exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2004-05-30

Secunia Security Advisory 11724
Posted May 30, 2004
Authored by Secunia, David Brown, Aaron, Ren Puls

Apple has issued an updated version of Mac OS X, which fixes many unspecified vulnerabilities. An unspecified error reportedly exists within the NFS logging functionality when tracing system calls. Another unspecified error reportedly exists within LoginWindow when handling directory services lookups and console log files. Yet still another unspecified error exists within Packaging during package installation. Not to mention another unspecified error exists within the TCP/IP stack implementation when handling out-of-sequence TCP packets. Two more unspecified errors exist within AppleFileServer when using SSH and reporting errors and within Terminal when handling URLs.

tags | advisory, tcp, vulnerability
systems | apple, osx
SHA-256 | b46294fcf891e166c1351e0f4c3af5105060325db5d31033b1620b4ca1e2bde8
Secunia Security Advisory 11723
Posted May 30, 2004
Authored by Secunia, Steve Rumble

OpenBSD has issued an update for xdm. This fixes a security issue, which potentially may allow malicious users to gain unintended access to a system. A CVS version of XFree86 xdm, which is included in some versions of OpenBSD, has an error that causes it to listen for queries on a random TCP socket, even though requestPort is set to 0 in the configuration file.

tags | advisory, tcp
systems | openbsd
SHA-256 | c82f31032c3a636e7f95a92cb1b1e6670b590120dc40af3b103d4cf8b2e8d341
Posted May 30, 2004
Authored by Matt Zimmerman | Site debian.org

Debian Security Advisory DSA 510-1 - jaguar discovered a format string vulnerability in jftpgw, an FTP proxy program, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of the jftpgw server process, which runs as user nobody by default.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2004-0448
SHA-256 | f55238d5fd6e9e9d981a76a2e1dc889b92861edfce10fd634692ef07f9ada8e8
Posted May 30, 2004
Authored by Matt Zimmerman | Site debian.org

Debian Security Advisory DSA 509-1 - Steve Kemp discovered a vulnerability in xatitv, one of the programs in the gatos package. If an administrator removes the default configuration file, a local attacker can escalate to root privileges.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2004-0395
SHA-256 | 3ce34d6d1e5e9badae4bd01e62d08cce72041031812e1163569eaca982b69ca5
Posted May 30, 2004
Authored by Janek Vind aka waraxe | Site waraxe.us

e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.

tags | exploit, remote, xss, sql injection, file inclusion
SHA-256 | 4648aabab47f7963e174173f3f04af7209fa7f43cb1be7217a8b81b3f861061f
Posted May 30, 2004
Authored by crypt0 | Site cyber-war.org

A cross site scripting vulnerability exist in the BBcodes of the LDU forum.

tags | advisory, xss
SHA-256 | 4a3e65669a7cee6e80864864c994010c9a21cbf66af3198951616a455f45c9e1
Posted May 30, 2004
Authored by Chintan Trivedi | Site eos-india.net

Mollensoft Hyperion FTP Server version 3.6 is vulnerable to a buffer overflow attack via the CD command.

tags | advisory, overflow
SHA-256 | d3a915968b3a808a8aab52a590f6e69f951b643bc6a5e43b19d531415b94bfe3
Posted May 30, 2004
Authored by Maciek Wierciski

JPortal is susceptible to SQL injection attacks and also stores the administrator password in the clear.

tags | exploit, sql injection
SHA-256 | c0618cb8789156cdb22120276d0f52027e54887b23146267952c77d16f08b639
Posted May 30, 2004
Authored by Michel Blomgren aka Shadowinteger | Site cycom.se

rrs is a reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). The listener will accept the connection and receive a shell from the remote host. rrs features full pseudo-tty support, full OpenSSL support (high encryption, client/server authentication, choice of cipher suites), Twofish encryption, a simple XOR cipher, plain-text (unencrypted) session, peer-side session monitoring (snooping), daemon option and reconnection features. rrs is Free Software distributed under the MIT License and is known to compile and run under Linux, FreeBSD, NetBSD, OpenBSD and QNX.

Changes: The -C option can now include several certificate files. This release also added CRL (Certificate Revocation List) support, the ability to choose the source port when connecting out (instead of having the kernel assign a source port), setuid support, and SSLv3 and SSLv2 support (not just TLSv1 as before). openssl_scripts was added, which contains a set of scripts to easily create a root CA, subordinate CA, and client/server certificates, and sign and revoke certificates.
tags | remote, shell
systems | linux, netbsd, unix, freebsd, openbsd
SHA-256 | ffd9098cf93da5bda65150fe241ec51eb0eb0e37edca038e6a2216bc12546e85
Page 1 of 1

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By