exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2004-05-19

advisory13.txt
Posted May 19, 2004
Authored by l0om | Site excluded.org

osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.

tags | exploit
SHA-256 | 3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136
062004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.

tags | advisory, remote, overflow, code execution
SHA-256 | fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2
082004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.

tags | advisory, remote, code execution
SHA-256 | f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88
57560.txt
Posted May 19, 2004
Site sunsolve.sun.com

Sun has released an advisory regarding Java Secure Socket Extension. Versions 1.0.3, 1.0.3_01, and 1.0.3_02 of JSEE allow malicious web sites to impersonate trusted web sites.

tags | advisory, java, web
SHA-256 | 851e00d7595e3609cd0d8cb1108c79639bd8caa83fc7bef870c762fbbbc6dff7
zencart112d.txt
Posted May 19, 2004
Authored by Oliver Minack

Zen Cart version 1.1.2d fails to properly validate user-supplied input and in turn allows remote attackers the ability to perform SQL injection attacks.

tags | advisory, remote, sql injection
SHA-256 | 00045589f8f2e0543da948284faffdb7fa5dc401045ef97d927d197cb023d1bd
052004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.

tags | advisory, remote, arbitrary, local, php, code execution
SHA-256 | cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49c
EXP_OmniHTTPd.BAT
Posted May 19, 2004
Authored by CoolICE

Remote exploit for OmniHTTPd versions 3.0a and below.

tags | exploit, remote
SHA-256 | 10a187c64b2c3812f3886a960408b6c725c3e5e4e0c7b49ebb7470c071cdf861
adv-desktopini.txt
Posted May 19, 2004
Authored by Roozbeh Afrasiabi

Certain system folders on Microsoft Windows XP are created referencing the shellclassinfo in desktop.ini, allowing for executables to be masked as elsewise.

tags | advisory
systems | windows
SHA-256 | a4456c08095c611bdcec5b288f26f62db8ddb5844e28427b806218b0eb3b2218
Publimark Steganographic Tool 0.1
Posted May 19, 2004
Authored by Gaetan Le Guelvouit | Site perso.wanadoo.fr

Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.

tags | encryption, steganography
SHA-256 | 70fb233797c4f058955d23a2a1261aec064f893c09dad24191b79f02fd293580
072004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.

tags | advisory, overflow, arbitrary
advisories | CVE-2004-0396
SHA-256 | 00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1
echoart.tgz
Posted May 19, 2004
Authored by Dennis Opacki | Site mirror1.internap.com

Echoart responds to or drops ICMP echo request packets based on a pre-defined sequence, and could be used to return crude ASCII art in response to pings from a Cisco router. It works by intercepting ICMP echo request packets and consulting a pattern template to determine whether or not to respond to a specific echo request. It then uses libnet to inject responses back into the network as necessary.

tags | tool
systems | cisco, unix
SHA-256 | 10ecf023782f2a0b2403360672782eb23b5733879dc9ec87d5a1637484b8272a
lids-2.2.0pre4-2.6.6.tar.gz
Posted May 19, 2004
Authored by Xie Hua Gang | Site lids.org

The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs may access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

Changes: Bind checker bug fixed, removed fast guessing acl searching instead using old way, added lids_bprm_apply_creds.
tags | kernel, root
systems | linux
SHA-256 | 190cb7b10a07b9a096f5aa1c1f9fbac3d764e7213323fe1bdde31b65b2435858
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close