exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2004-03-17

Cisco Security Advisory 20040317-openssl
Posted Mar 17, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory 20040317 - A new vulnerability in the OpenSSL implementation for SSL has been announced. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2004-0079, CVE-2004-0112
SHA-256 | 42b7301b69fb615efdd79960fe4a0a79c2e23d757d2404a1777bb41cce77e433
secadv_20040317.txt
Posted Mar 17, 2004
Site openssl.org

OpenSSL Security Advisory - A Null-pointer assignment during an SSL handshake can result in a denial of service. Versions 0.9.6c to 0.9.6k and 0.9.7a to 0.9.7c are affected by this issue. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected by another vulnerability in the handling of Kerberos ciphersuites that can cause OpenSSL to crash. Patches are attached to the advisory.

tags | advisory, denial of service
advisories | CVE-2004-0079, CVE-2004-0112
SHA-256 | 74e5edb8b95d18badf28cf2d243789474aa52058185bcdddde38d9e1318f98b5
phpx324.txt
Posted Mar 17, 2004
Authored by Ryan Wray aka HelloWorld

PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.

tags | exploit
SHA-256 | fb0bbfeaadbd58d619c24ee87dd0140c31f995df5bbf874802ab65ece9d08f64
Adv-20040315.txt
Posted Mar 17, 2004
Authored by Evgeny Legerov | Site s-quadra.com

S-Quadra Advisory #2004-03-15 - ModSecurity 1.7.4 for the Apache 2.x webserver series is vulnerable to a remote off-by-one overflow that allows for arbitrary code execution. Version 1.7.5 has been released to address this issue.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 46914b1d1e2b2200f173555807ff77394e863e8d79257fe7862682dac2771be0
mambo45.txt
Posted Mar 17, 2004
Authored by James Bercegay | Site gulftech.org

The Mambo Open Source web content management system version 4.5 stable 1.0.3 and earlier suffers from multiple vulnerabilities including cross site scripting, SQL injection, and query tampering.

tags | exploit, web, vulnerability, xss, sql injection
SHA-256 | eb69cdd423873abc07892485078b6e9b2d11df2891ed76993754c49b73c5c23c
jelsoftvb.txt
Posted Mar 17, 2004
Authored by James Bercegay | Site gulftech.org

Jelsoft vBulletin 3.0.0 RC4 and other releases and susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 9ba7da743e628349c8ee4a1a744b90aa09ff076bcd1c22b86689eb34a1126b4e
crafty.zip
Posted Mar 17, 2004
Authored by Angelo Rosiello | Site rosiello.org

Local exploit for the Crafty game versions 19.3 and below that makes use of a buffer overflow vulnerability. Tested on Red Hat 9.0 and Slackware 8.0.

tags | exploit, overflow, local
systems | linux, redhat, slackware
SHA-256 | 82dbacb90891acc5cb1caec18b225e003314199535445fa71cd2de41626faf7d
crafty-adv.txt
Posted Mar 17, 2004
Authored by Debian | Site rosiello.org

A vulnerability exists in the Crafty game versions 19.3 and below that allows a local user to escalate privileges via a buffer overflow.

tags | advisory, overflow, local
SHA-256 | d713ebffde11218f34d8b01dc14e79a08b13899fd42c6dc9b3f2f306677c6691
phorum503.txt
Posted Mar 17, 2004
Authored by James Bercegay

Cross site scripting vulnerabilities exists in Phorum versions 5.0.3 Beta and below.

tags | exploit, vulnerability, xss
SHA-256 | 5b4e2faeef8fc7c76847ad3ef1332b7b89e7e904e4fcb3dad65ce3a6d8adb457
waraxe-2004-SA007.txt
Posted Mar 17, 2004
Authored by Janek Vind aka waraxe

Both cross site scripting and SQL injection vulnerabilities exist in the 4nGuestbook version 0.92 module for PHP-Nuke versions 6.5 through 6.9.

tags | exploit, php, vulnerability, xss, sql injection
SHA-256 | f732ec2b913b6d095bd8180dac6ad638b87e3c15c8c333cfdacde98395e7fb6d
waraxe-2004-SA006.txt
Posted Mar 17, 2004
Authored by Janek Vind aka waraxe

The 4nalbum module for PHP-Nuke versions 6.5 to 7.0 suffers from path disclosure, cross site scripting, remote file inclusion, and SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection, file inclusion
SHA-256 | b72910a8ea7f3795a3370ca420ebdd0d9f784cdcd93d78ee2fde747165559de9
waraxe-2004-SA005.txt
Posted Mar 17, 2004
Authored by Janek Vind aka waraxe

PHP-Nuke 7.1.0 is susceptibel to multiple cross site scripting attacks.

tags | exploit, php, xss
SHA-256 | bf21be75eb9e862841810c4026922d4b2d10f41775f4e6120c0f1755aee6e9a2
soapy.txt
Posted Mar 17, 2004
Authored by Amit Klein | Site SanctumInc.com

Multiple vendors suffer from a denial of service vulnerability in their SOAP servers. Products affected: Macromedia ColdFusion/MX 6.0 and 6.1, ColdFusion/MX 6.0 and 6.1 J2EE, all editions of Macromedia JRun 4.0, and Sun Java System Application Server 7 Update 2 Upgrade and prior releases.

tags | advisory, java, denial of service
SHA-256 | edfd88863f29ed6adcb5fa19d6baa42407918c5ba0a3e4f0296be2a21ea83fbd
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close