exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 70 of 70 RSS Feed

Files from Tim Brown

Email addresstimb at nth-dimension.org.uk
First Active2005-08-17
Last Active2023-05-18
psinjection-06_056.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The P-Synch Windows domain password reset web applications style parameter allows JavaScript injection.

tags | advisory, web, javascript
systems | windows
SHA-256 | c811e757dfd03f032fd13506676e048f9ede59a8110969e28f822537f3024761
vauninstall-06_45.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The Visionsoft Audit VSAOD server allows unauthenticated remote uninstalls.

tags | advisory, remote
SHA-256 | 32402fc81e4ee4ae9e23d1ceb60cacbf198a7d5fc6b22292f9f6fc8f8265bdf5
vareplay-06_044.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The Visionsoft Audit VSAOD server allows remote execution via replay attacks.

tags | advisory, remote
SHA-256 | 004207ae5040f7c23e2f7d9ad194d7a20cac4fec06e9f90ca3090225f8f4378b
vapassword-06-042.txt
Posted Jul 11, 2007
Authored by Tim Brown, Mark Lowe | Site portcullis-security.com

The Visionsoft Audit VSAOD server uses a weak algorithm to obscure passwords on the wire and within configuration files.

tags | advisory
SHA-256 | b6fd4cef86a7b3de8087f1a06c1b54ae2bd07778dc4aaa91dcebb564068f580a
vainifileoverwrite-06_041.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The Visionsoft Audit VSAOD server allows unauthenticated ini file overwrites.

tags | exploit
SHA-256 | 080c13ef81c71eead5eac67e36b28638bf7df5074f26812c3f11e624fd39d0bd
vaheapoverflow-06_040.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The Visionsoft Audit VSAOD server has input validation flaws which can result in an unauthenticated heap overflow.

tags | advisory, overflow
SHA-256 | 35bcdad69de32a6aedc37641dbe69fac6033d3ecd0cdbb3c608b7eb0b1ca6942
vafileoverwrite-06-039.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The Visionsoft Audit VSAOD server allows unauthenticated arbitrary file overwrites.

tags | exploit, arbitrary
SHA-256 | 6d06f3e515cfdc1f95baad70dd94df729268176755bcede76369cf643d89352f
NDSA20070524.txt
Posted Jun 11, 2007
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20070524) - The JFFNMS application has high risk issues with its authentication mechanism. These can lead to SQL injection allowing authentication bypass and Javascript injection. There is also a potential backdoor although this is unlikely to be exploitable. The JFFNMS application has default PHP scripts which can lead to information disclosure as an unauthenticated user.

tags | advisory, php, javascript, sql injection, info disclosure
SHA-256 | 474819ff3749ac56f3c7f1d1b13919e237c6efaf980c43a4b2095a7bf984b293
mtupload-06_037.txt
Posted Jun 7, 2007
Authored by Tim Brown | Site portcullis-security.com

Movable Type suffers from an arbitrary code execution flaw via the upload mechanism.

tags | advisory, arbitrary, code execution
SHA-256 | 0b31d6a0dfd7abcd18c560458c0d9865a7390a60e5b854f71a8693c098b4eb2b
mtphishing-06_36.txt
Posted Jun 7, 2007
Authored by Tim Brown | Site portcullis-security.com

Movable Type suffers from a potential phishing related vulnerability via the comments mechanism.

tags | advisory
SHA-256 | 3c276beb395f5afce929267deecd680a8fb1ea1fa06b682a26d11a36b1c85b2e
mtinjection-06_035.txt
Posted Jun 7, 2007
Authored by Tim Brown | Site portcullis-security.com

Movable Type is susceptible to a javascript injection vulnerability.

tags | advisory, javascript
SHA-256 | ab5a992f85b2ddbd9fe71384246afd15acf38ae095b23d76906d5e3cb5b11f18
mtdirectory-06_034.txt
Posted Jun 7, 2007
Authored by Tim Brown | Site portcullis-security.com

Movable Type suffers from a flaw that allows for an arbitrary directory to be set during the creation of new blogs.

tags | advisory, arbitrary
SHA-256 | 2c3558d86ef4ec68aded9d4cc30ad144683d5f54bbd56ee0b46e418c480f8eb4
mtcookie-06_033.txt
Posted Jun 7, 2007
Authored by Tim Brown | Site portcullis-security.com

Movable Type stores the login and password hash of a given account in an issued cookie allowing for replay attacks.

tags | advisory
SHA-256 | cd1e46735a3e9f778946e48e9a468c364cceb7f4ac9114579998620651d40587
mtusernameenumeration-06-038.txt
Posted Jun 7, 2007
Authored by Tim Brown | Site portcullis-security.com

Movable Type suffers from a username enumeration vulnerability.

tags | advisory
SHA-256 | ee29ddfeb701b4ef2d1a0e50162a49a9860abd02f5f86b163015b33f088e5a20
NDSA20070412.txt
Posted May 4, 2007
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20070412) - The D-Link DSL-G624T router suffers from arbitrary file inclusion and javascript insertion vulnerabilities.

tags | exploit, arbitrary, javascript, vulnerability, file inclusion
SHA-256 | 63d8bc93ef24b7dee086ae1ccdae3dd0f4a713ee1c672a963e39926fea334594
Fuzzled-1.0.tar.gz
Posted Mar 24, 2007
Authored by Tim Brown | Site portcullis-security.com

Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.

tags | protocol, fuzzer
SHA-256 | 756d0936668277d0a6e297852e5b8e31741e59e53616005718f5af29870b22fe
NDSA20070206.txt.asc
Posted Feb 8, 2007
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20070206) - The FreeProxy HTTP proxy server suffers from a denial of service condition which causes the server to hang. This occurs when an attacker makes a request for the hostname/portnumber combination in use by the server itself.

tags | advisory, web, denial of service
SHA-256 | c7b12f6799051d5027341db08ed250fa1d21493fba113dbb006a7fc84bbdda28
NDSA20060705.txt
Posted Jul 24, 2006
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20060705) - The IPCalc CGI wrapper version 0.40 is vulnerable to Javascript injection within the request URL.

tags | advisory, cgi, javascript
SHA-256 | 513ab8a7e34357e669b4f147dd257356d71af53e3132e6abbcdb05f40e3bba13
mtype-3.16.txt
Posted Nov 4, 2005
Authored by Tim Brown | Site nth-dimension.org.uk

Movable Type blogging software stores the admin username and password hash in a cookie, leaving the system vulnerable to XSS.

tags | advisory
SHA-256 | e717f6c404ec08c8a538f3e595e63353134ba9c9d6f6977e7706f15dd003b701
ADSLFR4II.txt
Posted Aug 17, 2005
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20050719) - Mentor's ADSL-FR4II router, firmware version 2.00.0111 2004.04.09, is susceptible to unauthenticated administrative access, downloading of configuration files with the system password, and denial of service attacks.

tags | exploit, denial of service
SHA-256 | 0f83b740a762a56491cbed35335983e8fef2cbc2304efae7c7441605de1e61ae
Page 3 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close