what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2004-04-14

iDEFENSE Security Advisory 2004-04-14.t
Posted Apr 14, 2004
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 04.14.04: The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory. Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks. The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.

tags | advisory, overflow, arbitrary, kernel, local
systems | linux
advisories | CVE-2004-0109
SHA-256 | 37ae99b004272092f2bfb32d3b0aec033f6d0b99842d8d8cde738ec767346788
emma.c
Posted Apr 14, 2004
Authored by zorlag

IRC channel key cracking utility. It attempts to crack the key to a given channel by using words from a file.

SHA-256 | ab422cee8737ea8e5c574c2dc3cf07dd3b8bbbd6278ed4df240147fec34a9a96
DumpSIS.zip
Posted Apr 14, 2004
Authored by Jimmy Shah

Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).

systems | unix
SHA-256 | d54ac18aa8d178115a015817d8e70d42a716e4539b7ed6ca335d959292094899
cdpexpl.tgz
Posted Apr 14, 2004
Authored by priestmaster | Site priestmaster.org

Proof of concept demonstration exploit for cdp versions 0.4 and below.

tags | exploit, proof of concept
SHA-256 | 71e8dcfd75673f8e3b2dd6868f7308fc0129309e7be74ce7e3020b9fd0c39176
gdbvuln.txt
Posted Apr 14, 2004
Authored by priestmaster | Site priestmaster.org

Brief tutorial on using gdb for developing exploits.

tags | paper
SHA-256 | dd65c2569a794f3b7b150515a3f2ed9f78bfb12095612a88d76604a4d0f3fa8d
perlvuln.txt
Posted Apr 14, 2004
Authored by priestmaster | Site priestmaster.org

Brief tutorial on using Perl for developing exploits.

tags | paper, perl
SHA-256 | e4720a44d55438b6c8443d0789e3f56d813d0b5b979efac1ac7a1e23c05e3fac
tutorial.txt
Posted Apr 14, 2004
Authored by priestmaster | Site priestmaster.org

Small tutorial discussing common types of exploitation methods. Cites examples and points to other papers that can provide more information.

tags | paper
SHA-256 | ace1ee12ef0af05798d0bff8c62d68803fe68f862ffc43fa3d3e621c5906609d
faset.tar
Posted Apr 14, 2004
Authored by detach | Site hackaholic.org

FASET stands for File And Stream Encryption Tool. This tool can be used to encrypt a file or to encrypt a stream, for example through a pipe. It uses strong 16 round Blowfish encryption in Cipher Block Chaining mode (CBC) and supports a maximum keysize of 448-bits (56 bytes). Full documentation for possible usage included.

tags | encryption
SHA-256 | 71ad4cebaa5c51efacb83aedbe1cb5d36519c5734816fbf43d06e8d6a6075667
Secunia Security Advisory 11358
Posted Apr 14, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11358 - A vulnerability has been discovered in BEA WebLogic Server and WebLogic Express, which potentially allows malicious people to impersonate a user or server. The problem arises when SSL connections are established. A connection may be approved if the certificate chain is valid but the custom trust manager rejects the chain. This can potentially be exploited to gain unauthorized access. Versions affected are Server and Express 7.x through 8.x.

tags | advisory
SHA-256 | aeba05f30050233ac3bee2ebf32cbe2fd0c99eee958862c1495e92f7e563aedf
Secunia Security Advisory 11356
Posted Apr 14, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11356 - A security issue has been discovered in BEA WebLogic Server and WebLogic Express, which may lead to inappropriate privileges being granted. The problem arises if a parent group is deleted because child groups remains a member, after the parent group is deleted. If a parent group is re-created and granted higher privileges, those privileges are inherited by any group, which was a member of the group before being deleted. Versions affected are Server and Express 7.x through 8.x.

tags | advisory
SHA-256 | 1c9767ef3923dd0eb87473562073b63aed6ed757a903c0ff17f1208978f88e33
SurgeLDAP10.txt
Posted Apr 14, 2004
Authored by Dr. Insane | Site members.lycos.co.uk

SurgeLDAP 1.0g suffers from a directory traversal vulnerability in the user.cgi script due to a lack of input validation.

tags | exploit, cgi
SHA-256 | 34ce5dbb260c3c2dd896e707f072cf00a0a21333f04143d00d8e2175bb2c19f1
1stClass.txt
Posted Apr 14, 2004
Authored by Dr. Insane | Site members.lycos.co.uk

1st Class mail server 4.01 suffers from a directory traversal and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 37d2fbb2a07f80804c9aaf3e8665223847ed95e04aa791e1f7c74b43a1bf0c76
ADA.image.txt
Posted Apr 14, 2004
Authored by Dr. Insane

ADA Image Server (ImgSvr) 0.4 suffers from a buffer overflow via GET requests, directory traversal vulnerabilities, and a denial of service flaw.

tags | exploit, denial of service, overflow, vulnerability
SHA-256 | 1370cfce6a031c225513a395b16a06250d429c03c51eb6ad76a3faa9db212314
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close