what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2004-08-10

Corsaire Security Advisory 2003-02-24.1
Posted Aug 10, 2004
Authored by Corsaire | Site corsaire.com

Corsaire Security Advisory - The ServerMask 2.0 product from Port80 fails to full obfuscate header fields as promoted in their functionality. Detailed exploitation given.

tags | exploit
advisories | CVE-2003-0105
SHA-256 | 7c87da8d19d481cd57af93b5bfb5090c438a002b7e201a42d24b3a916a318bc3
Posted Aug 10, 2004
Site security.gentoo.org

Gentoo Linux Security Advisory - Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when using the inline MIME viewer for HTML messages. Versions below and equal to 3.2.4 are vulnerable.

tags | advisory
systems | linux, gentoo
SHA-256 | 338772f1964e654a99b8dc4a6f0e980ac1e4a7ea73c917388191d47d8380d55f
Posted Aug 10, 2004
Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Process Resource Manager on all OS versions running PRM C.02.01[.01] and prior. HP PRM is also used in Workload Manager, so this also affects WLM version A.02.01 and prior as well. This vulnerability could potentially be exploited to corrupt data on a system running PRM.

tags | advisory
SHA-256 | 9f424afbc0a755d466b6bc6755b91cb3ab370a97e4a5a25e37abdd2b2a137e37
Posted Aug 10, 2004
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This release includes 18 exploits and 27 payloads; many of these exploits are either the only ones publicly available or just much more reliable than anything else out there. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.

Changes: Various updates.
tags | tool, perl
systems | windows, unix
SHA-256 | 195684a4f6d09e6f917ef6262ce313ea03c6d46913e117ac7b0c365f39688bf4
Posted Aug 10, 2004
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Fixed bugs in gnunet-update, segfault in AFS startup, warnings in gnunet-peer-info/gnunetd, and a packaging error.
tags | tool, web, udp, tcp, peer2peer
SHA-256 | 902422ab591fdb44c98c904b50391541b37caf05f20a8a05978358902698a38a
Openwall Linux Kernel Patch
Posted Aug 10, 2004
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Corrects the access control check in the Linux kernel which previously wrongly allowed any local user to change the group ownership of arbitrary NFS-exported/imported files (CVE-2004-0497). Also adds a workaround for the file offset pointer races (CVE-2004-0415).
tags | overflow, kernel
systems | linux
advisories | CVE-2004-0497, CVE-2004-0415
SHA-256 | 93acccb9dfe362d3f5fe4bb7dac727680341d124ac1770799631c5005e47afe1
Posted Aug 10, 2004
Authored by belpo | Site sid.sourceforge.net

SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.

Changes: Various updates.
tags | tool, shell, kernel, intrusion detection
systems | linux, unix, solaris
SHA-256 | d7f99cff51f03a16c57974aa7a3408056742999935580611ef1b98941a67dd8c
Posted Aug 10, 2004
Authored by Philippe Biondi | Site secdev.org

Etherpuppet is a small program for Linux that will create a virtual interface (TUN/TAP) on one machine from the ethernet interface of another machine through a TCP connection. Everything seen by the real interface will be seen by the virtual one. Everything sent to the virtual interface will be emitted by the real one. It has been designed because one often has a small machine as his Internet gateway, and sometimes want to run some big applications that need raw access to this interface, for sniffing (Ethereal, etc.) or for crafting packets that do not survive being reassembled, NATed, etc. It can even run on Linux embedded routers such as the Linksys WRT54G.

tags | tcp
systems | linux
SHA-256 | 863b14ae38d57610a3f33bb0a980374d2bd5221a339d16cc7410e46504b28957
Posted Aug 10, 2004
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: Various bug fixes.
tags | imap, library
SHA-256 | aaaf4fa43812eb36dbf0bd7f4c5ebe6dd0791f282df704e0f737d1764d895a5a
Posted Aug 10, 2004
Authored by at4r

Serv-u local exploit that achieves SYSTEM privileges using an old known buffer overflow. Tested against version Lower versions are also susceptible.

tags | exploit, overflow, local
SHA-256 | 473ef11f792615061dda874fb67854ff071fc75cf98c38a620e638cd1fd1ead6
Posted Aug 10, 2004
Authored by Roses Labs Innovations (RL+I) | Site roseslabs.com

Web Audit Library (Wal) is a python module that provides a powerful and easy API for writing web applications assessment tools, similar to what Libwhisker does for Perl. Wal comes from the need of such a library for python. Writing web security tools using Wal is very straightforward. Wal provides the following features: send/receive/analyze HTTP 0.9/1.0/1.1, HTML parser, cookie support, anti-IDS, decoders/encoders, and much more. Requires python 2.3 or later.

tags | web, perl, python, library
SHA-256 | d766189ecc039b81c388c3fd4c5c97f4f7a228f1e49597be0d0ef1a1d0fe0a29
Core Security Technologies Advisory 2004.0714
Posted Aug 10, 2004
Authored by Core Security Technologies, Juan Pablo Martinez Kuhn | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0714 - Cfengine is susceptible to multiple vulnerabilities. Two were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests. These vulnerabilities are present in versions 2.0.0 to 2.1.7p1 of cfservd.

tags | advisory, remote, arbitrary, root, vulnerability
SHA-256 | 972d6fe44e1fb797e09e548c7999686a7e9c3eebf006c0c00a601a175aa174e5
Posted Aug 10, 2004
Authored by Dominus Vis

Williams Database Page Parser version 1.0 allows for arbitrary code execution due to a lack of input validation.

tags | exploit, arbitrary, code execution
SHA-256 | cbfa8c12c73d5c756aba20353eca3e25bba564b0698a166dd0991457ad84a4a7
Posted Aug 10, 2004
Authored by Anthony Debhian

Special requests using PHP on Apache go unlogged and cause a segfault. Tested systems: Windows / Apache 1.3.31 / PHP 5.0.0, Windows / Apache 1.3.27 / PHP 4.3.3, Linux / Apache 1.3.24 / PHP 4.2.

tags | advisory, php
systems | linux, windows
SHA-256 | 0d6e35558759b1bdcd894b8bb220468dfd6b6bf378afd89402c3fdd83f660625
Posted Aug 10, 2004
Authored by Matt Oyer | Site Spiffomatic64.com

Typepad weblogging service is susceptible to a cross site scripting flaw.

tags | advisory, xss
SHA-256 | 11a5c797b20a6de2049a9f83ce9f07498398ce19087e85ec4771c68b6709cfef
Posted Aug 10, 2004
Authored by Javier Ubilla Brenni

Moodle versions 1.3 and below suffer from multiple cross site scripting flaws.

tags | advisory, xss
SHA-256 | 39474593751158e5581fbeb17433849d7501b0600c4082a99e0be49a561c7f56
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By