletion of IPsec and ISAKMP SAs.

tags | advisory
SHA-256 | cbe0353e2d61b2cc2f27aba78a849a48ebb7737a512565da9ec47b3e188ecf13
Cisco Security Advisory 20040113-h323
Posted Jan 13, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory 20040113 - Multiple Cisco products contain vulnerabilities in the processing of H.323 messages, which are typically used in Voice over Internet Protocol (VoIP) or multimedia applications. All Cisco products running IOS software, Cisco CallManager versions 3.0 through 3.3, Cisco Conference Connection (CCC), Cisco Internet Service Node (ISN), Cisco BTS 10200 Softswitch, Cisco 7905 IP Phone H.323 Software Version 1.00, and Cisco ATA 18x series products running H.323/SIP loads with versions earlier than 2.16.1 are all susceptible to attack.

tags | advisory, vulnerability, protocol
systems | cisco
SHA-256 | c1cdc150d25e07af67e4c08b6ff2b6c9c80d58d41b90e583c3fce4af8498da16
_SRT2004-01-09-1022.txt
Posted Jan 12, 2004
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations Advisory SRT2004-01-09-1022 - Symantec LiveUpdate versions 1.70.x through 1.90.x has a vulnerability that allows local users to become SYSTEM. Products affected include Norton SystemWorks 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004, and Symantec AntiVirus for Handhelds v3.0.

tags | advisory, local
advisories | CVE-2003-0994
SHA-256 | 4c775c66c82287be41345fd9ecb5d5bd94271ba0bb0a8ddc47b1cecff85dbac8
windows.ftp.server.txt
Posted Jan 9, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

The Windows FTP Server is a small free third party ftp server which contains a format string vulnerability in v1.6.1 and below.

tags | advisory
systems | windows
SHA-256 | 2039204c5b39559e9e823c8993dc86c4a3cc6f900672113b8b81cad3cfec257c
KpyM_advisory.txt
Posted Jan 8, 2004
Authored by NoRpiUs | Site norpius.altervista.org

KpyM telnet server versions 1.05 and below for Microsoft Windows NT/2000/XP fail to properly clean up when disconnecting users, allowing for a remote attacker to commit a denial of service attack.

tags | advisory, remote, denial of service
systems | windows
SHA-256 | 19e35a6c61741ea60049be9453fbe6a7585f49c0838bab33bf7140182a1fa39e
DSA-418-1
Posted Jan 8, 2004
Authored by Debian

Debian Security Advisory DSA 418-1 - A bug was discovered in vbox3, a voice response system for isdn4linux, whereby root privileges were not properly relinquished before executing a user-supplied tcl script.

tags | advisory, root
systems | linux, debian
SHA-256 | 4e3d0b09bcb99b7635e1eb4f2bebfd98614a76ce4634492ec2f5b1e61da12109
Cisco Security Advisory 20040108-pa
Posted Jan 8, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory 20040108 - The Cisco Personal Assistant may permit unauthorized access to user configurations via the web interface. Once basic access is granted, normally disallowed user preferences and configurations can be manipulated.

tags | advisory, web
systems | cisco
SHA-256 | 628a208955b5e277f41a8d8eb77f6ceeaa449f088f78b6f236beca3b0d90cdee
yahooIM.txt
Posted Jan 8, 2004
Authored by Tri Huynh

Yahoo Instant Messenger versions 5.6.0.1351 and below are susceptible to a buffer overflow when an attacker sends a specially crafted long filename to a user and that user attempts to download the file.

tags | advisory, overflow
SHA-256 | 8a0568beb5a1a37fb1a16c64cfd423fa7d1133bc74bcb6d5c52c8088b581d4d8
inn240.txt
Posted Jan 8, 2004
Authored by Russ Allbery, Katsuhiro Kondou

A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN versions 2.3.x and below are not affected.

tags | advisory, overflow
SHA-256 | 9befdf456af553054592d9d0d38512343a4fd2cc6e31c329cb87acae468e35eb
Secunia Security Advisory 10561
Posted Jan 8, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA10561 - FSP Suite 2.x has two vulnerabilities. One allows malicious attackers to gain system access and view files outside of the web root. Another is an unspecified boundary error that can be exploited to cause a buffer overflow with the possibility of arbitrary code execution.

tags | advisory, web, overflow, arbitrary, root, vulnerability, code execution
SHA-256 | 3b71545731cea57ae4e250f6c7a638b2257a71a5353a11f5291b7162f94a393e
Secunia Security Advisory 10544
Posted Jan 8, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA10544 - A vulnerability has been identified in mpg321, allowing malicious people to execute arbitrary code. The problem is that certain strings in mp3 files are not properly verified before being used in a printf() function call. This could potentially be exploited to execute arbitrary code through malicious mp3 files and HTTP streams.

tags | advisory, web, arbitrary
SHA-256 | 78644f6aea25c8c32857c7a3337c4341fad3091687c4600a62cc20379ac2d75c
postcal.txt
Posted Jan 8, 2004
Authored by Klavs Klavsen

PostCalendar version 4.0.0 is susceptible to SQL injection attacks via its search functionality.

tags | advisory, sql injection
SHA-256 | 1a2c7aa20973af02d5af4ed28004504abcdfe546c0885a30933405efccb5680a
Page 2 of 3
Back123Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close