exploit the possibilities
Showing 1 - 25 of 92 RSS Feed

Files Date: 2004-10-13

Posted Oct 13, 2004
Site microsoft.com

A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

tags | advisory, remote, code execution
advisories | CVE-2004-0846
MD5 | 8ac34f46616424a2cf3eab223a33b189
Core Security Technologies Advisory 2004.0802
Posted Oct 13, 2004
Authored by Core Security Technologies, Lucas Lavarello, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

tags | advisory, arbitrary, tcp, vulnerability, protocol
advisories | CVE-2004-0574
MD5 | 3767536a66a321173703c6796a2a86c7
Secunia Security Advisory 12671
Posted Oct 13, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in three Microsoft Office Viewers, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 6a6310155e09080c1f5821e0106b3cb2
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
MD5 | d636fbfbfd62a943037a1b53f5ac87d5
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Microsoft cabarc suffers from a directory traversal attack.

tags | exploit
MD5 | 20a56be84b1b67938e5b260c392522ac
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.

tags | advisory, local
MD5 | afca4db1b05b72fc6565467b47db3c99
Posted Oct 13, 2004
Authored by deekoo

A vulnerability has been reported in Yeemp, which can be exploited by malicious people to spoof their identity. If you are using Yeemp 0.9.9 or earlier, upgrading is recommended.

tags | advisory, spoof
MD5 | 76dac4d20b158f3c40b739fab7969b80
Posted Oct 13, 2004
Authored by Mr. Joe

When powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.

tags | advisory
MD5 | 5b56adbdef7d0bc84a16646ab15ab5de
Clam AntiVirus Toolkit 0.80rc4
Posted Oct 13, 2004
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Various fixes and updates. Improved on-access scanning. Updated docs.
tags | virus
systems | unix
MD5 | 5c02d52c361f04098a9956478f8654a0
Secunia Security Advisory 12789
Posted Oct 13, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in IceWarp Web Mail, where some can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, vulnerability, xss
MD5 | 79bae4498d57093d8534364790d9f6e7
Posted Oct 13, 2004
Authored by class101, Behrang Fouladi

YahooPOPS version 1.6 and prior SMTP port buffer overflow exploit version 0.1. Binds a shell to port 101.

tags | exploit, overflow, shell
MD5 | 0d5056eaf4d9cdc2944e37a93bdd4e78
Posted Oct 13, 2004
Authored by Edward Ziots

In regard to Windows 2003 Servers, both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect to the SCM and start and stop these services at will, which in the case of the Internet Connection Firewall Service could cause many headaches for your service based systems.

tags | advisory
systems | windows
MD5 | 2fed6aad41ba46b945c2d14ef97bbb3e
iDEFENSE Security Advisory 2004-10-11.t
Posted Oct 13, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.

tags | advisory, remote, web, denial of service
advisories | CVE-2004-0918
MD5 | 6d004b9ea0a799ed440fbe6ddc33efdc
Trustix Secure Linux Security Advisory 2004.10
Posted Oct 13, 2004
Authored by Jem Berkes | Site sysdesign.ca

A security weakness exists in renattach 1.2.0 and 1.2.1, although there does not appear to be a practical way to exploit the code for remote access, arbitrary execution, or other immediate damage. The weakness only applies to the --pipe facility. The problem has been fixed in beta version 1.2.1e (soon to become 1.2.2 release).

tags | advisory, remote, arbitrary
MD5 | bb81671e8560cec43641518ff7db9314
Posted Oct 13, 2004
Authored by DG | Site geschke-online.de

FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.

Changes: Feature enhancements and bug fixes.
tags | tool, sniffer
MD5 | 612df03e2ca4ddd05cded6f08561889d
Posted Oct 13, 2004
Authored by Cracklove | Site ProxySky.com

ZanfiCmsLite is susceptible to remote file inclusion and path disclosure vulnerabilties.

tags | advisory, remote, file inclusion
MD5 | 2d99712723916ab934c398b118aa02c9
Posted Oct 13, 2004
Authored by Positive Technologies | Site ptsecurity.com

Multiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4e91f441bdeec979428455ee684755e9
Posted Oct 13, 2004
Authored by Lukasz Wojtow, Oleksandr Byelkin, Dean Ellis | Site debian.org

Debian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.

tags | advisory, denial of service, overflow
systems | linux, unix, debian
advisories | CVE-2004-0835, CVE-2004-0836, CVE-2004-0837
MD5 | f78b8af77bd1372effd56cb31476c0f0
Posted Oct 13, 2004
Authored by aCiDBiTS

Turbo Traffic Trader Nitro version 1.0 is susceptible to multiple cross site scripting and SQL injection attacks. Full exploitation for the SQL injection attack provided.

tags | exploit, xss, sql injection
MD5 | 543cdce4567d644e22ab3543765d5ba4
Posted Oct 13, 2004
Authored by aCiDBiTS

There is no user input sanitation for some parameters in trade.php in CJOverkill version 4.0.3, allowing for cross site scripting attacks to take place.

tags | advisory, php, xss
MD5 | 59936b0eb76b2ed97453c2194f3095b1
Gentoo Linux Security Advisory 200410-10
Posted Oct 13, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.

tags | advisory, arbitrary, local, root
systems | linux, gentoo
MD5 | b961ac92d43565fad15861a3e8d75df4
Posted Oct 13, 2004
Authored by Frank Denis

This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.

tags | advisory, denial of service
MD5 | b2ab637956d355d4e3444f0576c36615
Gentoo Linux Security Advisory 200410-8
Posted Oct 13, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
MD5 | 74b9ef164026458c1b28efaadf1ebb29
Posted Oct 13, 2004
Site support.businessobjects.com

Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.

tags | advisory, overflow
MD5 | b288c8a071f1ef22414b77e4523c3cc0
Posted Oct 13, 2004
Authored by Enrico Kern | Site hzeroseven.org

AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.

Changes: Various bug fixes and feature improvements.
tags | kernel, local, virus
systems | unix
MD5 | 8710cf7990fd876bce108402cb735e0a
Page 1 of 4

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By