ignore security and it'll go away
Showing 1 - 17 of 17 RSS Feed

Files Date: 2005-10-07

Posted Oct 7, 2005
Authored by Mark Seaborn | Site cs.jhu.edu

Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.

Changes: Big changes to the build process and some bug fixes.
tags | tool, shell, kernel
systems | linux, unix
MD5 | 6d9ed5835d868b76cf155b1ba5b64a5d
Posted Oct 7, 2005
Authored by hyakuhei | Site r0n1n.co.uk

Thumper is a file monitor that highlights services and keywords dependent on its configuration file.

tags | system logging
systems | unix
MD5 | 765fc346c5f8787c563ecc3f37f69e78
Mandriva Linux Security Advisory 2005.172
Posted Oct 7, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater.

tags | advisory
systems | linux, mandriva
advisories | CVE-2005-2798
MD5 | 90022b84be67e20d78923b4e906f2287
Posted Oct 7, 2005
Authored by rgod | Site retrogod.altervista.org

Utopia News Pro version 1.1.3 is susceptible to SQL Injection and cross site scripting attacks. Proof of concept administrative credential disclosure exploit included.

tags | exploit, xss, sql injection, proof of concept
MD5 | 8f9ba5681d49ffd33a7d7fada90a99b4
Posted Oct 7, 2005
Authored by Preben Nylokken

aspReady FAQ suffers from a SQL injection flaw that allows for administrator access to change and delete the underlying database.

tags | exploit, sql injection
MD5 | 8bba10150932204775cf0a12de0c48cb
Posted Oct 7, 2005
Authored by Tan Chew Keong | Site secunia.com

Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive. This can be exploited to cause a stack-based buffer overflow when a malicious ALZ archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled.

tags | advisory, overflow, arbitrary, code execution, virus
MD5 | 4dfdb61fed501a284f4d52c09a10c719
Ubuntu Security Notice 194-1
Posted Oct 7, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-194-1 - Frank Lichtenheld discovered that the texindex program created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running texindex.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3011
MD5 | 83460f47ed5cbc07b753192b4fa2d5d5
Posted Oct 7, 2005
Authored by keen | Site legions.org

Keen Veracity Issue 14 - This issue has articles entitled Squatters Exposed!, The Art of Social Engineering, ciscoBNC.c, Wireless Technology Exposed, and more.

tags | magazine
MD5 | 05fea62d4b2eff64b235e68f40ad467e
Gentoo Linux Security Advisory 200510-6
Posted Oct 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-06 - Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Versions less than 0.94-r3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2966
MD5 | 114e5dfb39db409864890e9ca2f239f7
Gentoo Linux Security Advisory 200510-5
Posted Oct 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-05 - Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. Versions less than 1.8.3 are affected.

tags | advisory, ruby
systems | linux, gentoo
advisories | CVE-2005-2337
MD5 | 88ac6fd53184ba4a6e11156ba4a244e9
Posted Oct 7, 2005
Authored by Andreas Sandblad | Site secunia.com

Secunia Research has discovered two vulnerabilities in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. Version below 6.00.110 are affected.

tags | advisory, php, vulnerability, sql injection
MD5 | 8c4815a17df4bad3d4298331fa0e4608
Posted Oct 7, 2005
Authored by Tan Chew Keong | Site secunia.com

Secunia Research has discovered two vulnerabilities in Webroot Desktop Firewall, which can be exploited by malicious, local users to gain escalated privileges or bypass certain security restrictions. Versions below 1.3.0 build 52 are affected.

tags | advisory, local, vulnerability
MD5 | f266bd0d0d30df9f9a6c6b1b640541f2
Posted Oct 7, 2005
Authored by defa

The 'Additional Images' Module of OScommerce is susceptible to a SQL injection attack.

tags | advisory, sql injection
MD5 | aab7def149ac97dc18ed9bd8450053d1
Debian Linux Security Advisory 845-1
Posted Oct 7, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 845-1 - Christoph Martin noticed that upon configuration mason, which interactively creates a Linux packet filtering firewall, does not install the init script to actually load the firewall during system boot. This will leave the machine without a firewall after a reboot.

tags | advisory
systems | linux, debian
advisories | CVE-2005-3118
MD5 | 35d12bbb65a4483dafd25a7045b59c6c
Posted Oct 7, 2005
Authored by Luis Miguel Silva

The Planet Technology Corp FGSW2402RS switch has a backdoor hardwired into the firmware when using a default password.

tags | exploit
MD5 | 8a8922998fb4dcba8245d02e7f3a02cb
Posted Oct 7, 2005
Authored by Ariel Berkman

Three buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.

tags | exploit, overflow, proof of concept
MD5 | 4ebe115927efb8268af7d4de94c58dc9
Posted Oct 7, 2005
Site webappsec.org

Whitepaper detailing the Threat Classification system for the Web Application Security Consortium. The Web Security Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language for web security related issues.

tags | paper, web
MD5 | 71a846da8ad5c8d4f051c2340114b530
Page 1 of 1

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By