exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 131 RSS Feed

Files from Stefan Esser

Email addresssesser at hardened-php.net
First Active2001-12-26
Last Active2017-10-27
punbb125inc.txt
Posted Jul 8, 2005
Authored by Stefan Esser | Site hardened-php.net

A poorly implemented feature of PunBB's template system can lead to execution of arbitrary PHP code. Versions 1.2.5 and below are affected.

tags | advisory, arbitrary, php
SHA-256 | bf008f3b79e34eaaecc1f82ba01fb769de6f07b844f0b7f4dd8378b54d52f33e
jaws052.txt
Posted Jul 7, 2005
Authored by Stefan Esser | Site hardened-php.net

Jaws versions 0.5.2 and below are susceptible to the XML_RPC vulnerability.

tags | advisory
SHA-256 | dbbd5a4c9d50ba77f7b84fb0b0c6f6de1046a55a0a7e85335f74e2e902f7b30c
geeklog1311SQL.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Geeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.

tags | advisory, sql injection
SHA-256 | a7ca782761e0a409376d36cda0394ae4d439ee0ee330b8036371ab950806d143
cactiSQL086e-bypass.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Cacti versions 0.8.6e and below suffer from a bypass vulnerability.

tags | advisory, bypass
SHA-256 | 37222644fbba63cb60c1d66e20630458bb9114e3b3461b0895e9c3de90a9d540
cactiSQL086e-exec.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.

tags | advisory, remote
SHA-256 | b0c145d8ac8ca565a651191f53e65514cc46cb9bc24d1a177b8add989ab8cac3
cactiSQL086e-sql.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Cacti versions 0.8.6e and below suffer from multiple SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | e80c8ae4856a741ff26de5874481b3d65512de972f859e5a63a3007a466db410
advisory-012005.txt
Posted Jun 21, 2005
Authored by Stefan Esser | Site hardened-php.net

During an evaluation of Trac, an input validation vulnerability was discovered which can lead to arbitrary uploading and downloading of files with the permission of the web server.

tags | advisory, web, arbitrary
SHA-256 | f3d29acb6264e7e52acb1152dda2f9156a367be10f0e8013ba0df3ffb4203fd1
012004.txt
Posted Dec 30, 2004
Authored by Stefan Esser | Site hardened-php.net

Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.

tags | advisory, remote, arbitrary, local, php, vulnerability
advisories | CVE-2004-1018, CVE-2004-1019, CVE-2004-1063, CVE-2004-1064
SHA-256 | ed1ef90ff012b77b27997a86a514190dac77644dc99eaeeab47035e716b3d0cf
152004.txt
Posted Dec 11, 2004
Authored by Stefan Esser | Site security.e-matters.de

Cyrus IMAP server versions 2.2.8 and below suffer from several vulnerabilities that allow for remote code execution.

tags | advisory, remote, vulnerability, imap, code execution
advisories | CVE-2004-1011, CVE-2004-1012, CVE-2004-1013
SHA-256 | 7d272318585dcd23335de60a53dfe23852040f2eb2bfe3c21f847207fdd71ba2
cryus.imap.2.2.8.txt
Posted Nov 24, 2004
Authored by Stefan Esser | Site security.e-matters.de

Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.

tags | advisory, remote, vulnerability
advisories | CVE-2004-1011, CVE-2004-1012, CVE-2004-1013
SHA-256 | 54d472e1537f333c599a3d7c14b3c297aa87884e8449678168feafb1d6d5a268
142004.txt
Posted Nov 20, 2004
Authored by Stefan Esser | Site security.e-matters.de

During an audit of the smb filesystem implementation within Linux several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. The 2.4 series up to 2.4.27 is affected and the 2.6 series up to 2.6.9 is affected.

tags | advisory, overflow, kernel, vulnerability
systems | linux
advisories | CVE-2004-0883, CVE-2004-0949
SHA-256 | b7b977ebbeedcfaf0b2c7258fb9da5b47131762e6dff111d09944b9387963f4d
132004.txt
Posted Nov 20, 2004
Authored by Stefan Esser | Site security.e-matters.de

Samba versions 3 through 3.0.7 suffer from a buffer overflow inside the QFILEPATHINFO request handler. This vulnerability allows for remote code execution.

tags | advisory, remote, overflow, code execution
advisories | CVE-2004-0882
SHA-256 | 19cd039a672527a6b47d2c45a1745de3a774b639ca25e062a5e1932683d23767
php_memory_limit_remote.txt
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP memory_limit remote vulnerability allows for remote code execution on PHP servers with activated memory_limit.

tags | advisory, remote, php, code execution
advisories | CVE-2004-0594
SHA-256 | a2764c250202043b5e2fbcc945ecc7953565f046d5aa69d07e2cf18d05dc5ee3
php_strip_tags_css.txt
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.

tags | advisory, php, xss, bypass
advisories | CVE-2004-0595
SHA-256 | d66c97661142fe3d557417694547c784d192d272603cbc2f590fd731fd0ddf21
102004.txt
Posted Jun 18, 2004
Authored by Stefan Esser | Site security.e-matters.de

A vulnerability within Chora version 1.2.1 and below allows remote shell command injection.

tags | advisory, remote, shell
SHA-256 | a41aa4d39af2f221d39ccc9dc16ac042c25b39642f4b0f038fe3a4a1f40a2cfd
092004.txt
Posted Jun 10, 2004
Authored by Stefan Esser | Site security.e-matters.de

A team audit of the CVS codebase has revealed more security related problems. The vulnerabilities discovered include exploitable, potentially exploitable and simple crash bugs. Vulnerable versions are CVS feature releases up to 1.12.8 and stable release up to 1.11.16.

tags | advisory, vulnerability
advisories | CVE-2004-0414, CVE-2004-0416, CVE-2004-0417, CVE-2004-0418
SHA-256 | 155d8c19e5073cd3b1c60af1ba16f4d76266640aeb9a5c4f91e717dbed6b651a
062004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.

tags | advisory, remote, overflow, code execution
SHA-256 | fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2
082004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.

tags | advisory, remote, code execution
SHA-256 | f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88
052004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.

tags | advisory, remote, arbitrary, local, php, code execution
SHA-256 | cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49c
072004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.

tags | advisory, overflow, arbitrary
advisories | CVE-2004-0396
SHA-256 | 00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1
042004.txt
Posted May 12, 2004
Authored by Stefan Esser | Site e-matters.de

Privilege escalation is possible for users with access to the systrace device on Net-BSD and Free-BSD.

tags | advisory
systems | bsd
SHA-256 | 5055b81404726430cf6bf4f0924753685d120e9b3cabd9c41fc131e5cd09cfb0
032004.txt
Posted Mar 24, 2004
Authored by Stefan Esser | Site security.e-matters.de

Ethereal versions 0.8.14 through 0.10.2 were found to be vulnerable to thirteen remote stack overflows during a code audit. The vulnerable dissectors in question are namely: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP. Ten of the overflows allow for arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2004-0176
SHA-256 | 381080b5ef005f71331d2984b019292db1046026552c446cfec0adc047875699
trillian.txt
Posted Feb 24, 2004
Authored by Stefan Esser | Site security.e-matters.de

Trillian versions 0.71 through 0.74 and Pro versions 1.0 through 2.01 have two vulnerabilities that allow for remote compromise.

tags | advisory, remote, vulnerability
SHA-256 | 644a67bf065bdd9369181f79afb3191465a69dcc5c87f7d823e73f8dfeee5add
012004.gaim.txt
Posted Jan 26, 2004
Authored by Stefan Esser | Site security.e-matters.de

GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.

tags | advisory, remote, overflow
advisories | CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008
SHA-256 | 69198b878df83c96f86ad50feb5e689f19d7e2d127dade49757b71dc6062227c
xbox001.txt
Posted Jul 4, 2003
Authored by Stefan Esser

A vulnerability within the XBOX Dashboard allows a complete compromise of the security features. The problem lies in the handling of font files when the dashboard loads and allows a person with local access the ability to do anything they want on an XBox without having to open, solder, or swap a hard drive.

tags | advisory, local
SHA-256 | 1ba78f7ab3b8b8fec30b9ed4589338a62969e572c52acd5bd24baf88365b6875
Page 5 of 6
Back23456Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close