what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2005-08-06

Invision204.txt
Posted Aug 6, 2005
Authored by James Bercegay | Site gulftech.org

Invision Power Services versions prior to 2.0.4 suffer from cross site scripting and SQL injection vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | b8bf3466e307247bc48b42810996ed9e65cb7ab87a84029aa0f25cee9605095c
cjultraSQL.txt
Posted Aug 6, 2005
Authored by maggik

CJ Ultra Plus versions 1.0.3 and 1.0.4 suffer from SQL injection flaws.

tags | exploit, sql injection
SHA-256 | 633b622b7664e227e0eb4e99a25efd7bb4cf4d8da806d4431050f188a3637def
Debian Linux Security Advisory 721-1
Posted Aug 6, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 721-1 - Michael Bhola discovered a bug in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.

tags | advisory
systems | linux, debian
advisories | CVE-2005-1345
SHA-256 | 180e04f417cf4cafea4b6478b034d4d28b823b71e2594c367dd73be18f901646
Ubuntu Security Notice 122-1
Posted Aug 6, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-122-1 - Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error in Squid. This could lead to wider access permissions than intended by the administrator.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2005-1345
SHA-256 | 61a13e5fe5b4b4da41b9e1a72b60fe19b6da49a870d6c4924d47a1d28bc4f2e2
Ubuntu Security Notice 121-1
Posted Aug 6, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-121-1 - The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.

tags | advisory, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2005-0941
SHA-256 | cdf1f9dd2da38e3b10b4658ab67df4dc1a8941af89e8d3d82768b76a27658a5d
Ubuntu Security Notice 120-1
Posted Aug 6, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-120-1 - Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.

tags | advisory, remote, arbitrary, local, cgi
systems | linux, ubuntu
advisories | CVE-2005-1344
SHA-256 | 8138e2be0a078d5d656787fda86f83f293df9f68fdc2bad9d56fe03dac7414f6
statcounter.txt
Posted Aug 6, 2005
Authored by Nathan House

Statcounter is susceptible to a script injection user session hijacking flaw.

tags | advisory
SHA-256 | 2f8b0a24361026c281e96ee3041e21b8b9c0a48c33866ddddd38ba3d356683b6
Hackgen Security Advisory 2005.4
Posted Aug 6, 2005
Authored by Exoduks, Hackgen | Site hackgen.org

MidiCat PHP Shopping Cart suffers from multiple cross site scripting, SQL injection, and other security bugs.

tags | exploit, php, xss, sql injection
SHA-256 | cfcaf4f2b96fe2bd8e82fdc6f46ae6caa96a374e250b09add3e5cb9c59f6329a
oracleDBMS.txt
Posted Aug 6, 2005
Authored by Alexander Kornbrust

Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler on Oracle 10g.

tags | advisory
SHA-256 | 89a141519dcef0c60eb5caae4118b9350bed9c359a49fba7854f155c388e595c
oracleDisable.txt
Posted Aug 6, 2005
Authored by Alexander Kornbrust

Fine grained audit (FGA) is disabled for all users if the user SYS runs a SELECT statement on a FGA object in Oracle 9i / 10g.

tags | advisory
SHA-256 | ef0e69af9d00f437ba72ca0fee630f111a4921211bcba924fef4da010fb8148c
ultimateCGI.txt
Posted Aug 6, 2005
Authored by SpyHat

Ultimate CGI Guestbook Scripts MegaBook version 2.0 is vulnerable to multiple cross site scripting attacks.

tags | exploit, cgi, xss
SHA-256 | 69540585fe0f27145e6811e2c70cdf8addf7a7e32745d148840ce097b8d9b69f
gamespyCDkey.txt
Posted Aug 6, 2005
Authored by Luigi Auriemma | Site aluigi.altervista.org

The Gamespy cd-key validation system allows for multiple use of the same key.

tags | advisory
SHA-256 | 8139c1152cfd8033b373585e5ec3187e22c4c9b4dcd050934cf1cccab4456a1d
simplecam12.txt
Posted Aug 6, 2005
Authored by Donato Ferrante | Site autistici.org

SimpleCam 1.2 suffers from a directory traversal flaw.

tags | exploit
SHA-256 | d4e58f065d5c7588a794c9e5395507eab6a319a2473bb1d69625b852d95f74e6
iDEFENSE Security Advisory 2005-05-04.t
Posted Aug 6, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 05.04.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X allows attackers to execute arbitrary code. vpnd is the system daemon which manages IPSEC or PPTP connections. The vulnerability specifically exists due to insufficient bounds checking on the value given to the Server_id parameter.

tags | advisory, overflow, arbitrary, local
systems | apple, osx
advisories | CVE-2005-1271
SHA-256 | 0237606ce969824dc940b7a556542ba770756a2abb6a8d17d8aad8742cfb0a93
H2005-07.txt
Posted Aug 6, 2005
Authored by Robert Fly

A local file detection bug exists in Adobe SVG Viewer version 3.0.

tags | advisory, local
SHA-256 | b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84b
leafnode-SA-2005-01.txt
Posted Aug 6, 2005
Authored by Matthias Andree

Leafnode versions 1.9.48 to 1.11.1 suffer from a denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 30b6c7c1e8d7eeb30cd82999c84bd5e80690a1a2b8ceede25323b0633cea4b3d
Ubuntu Security Notice 118-1
Posted Aug 6, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-118-1 - Postgresql suffers from multiple vulnerabilities.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-1409, CVE-2005-1410
SHA-256 | d115508980e6b35c51f9fb331119affaab6ae7c99bb8434b6050362aa9206618
vpndMac.txt
Posted Aug 6, 2005
Authored by Pieter de Boer

vpnd on Mac OSX versions 10.3.9 and below suffers from a stack buffer overflow.

tags | advisory, overflow
systems | apple
advisories | CVE-2005-1343
SHA-256 | cf228ea2cc508d49888b67af2c4fca70d0985d71b8d036276387de3ca4f74d36
gossamerXSS.txt
Posted Aug 6, 2005
Authored by Nathan House | Site stationx.net

Gossamer Threads Links SQL version 3.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 44db85324d70c4d5216d3f1c587472cb8e368e120d5434190724996e35f1f780
HexView Security Advisory 0405-20-05.05
Posted Aug 6, 2005
Authored by HexView, ShineShadow

Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow for cross site scripting, arbitrary file viewing, and more.

tags | exploit, web, arbitrary, vulnerability, xss
SHA-256 | bbd44f9d66d0b59f4e1b162ed1fba5a48f52f53f725ac4d72198eda5661ffc2b
DMA-2005-0502a.txt
Posted Aug 6, 2005
Authored by Kevin Finisterre

Apple OSX suffers from multiple bluetooth vulnerabilities.

tags | advisory, vulnerability
systems | apple
SHA-256 | 1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b8182
iDEFENSE Security Advisory 2005-08-05.t
Posted Aug 6, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 08.05.05 - Remote exploitation a directory traversal vulnerability in EMC Corp. Navisphere Manager could allow an attacker to retrieve arbitrary files from the system running Navisphere Manager as well as retrieve directory listings. Navisphere Manager Base 6.4.1.0.0 is reportedly vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2005-2357, CVE-2005-2358
SHA-256 | 23db99e7edc094a9e39cedae3a001c17e7b01798c2fdcad6e2749c3b9dd31137
nbSMTP_fsexp.c
Posted Aug 6, 2005
Authored by CoKi | Site nosystem.com.ar

nbSMTP version 0.99 remote format string exploit. Tested on Slackware Linux 9.0, 10.0, and 10.1.

tags | exploit, remote
systems | linux, slackware
SHA-256 | 10190d51efb7acc9891701971fa67cb9aa231b76267cf93d3c6f21332ddb0dbc
citiBypass.txt
Posted Aug 6, 2005
Authored by Debasis Mohanty | Site hackingspirits.com

Write up discussing a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.

tags | advisory
SHA-256 | 0bf50c337ec9fbe542418f18b4fc538ccfdf1b3d1c5af837b01094ce509c4ddd
lantronixRoot.txt
Posted Aug 6, 2005
Authored by c0ntex

Multiple Lantronix Secure Console Server local root exploits that make use of security issues allowing for unrestricted shell access.

tags | exploit, shell, local, root
SHA-256 | c0a5ce471897d527b519e28394d96c4425c7cba31436744d12e76f3ba35bd3c2
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close