what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2004-05-19

advisory13.txt
Posted May 19, 2004
Authored by l0om | Site excluded.org

osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.

tags | exploit
SHA-256 | 3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136
062004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.

tags | advisory, remote, overflow, code execution
SHA-256 | fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2
082004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.

tags | advisory, remote, code execution
SHA-256 | f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88
57560.txt
Posted May 19, 2004
Site sunsolve.sun.com

Sun has released an advisory regarding Java Secure Socket Extension. Versions 1.0.3, 1.0.3_01, and 1.0.3_02 of JSEE allow malicious web sites to impersonate trusted web sites.

tags | advisory, java, web
SHA-256 | 851e00d7595e3609cd0d8cb1108c79639bd8caa83fc7bef870c762fbbbc6dff7
zencart112d.txt
Posted May 19, 2004
Authored by Oliver Minack

Zen Cart version 1.1.2d fails to properly validate user-supplied input and in turn allows remote attackers the ability to perform SQL injection attacks.

tags | advisory, remote, sql injection
SHA-256 | 00045589f8f2e0543da948284faffdb7fa5dc401045ef97d927d197cb023d1bd
052004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.

tags | advisory, remote, arbitrary, local, php, code execution
SHA-256 | cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49c
EXP_OmniHTTPd.BAT
Posted May 19, 2004
Authored by CoolICE

Remote exploit for OmniHTTPd versions 3.0a and below.

tags | exploit, remote
SHA-256 | 10a187c64b2c3812f3886a960408b6c725c3e5e4e0c7b49ebb7470c071cdf861
adv-desktopini.txt
Posted May 19, 2004
Authored by Roozbeh Afrasiabi

Certain system folders on Microsoft Windows XP are created referencing the shellclassinfo in desktop.ini, allowing for executables to be masked as elsewise.

tags | advisory
systems | windows
SHA-256 | a4456c08095c611bdcec5b288f26f62db8ddb5844e28427b806218b0eb3b2218
Publimark Steganographic Tool 0.1
Posted May 19, 2004
Authored by Gaetan Le Guelvouit | Site perso.wanadoo.fr

Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.

tags | encryption, steganography
SHA-256 | 70fb233797c4f058955d23a2a1261aec064f893c09dad24191b79f02fd293580
072004.txt
Posted May 19, 2004
Authored by Stefan Esser | Site security.e-matters.de

Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.

tags | advisory, overflow, arbitrary
advisories | CVE-2004-0396
SHA-256 | 00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1
echoart.tgz
Posted May 19, 2004
Authored by Dennis Opacki | Site mirror1.internap.com

Echoart responds to or drops ICMP echo request packets based on a pre-defined sequence, and could be used to return crude ASCII art in response to pings from a Cisco router. It works by intercepting ICMP echo request packets and consulting a pattern template to determine whether or not to respond to a specific echo request. It then uses libnet to inject responses back into the network as necessary.

tags | tool
systems | cisco, unix
SHA-256 | 10ecf023782f2a0b2403360672782eb23b5733879dc9ec87d5a1637484b8272a
lids-2.2.0pre4-2.6.6.tar.gz
Posted May 19, 2004
Authored by Xie Hua Gang | Site lids.org

The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs may access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

Changes: Bind checker bug fixed, removed fast guessing acl searching instead using old way, added lids_bprm_apply_creds.
tags | kernel, root
systems | linux
SHA-256 | 190cb7b10a07b9a096f5aa1c1f9fbac3d764e7213323fe1bdde31b65b2435858
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close