exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2005-09-08

class1.html
Posted Sep 8, 2005
Authored by rgod | Site retrogod.altervista.org

Class-1 Forum version 0.24.4 SQL injection and remote code execution proof of concept exploit.

tags | exploit, remote, code execution, sql injection, proof of concept
SHA-256 | 1e1b6724dd1ae5f0877e00e87ddddea43a95a600769c42ef299132cc154d9e7d
pblang465.php.txt
Posted Sep 8, 2005
Authored by Pengo | Site rst.void.ru

PBLang 4.65 and below remote command execution exploit. Written in PHP.

tags | exploit, remote, php
SHA-256 | 8454eb7da5eabdb5e1a2b126b11c7a9fc3313458c065908e551beeccd8849a03
adv6.pdf
Posted Sep 8, 2005
Authored by Ilja van Sprundel | Site suresec.org

Suresec Security Advisory - A lockfile handling error was found in kcheckpass which can, in certain configurations, be used to create world writable files. kdebase versions 3.2.0 through 3.4.2 are susceptible.

tags | advisory
advisories | CVE-2005-2494
SHA-256 | a3aa3af306ee8b641cb1cb6ed4cf51efb1c6a63968d144463c1c600707cd4c6e
Cisco Security Advisory 20050907-auth_proxy
Posted Sep 8, 2005
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory: Cisco IOS Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack when processing the user authentication credentials from an Authentication Proxy Telnet/FTP session. To exploit this vulnerability an attacker must first complete a TCP connection to the IOS device running affected software and receive an auth-proxy authentication prompt.

tags | advisory, denial of service, arbitrary, tcp, code execution
systems | cisco
SHA-256 | 27ca70e11f1940fd7e2f06bb8753f70d779e891c493b20994f639f5e159d5672
stylemotion.txt
Posted Sep 8, 2005
Authored by Robin 'onkel_fisch' Verton | Site it-security23.net

Stylemotion WEB//NEWS 1.4 is susceptible to SQL injection attacks.

tags | exploit, web, sql injection
SHA-256 | a2a31cfe486c2f1c523356101f7d415a3e6965271142ca4ebf5a6536ce1d5362
roadRunner.txt
Posted Sep 8, 2005
Authored by gp32boy

It appears that the Road Runner ADSL modem allows for unauthenticated logins on TCP port 244 using telnet.

tags | advisory, tcp
SHA-256 | 6d7a217cbc74f1ae1180075fa55ab4d11eb19cae14868f624448f6c09866843c
mimedefang-2.53.tar.gz
Posted Sep 8, 2005
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with Sendmail 8.11/8.12's new "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: The main changes in this release are a workaround for bugs in SpamAssassin 3.1RC1 which could cause SIGCHLD to be blocked (making it impossible to use the embedded Perl mode), and a workaround for lack of deflate64 support in zlib (which could cause clamdscan to fail and tempfail mail).
systems | windows, unix
SHA-256 | 8773b3bfd0e0592c3edf601f077d0a72337dfeff5b9834c1c5b5910404e01349
issue_19_2005.pdf
Posted Sep 8, 2005
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 19 - Featured articles include - Security Researchers and you organizaton caught in between?, Today's security trends and practical tips for your security - Part 1 as well as an interview with Eric Goldman EricGoldman.org.

SHA-256 | 7baaf86e39b051c684c7bd5c5b763893728208d8a29792ced4bbcdc3636ab133
issue_18_2005.pdf
Posted Sep 8, 2005
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 18 - Featured articles include - Insiders at the workplace - trends and practical risk mitigation approaches, Spam - proactive protection tips and an interview with John Young from Cryptome.org.

SHA-256 | a9c9ed602957b03ba4ccec3c292527e8f1d159f0bdd65899bd245a4514f9aba8
issue_17_2005.pdf
Posted Sep 8, 2005
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter Issue 17 - Featured articles include - DNS Security and the introduction of DNSSEC Part 2 ; Mobile phones' bluetooth attacks and how to protect yourself, and an interview with Roman Polesek from Hakin9.org.

SHA-256 | 8cb77d5585dd6caa122b4b6b018dbf07579a6132b7a5b9ec91ddbecbf27d002f
MyBBPR2.txt
Posted Sep 8, 2005
Authored by Devil-00

SQL injection exploit for MyBB PR2

tags | exploit, sql injection
SHA-256 | 931c70d34554bac034d6bb2bcc18badc49bc36b15eafa6fddb4d47848985b7dd
Debian Linux Security Advisory 802-1
Posted Sep 8, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 802-1 - Marcus Meissner discovered that the cvsbug program from CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion.

tags | advisory
systems | linux, debian
SHA-256 | 328a0a542c4d6f60fa6dfff4289714ed0c29dede0a6e3bf5e49ff48eb8b2c483
myBloggie-2.1.3.txt
Posted Sep 8, 2005
Authored by OS2A

myBloggie versions 2.1.3-beta and prior suffer from SQL injections and privilege escalation vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | aa1eadc4ab379e63764c6aa310baf69a3cfd884faac949c60757e13bb56bb01e
Mandriva Linux Security Advisory 2005.160
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass.

tags | advisory, root
systems | linux, mandriva
SHA-256 | 4777c752bcd6597f96c96b1cd0f65480dc336439c93211736685cf7dad59dd1d
Mandriva Linux Security Advisory 2005.159
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fern

tags | advisory, local, vulnerability
systems | linux, mandriva
SHA-256 | a47c7b1147b1d3baf301144a1eadf49cf107afeef603b598d59f027c3dd9368a
Ubuntu Security Notice 177-1
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-177-1 - apache2, libapache-mod-ssl vulnerabilities - Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. Also, Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2700, CVE-2005-2728
SHA-256 | f63bd9e3e650b2f1d6cbf6e4bceff6b9f82ee6c95a22dc5b50cef9f0bab677b0
Ubuntu Security Notice 176-1
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-176-1 - Ilja van Sprundel discovered a flaw in the lock file handling of kcheckpass. A local attacker could exploit this to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2005-2494
SHA-256 | b419e916d6eaef50b8207c2fddbe8550191cd454338f309985dd513d0f2b8933
Ubuntu Security Notice 160-2
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2088
SHA-256 | 4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6
FreeBSD-SA-05-20.cvsbug.txt
Posted Sep 8, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05-20.cvsbug - A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file.

systems | freebsd
advisories | CVE-2005-2693
SHA-256 | 42359b765b65baccde1ce2c51098dbada23fc98d9631451d3ea628c76795611b
Gentoo Linux Security Advisory 200509-6
Posted Sep 8, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-06 - Certain malformed requests result in a segmentation fault in the sslConnectTimeout function, handling of other certain requests trigger assertion failures. Versions less than 2.5.10-r2 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | c7e4f4855820ab1cfe596106efc46a5123f47f0c293e1a7323d7d8c435021252
Mandriva Linux Security Advisory 2005.158
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via a video file with an audio header containing a large value in a strf chunk.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 7b3e6873b460f03c379d889d6f3bdfa59e23233031a499f5828119f39d23b366
Mandriva Linux Security Advisory 2005.157
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE. Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.

tags | advisory
systems | linux, mandriva
SHA-256 | 2e7d946d88525e9117a39502618c5c8066182d1bb26b4e22744dea059b24fb60
Mandriva Linux Security Advisory 2005.156
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group.

tags | advisory
systems | linux, mandriva
SHA-256 | d7150bc8beea7498450152bf9d24ad55ba00067fa4e0945ceb1f6bd303c308a2
Secunia Security Advisory 16479
Posted Sep 8, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in ALZip, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 6e797630c120124efce69efd09e54036c065745ba1e6c450d3d39fb8d0dec274
Secunia Security Advisory 16708
Posted Sep 8, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Nickolay has reported a vulnerability in Squid, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | dc908c1b10fce63172677213350dca97ad92141aad8e2d1b0a4945ff10d563a3
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close