Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
b05f72bd3493e1d0b8d1ee90794c20b56668c3916fe59f0c1ec9dedcf40e49feApple iTunes Playlist buffer overflow download shellcoded exploit. Versions up to 4.7 are affected. Tested with iTunes v4.7 on WinXP SP2 EN.
980e29b173e8a41638fcc56d3e43c65e0fadd1fe21f3843fda8f99b6a5c8e1ceMinis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
bc6ce20ca36bb68498535718c232cac09a37599b8dae319f5270eaad999cd7b2phpGiftReq 1.4.0 suffers from multiple SQL injection flaws that allow for manipulation of the database.
ccab1b3b37dc00b2ce75e69c79399eccdef31a6d7916011f4463b9fbd94ccd62A cross site scripting vulnerability in Froogle allows for theft of the Google GMail cookie.
0179530cd2417889ba6e45be56a4de62e152084a405eb4c88b5500db98b06304Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Linux version.
bdfc2649e91ce2b41ee5e43996b86d3c3b0e317f286e72bd676000f255675af7Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Mac version.
ec8feaaa68a21e2b005424481e8d36eb6ccd04e667a1f62a188da1443d9653edCiphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Windows version.
24828474d6e348a5e920f0149d58837c5b581be9d2c568269e6be1d7db7eb797Ciphire structure graphic.
470f09d7607ecef2b435c3dce9cefa3bbefb2953614fc3ff558183404b0d84afCiphire Logo.
dd8d525636073e62571f0a02aaa473010551a55836ec098f57d43c37dd3f4e0bafick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
7225d43ab26cccb002706ef7a5a34608180b4034947e0e844593c860456d3b21pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
79d713c1411443c095526795a481e4f6660b7c5c6713739b9df1bd6a034b8212knock is a server/client set of tools that implements the idea known as port-knocking. Port-knocking is a method of accessing a backdoor to your firewall through a special sequence of port hits. This can be useful for opening up temporary holes in a restrictive firewall for SSH access or similar.
181c2274988180f6f2b5dc3bdeb928c4c69d886c492afd7007a3489477cb522bFull version of the expand_stack SMP race proof of concept exploit that makes use of a locally exploitable flaw in the Linux page fault handler code.
145d1f9c198c773549d49a4c5ec104fe0cf2f1f1a0edb16986e3f10aa42ac5c6Proof of concept exploit for the locally exploitable buffer overflow in Exim version 4.41.
a3703739ac743a76f5e34f4b14e40e5c169129e1431122ee072a0597ad2ba497Siteman version 1.1.9 is susceptible to cross site scripting attacks.
e80dd8eb12e76829443ea47b0ca233d7382c4328f5d33c7d4206955bd26662b5iDEFENSE Security Advisory 01.14.05 - Local exploitation of a buffer overflow vulnerability in Exim 4.41 may allow execution of arbitrary commands with elevated privileges.
8c68f85820a6d392854c8ee38660da2dbde1dce5e3fef51f779a0767d67f3fb7Secunia Security Advisory - Paul Brereton has reported a vulnerability in PRADO 1.x, which can be exploited by malicious people to compromise a vulnerable system.
a013a202c050ec0aaa5d5e1321489120b84e3795fe4567b6088d5dbd2169f22cSecond Call For Papers - DIMVA 2005. Second GI SIG SIDAR Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. In Cooperation with the IEEE Task Force on Information Assurance.
de3b0cd63c91a8442dbc5dc997a9195679c9dbb531f2ba7fa53ee8763cf156e1Sun Security Advisory - User accounts created with the Solaris Management Console (SMC) GUI which are configured for password aging may allow login without specifying a password.
5b984bbbf10361d8f40fa865167285d7f404412c1e1be05f7c3e732225484dd8Secunia Security Advisory - Adam Baldwin has discovered a weakness in Encrypted Messenger, which can be exploited by malicious people to cause a DoS (Denial of Service).
f38900b7e4080e79f6b633c0c67dabefbb821e879e89799bf8ce2a2f859b157fDebian Security Advisory 639-1 - Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release.
6e494d1c570983087beb8807fe9e593a7d73c5a74adf2e3bcafa401dcefff021Whitepaper discussing how to exploit overflow vulnerabilities on Fedora Core 2.
ce8fbbf3bbf762d554c5dc6acb53007e695dfa5905008870f4bdc2b2bbe139f2Secunia Security Advisory - OpenBSD has acknowledged a vulnerability in httpd's mod_include module, which can be exploited by malicious, local users to gain escalated privileges.
c5723ffea326c98deb549d95dd6275a70c6165c0b7b9c0a230a3b9ac8b4fb167Secunia Security Advisory - Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c0b16ab48e3e1fa7c055a566e9b58522c6b3d4a31b7ee6f14a5ed5fa765eacfb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed
