what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2005-01-05

Posted Jan 5, 2005
Authored by Mark Seaborn | Site cs.jhu.edu

Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.

tags | tool, shell, kernel
systems | linux, unix
SHA-256 | ebf55af4f80c9b05f149d2190bc78c549b4f6d7b2e01743c9a27bf456abca202
Posted Jan 5, 2005
Authored by Stephan Schmieder | Site bsd-security.org

Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.

Changes: Fixed to work with OpenBSD 3.6's pf-code.
tags | tool, perl, sniffer
SHA-256 | 308149e0fcd8bf054c406a330a2f2b9c78a536d24b8a64593e8a8b68667a9a2d
Posted Jan 5, 2005
Authored by Victor Julien | Site vuurmuur.sourceforge.net

Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.

Changes: Bugfix release.
tags | tool, firewall, bash
systems | linux
SHA-256 | cdda552fdbe0dd68dfb2ade2a4c35a47e042bb3bec1f1360778efb78921782f4
Posted Jan 5, 2005
Authored by Albert S. Causing | Site coderhythms.com

Utility for limiting background processes on a per user basis on BSD platforms.

systems | unix, bsd
SHA-256 | 87efdec9a8c8dc19cc2e6a8efa2f03d19a8c4748eaee2b3c1d798bb7c86f4153
Posted Jan 5, 2005
Authored by scottm

MyBB is prone to a SQL injection attack within the uid parameter of member.php. The flaw allows for retrieval of the admin password hash. Sample exploit provided.

tags | exploit, php, sql injection
SHA-256 | e0f95937d8f77265e2b0b8c030cda85b05c5e4fa90eae6f11ff489097bbc33d0
Gentoo Linux Security Advisory 200501-2
Posted Jan 5, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200501-02 - The fixps and psmandup scripts in the a2ps package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. Versions below 4.13c-r2 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
SHA-256 | 0c018799e71caf9c189afdf3a29bff2781eed17a7d14807a8bc5c8d8b67158bd
Posted Jan 5, 2005
Authored by Madelman

QWikiwiki 1.4.1 is susceptible to a directory traversal vulnerability. Detailed exploitation provided.

tags | exploit
SHA-256 | f121585069294006535400bd7a8b1c2c83396b02c0c3208da56c9250f1e05e40
Posted Jan 5, 2005
Authored by inuyasha

Russian word list that has 296790 words.

tags | cracker
SHA-256 | 17d4e1188997605a75cf6baf301d1ae02602e41f7ef1fadd91f8a41bda597664
Posted Jan 5, 2005
Authored by Luigi Auriemma | Site aluigi.altervista.org

Remote proof of concept exploit for Soldner that demonstrates a socket termination when an oversized UDP packet is sent to the server.

tags | exploit, remote, udp, proof of concept
SHA-256 | 010a24a60fd04ac41eb59c4fa05887a18229b63421b910d2dfbc141d3974c964
Posted Jan 5, 2005
Authored by Luigi Auriemma | Site aluigi.altervista.org

Soldner, the tactical military game by Wings Simulations, is susceptible to silent socket termination, format string, and cross site scripting flaws.

tags | advisory, xss
SHA-256 | d406a8086d751f07a524645aa489a9fcac21dea5d48bad84de3263bb19a1b224
KDE Security Advisory 2005-01-01.1
Posted Jan 5, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session. Due to similarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email. Systems affected: All KDE releases up to including KDE 3.3.2.

tags | advisory, remote, arbitrary, protocol
advisories | CVE-2004-1165
SHA-256 | 4429ce691dd6dfc1eb15fafba3e0a37e86e5eae8b2d37f239250facce7ba3781
Secunia Security Advisory 13701
Posted Jan 5, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Michael Krax has reported a vulnerability in Bugzilla, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 4aa1aadc34709e8c5049c54376259a699706a316c04b66fc21f2b89f51c65e0b
Posted Jan 5, 2005
Authored by Gogu Gigi

Microsoft Windows NetDDE scanner that makes use of a remote code execution vulnerability due to an unchecked buffer.

tags | exploit, remote, code execution
systems | windows
SHA-256 | 05061a5691b6dcee7bd018fd1278d6d1f5d0071c7f2ffe6dd1da4a5631e0de16
Posted Jan 5, 2005
Authored by Sowhat | Site secway.org

3Com's 3CDaemon 2.0 revision 10 is susceptible to multiple vulnerabilities ranging from various format string and denial of service flaws.

tags | exploit, denial of service, vulnerability
SHA-256 | 8382b93ecb919ccbd6085f76b1982ab43b8657f3df0a3c470c35458dc4ee778f
Posted Jan 5, 2005
Authored by c0d3r, hossein asgary

iWebNegar version 1.1 remote configuration nullification denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 0e91bdce0b0968f8e3ac0ed16e3e026aa3db29b4307b18844c908554d10e9f01
Posted Jan 5, 2005
Authored by thc | Site thc.org

pptp-bruter is a brute force program that works against pptp vpn endpoints (tcp port 1723). It is fully standalone and supports the latest MSChapV2 authentication. It exploits a weakness in Microsoft's anti-brute force implementation which makes it possible to try 300 passwords the second. Tested against Microsoft Windows and Cisco gateways.

tags | tcp
systems | cisco, windows
SHA-256 | df789676b97406214d3f18c744dabd3769182428365ecdcc8a0a6ddcde3b6f2d
Posted Jan 5, 2005
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Enhancements and bug fixes for modules.
tags | web, cracker, imap
systems | cisco
SHA-256 | 8ebac6b886c91caa907297938c4beac3622a1f94088fbfa5908106d64013edf1
Posted Jan 5, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths are not displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux and Mozilla Firefox 1.0.

tags | advisory, spoof
systems | linux
SHA-256 | a34b640f70ddc606dfd05747def65a8fcb3787cf889e9e3a01a9b0f7515e55b9
Posted Jan 5, 2005
Authored by Kevin Finisterre

Proof of concept exploit for an old format string vulnerability in setuid versions of top. This vulnerability has popped back up in the Solaris 10 Companion CD.

tags | exploit, proof of concept
systems | solaris
SHA-256 | 9842f1e35ea800234ee1ff28c9db6a44ab8417bc36c0166992291eab98417bdf
Posted Jan 5, 2005
Authored by Kevin Finisterre

An old format string vulnerability in setuid versions of top has popped back up in the Solaris 10 Companion CD.

tags | advisory
systems | solaris
SHA-256 | e5eb6c2c021c50cbd277e4a3bf9be9224e71d84c31ce80d8354b58ec76e4fc1c
Posted Jan 5, 2005
Authored by James Bercegay | Site gulftech.org

GulfTech Security Research - PhotoPost PHP versions 4.8.6 and below suffer from cross site scripting and SQL injection flaws. Sample exploitation given.

tags | exploit, php, xss, sql injection
SHA-256 | 9164a527e96037d4f91e6259533d1963896e29011c65db9f5aa50c5115976686
Posted Jan 5, 2005
Authored by James Bercegay | Site gulftech.org

GulfTech Security Research - ReviewPost PHP Pro versions below 2.84 suffer from cross site scripting and SQL injection attacks. Sample exploitation given.

tags | exploit, php, xss, sql injection
SHA-256 | 1685976453b7ca1ae8a01d59a18c0a465312052235bf84006810e857c2489436
Posted Jan 5, 2005
Authored by Ferruh Mavituna | Site ferruh.mavituna.com

A generic problem of common personal firewall products is the allowance of shortcuts or interfaces for controlling traffic. Manipulation of these functions can allow for firewall bypass altogether. Various proof of concepts are included for products such as Zone Alarm, Kerio, Agnitium Outpost firewall, Kaspersky Anti-Hacker, Symantec's Norton Personal Firewall, and more.

tags | exploit, proof of concept
SHA-256 | 0bde1ec221ee4623942f39bb82396353f8ecad9ef14dee23da7885e1887610c6
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By