what you don't know can hurt you
Showing 101 - 125 of 131 RSS Feed

Files from Stefan Esser

Email addresssesser at hardened-php.net
First Active2001-12-26
Last Active2017-10-27
punbb125inc.txt
Posted Jul 8, 2005
Authored by Stefan Esser | Site hardened-php.net

A poorly implemented feature of PunBB's template system can lead to execution of arbitrary PHP code. Versions 1.2.5 and below are affected.

tags | advisory, arbitrary, php
MD5 | 1e67b4d7769ff8246d640802140b8d3d
jaws052.txt
Posted Jul 7, 2005
Authored by Stefan Esser | Site hardened-php.net

Jaws versions 0.5.2 and below are susceptible to the XML_RPC vulnerability.

tags | advisory
MD5 | d165445ede5d8db236cb4070ea15b7e6
geeklog1311SQL.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Geeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.

tags | advisory, sql injection
MD5 | 27a6547a764e1e168f720866f6ec3118
cactiSQL086e-bypass.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Cacti versions 0.8.6e and below suffer from a bypass vulnerability.

tags | advisory, bypass
MD5 | 8a450717ab6be045b80d9adc44587e11
cactiSQL086e-exec.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.

tags | advisory, remote
MD5 | 28a380b8974a64655416e4c86b805aa8
cactiSQL086e-sql.txt
Posted Jul 7, 2005
Authored by Stefan Esser

Cacti versions 0.8.6e and below suffer from multiple SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
MD5 | 7e7bef22b99156c9f04e5141435a4aae
advisory-012005.txt
Posted Jun 21, 2005
Authored by Stefan Esser | Site hardened-php.net

During an evaluation of Trac, an input validation vulnerability was discovered which can lead to arbitrary uploading and downloading of files with the permission of the web server.

tags | advisory, web, arbitrary
MD5 | 00dba04475bd475b6868aa919975df73
012004.txt
Posted Dec 30, 2004
Authored by Stefan Esser | Site hardened-php.net

Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.

tags | advisory, remote, arbitrary, local, php, vulnerability
advisories | CVE-2004-1018, CVE-2004-1019, CVE-2004-1063, CVE-2004-1064
MD5 | 0a640e9df71b3112012863be676b587e
152004.txt
Posted Dec 11, 2004
Authored by Stefan Esser | Site security.e-matters.de

Cyrus IMAP server versions 2.2.8 and below suffer from several vulnerabilities that allow for remote code execution.

tags | advisory, remote, vulnerability, imap, code execution
advisories | CVE-2004-1011, CVE-2004-1012, CVE-2004-1013
MD5 | 376d387fe5ca3758423f2541a97b5b72
cryus.imap.2.2.8.txt
Posted Nov 24, 2004
Authored by Stefan Esser | Site security.e-matters.de

Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.

tags | advisory, remote, vulnerability
advisories | CVE-2004-1011, CVE-2004-1012, CVE-2004-1013
MD5 | d4db20d02f1bf3f8bb227f7379525a1a
142004.txt
Posted Nov 20, 2004
Authored by Stefan Esser | Site security.e-matters.de

During an audit of the smb filesystem implementation within Linux several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. The 2.4 series up to 2.4.27 is affected and the 2.6 series up to 2.6.9 is affected.

tags | advisory, overflow, kernel, vulnerability
systems | linux
advisories | CVE-2004-0883, CVE-2004-0949
MD5 | 6dbd64513c8583c5c3583aa170d5180b
132004.txt
Posted Nov 20, 2004
Authored by Stefan Esser | Site security.e-matters.de

Samba versions 3 through 3.0.7 suffer from a buffer overflow inside the QFILEPATHINFO request handler. This vulnerability allows for remote code execution.

tags | advisory, remote, overflow, code execution
advisories | CVE-2004-0882
MD5 | 2e206dfee16b6d2c1db677d7fc949b5d
php_memory_limit_remote.txt
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP memory_limit remote vulnerability allows for remote code execution on PHP servers with activated memory_limit.

tags | advisory, remote, php, code execution
advisories | CVE-2004-0594
MD5 | 4cbf9d53c4b6392a1826cd5673b6db43
php_strip_tags_css.txt
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.

tags | advisory, php, xss, bypass
advisories | CVE-2004-0595
MD5 | 863e7ba7525c9271c3acb7416575f74b
102004.txt
Posted Jun 18, 2004
Authored by Stefan Esser | Site security.e-matters.de

A vulnerability within Chora version 1.2.1 and below allows remote shell command injection.

tags | advisory, remote, shell
MD5 | 3aab4d75b9247695736206b05711ca82
092004.txt
Posted Jun 10, 2004
Authored by Stefan Esser | Site security.e-matters.de

A team audit of the CVS codebase has revealed more security related problems. The vulnerabilities discovered include exploitable, potentially exploitable and simple crash bugs. Vulnerable versions are CVS feature releases up to 1.12.8 and stable release up to 1.11.16.

tags | advisory, vulnerability
advisories | CVE-2004-0414, CVE-2004-0416, CVE-2004-0417, CVE-2004-0418
MD5 | 15d5f057bf9e9a5cec1e69c9dad30bbc
062004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.

tags | advisory, remote, overflow, code execution
MD5 | c6bfda648f44323f5cda88b0d79b9cb7
082004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.

tags | advisory, remote, code execution
MD5 | d795881a64a6d0778dd44d89589da77f
052004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.

tags | advisory, remote, arbitrary, local, php, code execution
MD5 | 21f10be7bea92bf3e9b8f03c6050e747
072004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.

tags | advisory, overflow, arbitrary
advisories | CVE-2004-0396
MD5 | 09c615ca4949fdcef92d552a9c7314a9
042004.txt
Posted May 12, 2004
Authored by Stefan Esser | Site e-matters.de

Privilege escalation is possible for users with access to the systrace device on Net-BSD and Free-BSD.

tags | advisory
systems | bsd
MD5 | 49fa1fca88a85d53ede2e382323be478
032004.txt
Posted Mar 24, 2004
Authored by Stefan Esser | Site security.e-matters.de

Ethereal versions 0.8.14 through 0.10.2 were found to be vulnerable to thirteen remote stack overflows during a code audit. The vulnerable dissectors in question are namely: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP. Ten of the overflows allow for arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2004-0176
MD5 | 68b1a8f4d3a89c77a5ba179a4b799202
trillian.txt
Posted Feb 24, 2004
Authored by Stefan Esser | Site security.e-matters.de

Trillian versions 0.71 through 0.74 and Pro versions 1.0 through 2.01 have two vulnerabilities that allow for remote compromise.

tags | advisory, remote, vulnerability
MD5 | 85754744a2d93a8e680aa1b45f9814bd
012004.gaim.txt
Posted Jan 26, 2004
Authored by Stefan Esser | Site security.e-matters.de

GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.

tags | advisory, remote, overflow
advisories | CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008
MD5 | b81311fcacc952cd8b3e41cb8cdb91f7
xbox001.txt
Posted Jul 4, 2003
Authored by Stefan Esser

A vulnerability within the XBOX Dashboard allows a complete compromise of the security features. The problem lies in the handling of font files when the dashboard loads and allows a person with local access the ability to do anything they want on an XBox without having to open, solder, or swap a hard drive.

tags | advisory, local
MD5 | c53425be642b4fc191bee6b9a9937a15
Page 5 of 6
Back23456Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close