what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 193 RSS Feed

Files Date: 2004-03-01 to 2004-03-31

Posted Mar 30, 2004
Authored by Ken Hollis - Gandalf The White | Site digital.net

White-paper discussing the Rose Attack method and how sending two parts of a fragmented packet can cause various outcomes to network devices, including denial of service problems.

tags | paper, denial of service
SHA-256 | 3d7604ffc5be0c9126874bf0b8d3dd64bdcb8b87b90db27a1d52ee96c322c87a
Posted Mar 30, 2004
Site imperva.com

White-paper from Imperva's Application Defense Center discussing the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far great than worms targeting commercial infrastructure.

tags | paper, worm, web
SHA-256 | 749f77d25ab5aed09537e587454e97afc0fb0f15bc5ef11504827972d2ef0d98
Posted Mar 30, 2004
Authored by Yanosz

PHPKIT version 1.6.03 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 0e9f13f39f0629b6717e15fd8fd08fd262f7ba7663d8bb985d87444d8acb4245
Posted Mar 30, 2004
Authored by Stephan Schmieder | Site bsd-security.org

Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.

tags | tool, perl, sniffer
SHA-256 | 3d9a0bfee7572f4bfdbabc635748203efd9db23d46369073d9c9bc4549d93caa
Rapid7 Security Advisory 17
Posted Mar 30, 2004
Authored by Rapid7 | Site rapid7.com

Rapid7 Security Advisory - tcpdump versions 3.8.1 and below contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, tcpdump will try to read beyond the end of the packet capture buffer and crash.

tags | advisory, protocol
advisories | CVE-2004-0183, CVE-2004-0184
SHA-256 | bf610b65d6dfc6a1e758210dd11a41752fa7ae6f05f82c0910e413398c61725a
Posted Mar 30, 2004
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.

tags | advisory
SHA-256 | 64158a7cf03bea19c8dd9020b9f99b7e6bcf2fe97d86ac1d244377dc6d5c7978
Posted Mar 30, 2004
Authored by Guido van Rooij, Arjan de Vet | Site madison-gurkha.com

Hard coded login sequence values for Oracle SSO allow for easy man in the middle attacks.

tags | advisory
SHA-256 | 7b8e79653622db46a6b91adc1109b89bba51e9e2a63859147c6505fd5a25220e
Posted Mar 30, 2004
Authored by Gabucino

MPlayer Security Advisory #002 - A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header (Location:), and trick MPlayer into executing arbitrary code upon parsing that header. Versions affected: MPlayer 0.90pre series, MPlayer 0.90rc series, MPlayer 0.90, MPlayer 0.91, MPlayer 1.0pre1, MPlayer 1.0pre2, MPlayer 1.0pre3.

tags | advisory, web, overflow, arbitrary
SHA-256 | f5cc85b108a50d1675f96946734a505c74cbf8a7e20335d3382143ea84a4a043
Posted Mar 30, 2004
Authored by l0om | Site excluded.org

Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().

tags | advisory
SHA-256 | c4b9e905084bd1c5af9e8ca8c970424ede8be3a4306833892f7fe3f5f705853b
Posted Mar 30, 2004
Authored by Liu Die Yu | Site umbrella.name

WinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation.

systems | windows
SHA-256 | e05e96d6664ad70dda00e55a3b95e7a18f3b7db5c0473f9d3cf6e74e974d8c66
FreeBSD Security Advisory 2004.6
Posted Mar 29, 2004
Authored by The FreeBSD Project, Katsuhisa ABE, Colin Percival | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6 - Applications may manipulate the behavior of an IPv6 socket using the setsockopt(2) system call. This may allow a local attacker to read portions of kernel memory.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2004-0370
SHA-256 | 70e1c4c7ccbdf1b90bac831af83ac26a62adca45386ee48ac5f0dfdafab17978
Posted Mar 29, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 469-1 - Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to authenticate using a PostgreSQL database. The library does not escape all user-supplied data that are sent to the database. An attacker could exploit this bug to insert SQL statements.

tags | advisory
systems | linux, debian
advisories | CVE-2004-0366
SHA-256 | e04e7014ae9789fdab12a457b44dc8b74065eb9f8b174a4afde885751bd74765
Posted Mar 29, 2004
Authored by Manuel Lopez

A-CART Pro and A-CART 2.0 suffer from input validation holes that allow for SQL injection and cross site scripting attacks. Full exploitation demonstrated.

tags | exploit, xss, sql injection
SHA-256 | 8f3fb7e46432c3d39ecb946dbebf7c30a6f165544414b8ef971ac87628e8bb6b
Posted Mar 29, 2004
Site redhat.com

Red Hat Security Advisory RHSA-2004:134-01 - A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 and earlier. If a Squid configuration uses Access Control Lists (ACLs), a remote attacker could create URLs that would not be correctly tested against Squid's ACLs, potentially allowing clients to access prohibited URLs.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2004-0189
SHA-256 | 39303053afa5c4c6ad8257b0ae22265b1b4be246171e3264649c906efbc46a35
Posted Mar 28, 2004
Authored by Simon Boulet

WebCT Campus Edition 4.1 suffers from cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 9811273a7d7f6f67502a55786b4bd23a23642644d3f8eaebf2dc404d231626bb
Posted Mar 28, 2004
Authored by Dotho | Site Badcode.org

Cloisterblog version 1.2.2 does not perform proper parameter auditing derived from user inputs allowing for multiple cross site scripting issues and also directory traversal attacks.

tags | exploit, xss
SHA-256 | ad7a65199d44ffe90b5967f13b1fb489c3ed72e4ea746029182cab805dea4ea6
Invision Gallery 1.0.1 SQL Injection
Posted Mar 28, 2004
Authored by James Bercegay | Site gulftech.org

Invision Gallery version 1.0.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2004-1835, OSVDB-4472
SHA-256 | d98347f9af4bab53d06e75dd9b5f371ddf4650a1a25b680feefcfc90104fc437
Posted Mar 28, 2004
Authored by Sam Chen

RealSecure / BlackICE iss_pam1.dll remote overflow exploit.

tags | exploit, remote, overflow
SHA-256 | e2fc858b9f9cc7a467f97fb6df2ab7fd3ca8487e650f1c461da6ed12d27856a1
Posted Mar 28, 2004
Authored by Nilanjan De, Abhisek Datta | Site eos-india.net

Ethereal IGAP Dissector Message overflow remote root exploit that spawns a shell on port 31337. Makes use of the vulnerability that exists between versions 0.10.0 to 0.10.2. Tested under Gentoo and RedHat 8.

tags | exploit, remote, overflow, shell, root
systems | linux, redhat, gentoo
SHA-256 | e66736e8f6c88b3f65c10debc6650dc308d86154626ac036dbc5e4f7693e4f95
Posted Mar 27, 2004
Authored by Rstack Team | Site rstack.org

Rstack Team Security Advisory RSTACK-20040325 - Nstxd has been found vulnerable to a denial of service attack due to a null-pointer-dereference.

tags | advisory, denial of service
SHA-256 | d4de4aa22804d1da1775735c057713af54e0dd21b46baab500dfe906cb86973f
Posted Mar 27, 2004
Authored by Ferruh Mavituna | Site ferruh.mavituna.com

Blogger from Google has a cross site scripting flaw.

tags | advisory, xss
SHA-256 | 8a582098eeb59bd8ee61257aed05f705b240695f0136b5bdd5944e557c59a20b
Posted Mar 27, 2004
Authored by penfold

Bblog has a cross site scripting flaw.

tags | advisory, xss
SHA-256 | 32065e8690bb819df575b5e57206a3b622828287600f3749bf4ad343d7161ca6
Posted Mar 27, 2004
Authored by Janek Vind aka waraxe

A SQL injection vulnerability in PHPBB versions 2.0.8 and below allows an attacker the ability to extract the administrator password hash.

tags | exploit, sql injection
SHA-256 | 79435b6428a517c7a224d8c38bddd4759ed0c9fd6cec34a473af09fcbbf5d078
Posted Mar 27, 2004
Authored by Janek Vind aka waraxe

Multiple SQL injection and cross site scripting vulnerabilities lie in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta. Full exploitation syntax given.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | bd4cabcfa43f68af65bfece48818f4435386a8180e4f61c0fdeb6b20508d212d
Posted Mar 27, 2004
Authored by spiffomatic 64

Invision NetSupport School Pro stores passwords in a manner that allows their encryption to be easily reversed. Exploit written in Pascal is included.

tags | exploit
SHA-256 | eebc0c7480c35293df0babcb826181b8e49fd1c0911c945d3fcdd53716fc2014
Page 1 of 8

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By