Exploit the possiblities
Showing 1 - 25 of 92 RSS Feed

Files Date: 2004-10-13

ms04-033.txt
Posted Oct 13, 2004
Site microsoft.com

A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

tags | advisory, remote, code execution
advisories | CVE-2004-0846
MD5 | 8ac34f46616424a2cf3eab223a33b189
Core Security Technologies Advisory 2004.0802
Posted Oct 13, 2004
Authored by Core Security Technologies, Lucas Lavarello, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

tags | advisory, arbitrary, tcp, vulnerability, protocol
advisories | CVE-2004-0574
MD5 | 3767536a66a321173703c6796a2a86c7
Secunia Security Advisory 12671
Posted Oct 13, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in three Microsoft Office Viewers, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 6a6310155e09080c1f5821e0106b3cb2
iis5x60.txt
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
MD5 | d636fbfbfd62a943037a1b53f5ac87d5
cabarc.txt
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Microsoft cabarc suffers from a directory traversal attack.

tags | exploit
MD5 | 20a56be84b1b67938e5b260c392522ac
adobeReader6.txt
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.

tags | advisory, local
MD5 | afca4db1b05b72fc6565467b47db3c99
Yeemp.html
Posted Oct 13, 2004
Authored by deekoo

A vulnerability has been reported in Yeemp, which can be exploited by malicious people to spoof their identity. If you are using Yeemp 0.9.9 or earlier, upgrading is recommended.

tags | advisory, spoof
MD5 | 76dac4d20b158f3c40b739fab7969b80
SP916BM.txt
Posted Oct 13, 2004
Authored by Mr. Joe

When powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.

tags | advisory
MD5 | 5b56adbdef7d0bc84a16646ab15ab5de
Clam AntiVirus Toolkit 0.80rc4
Posted Oct 13, 2004
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Various fixes and updates. Improved on-access scanning. Updated docs.
tags | virus
systems | unix
MD5 | 5c02d52c361f04098a9956478f8654a0
Secunia Security Advisory 12789
Posted Oct 13, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in IceWarp Web Mail, where some can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, vulnerability, xss
MD5 | 79bae4498d57093d8534364790d9f6e7
101_ypops.cpp
Posted Oct 13, 2004
Authored by class101, Behrang Fouladi

YahooPOPS version 1.6 and prior SMTP port buffer overflow exploit version 0.1. Binds a shell to port 101.

tags | exploit, overflow, shell
MD5 | 0d5056eaf4d9cdc2944e37a93bdd4e78
win2k3DACL.txt
Posted Oct 13, 2004
Authored by Edward Ziots

In regard to Windows 2003 Servers, both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect to the SCM and start and stop these services at will, which in the case of the Internet Connection Firewall Service could cause many headaches for your service based systems.

tags | advisory
systems | windows
MD5 | 2fed6aad41ba46b945c2d14ef97bbb3e
iDEFENSE Security Advisory 2004-10-11.t
Posted Oct 13, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.

tags | advisory, remote, web, denial of service
advisories | CVE-2004-0918
MD5 | 6d004b9ea0a799ed440fbe6ddc33efdc
Trustix Secure Linux Security Advisory 2004.10
Posted Oct 13, 2004
Authored by Jem Berkes | Site sysdesign.ca

A security weakness exists in renattach 1.2.0 and 1.2.1, although there does not appear to be a practical way to exploit the code for remote access, arbitrary execution, or other immediate damage. The weakness only applies to the --pipe facility. The problem has been fixed in beta version 1.2.1e (soon to become 1.2.2 release).

tags | advisory, remote, arbitrary
MD5 | bb81671e8560cec43641518ff7db9314
FLoP-1.4.0.tar.gz
Posted Oct 13, 2004
Authored by DG | Site geschke-online.de

FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.

Changes: Feature enhancements and bug fixes.
tags | tool, sniffer
MD5 | 612df03e2ca4ddd05cded6f08561889d
ZanfiCmsLite.txt
Posted Oct 13, 2004
Authored by Cracklove | Site ProxySky.com

ZanfiCmsLite is susceptible to remote file inclusion and path disclosure vulnerabilties.

tags | advisory, remote, file inclusion
MD5 | 2d99712723916ab934c398b118aa02c9
gosmart.txt
Posted Oct 13, 2004
Authored by Positive Technologies | Site ptsecurity.com

Multiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4e91f441bdeec979428455ee684755e9
dsa-562.txt
Posted Oct 13, 2004
Authored by Lukasz Wojtow, Oleksandr Byelkin, Dean Ellis | Site debian.org

Debian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.

tags | advisory, denial of service, overflow
systems | linux, unix, debian
advisories | CVE-2004-0835, CVE-2004-0836, CVE-2004-0837
MD5 | f78b8af77bd1372effd56cb31476c0f0
turboTraffic.txt
Posted Oct 13, 2004
Authored by aCiDBiTS

Turbo Traffic Trader Nitro version 1.0 is susceptible to multiple cross site scripting and SQL injection attacks. Full exploitation for the SQL injection attack provided.

tags | exploit, xss, sql injection
MD5 | 543cdce4567d644e22ab3543765d5ba4
cjoverkill403.txt
Posted Oct 13, 2004
Authored by aCiDBiTS

There is no user input sanitation for some parameters in trade.php in CJOverkill version 4.0.3, allowing for cross site scripting attacks to take place.

tags | advisory, php, xss
MD5 | 59936b0eb76b2ed97453c2194f3095b1
Gentoo Linux Security Advisory 200410-10
Posted Oct 13, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.

tags | advisory, arbitrary, local, root
systems | linux, gentoo
MD5 | b961ac92d43565fad15861a3e8d75df4
kitchenaid.txt
Posted Oct 13, 2004
Authored by Frank Denis

This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.

tags | advisory, denial of service
MD5 | b2ab637956d355d4e3444f0576c36615
Gentoo Linux Security Advisory 200410-8
Posted Oct 13, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
MD5 | 74b9ef164026458c1b28efaadf1ebb29
c2016358.html
Posted Oct 13, 2004
Site support.businessobjects.com

Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.

tags | advisory, overflow
MD5 | b288c8a071f1ef22414b77e4523c3cc0
AntiExploit-1.3b5.tar.gz
Posted Oct 13, 2004
Authored by Enrico Kern | Site hzeroseven.org

AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.

Changes: Various bug fixes and feature improvements.
tags | kernel, local, virus
systems | unix
MD5 | 8710cf7990fd876bce108402cb735e0a
Page 1 of 4
Back1234Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close