Exploit the possiblities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2005-10-07

Posted Oct 7, 2005
Authored by Mark Seaborn | Site cs.jhu.edu

Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.

Changes: Big changes to the build process and some bug fixes.
tags | tool, shell, kernel
systems | linux, unix
MD5 | 6d9ed5835d868b76cf155b1ba5b64a5d
Posted Oct 7, 2005
Authored by hyakuhei | Site r0n1n.co.uk

Thumper is a file monitor that highlights services and keywords dependent on its configuration file.

tags | system logging
systems | unix
MD5 | 765fc346c5f8787c563ecc3f37f69e78
Mandriva Linux Security Advisory 2005.172
Posted Oct 7, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater.

tags | advisory
systems | linux, mandriva
advisories | CVE-2005-2798
MD5 | 90022b84be67e20d78923b4e906f2287
Posted Oct 7, 2005
Authored by rgod | Site retrogod.altervista.org

Utopia News Pro version 1.1.3 is susceptible to SQL Injection and cross site scripting attacks. Proof of concept administrative credential disclosure exploit included.

tags | exploit, xss, sql injection, proof of concept
MD5 | 8f9ba5681d49ffd33a7d7fada90a99b4
Posted Oct 7, 2005
Authored by Preben Nylokken

aspReady FAQ suffers from a SQL injection flaw that allows for administrator access to change and delete the underlying database.

tags | exploit, sql injection
MD5 | 8bba10150932204775cf0a12de0c48cb
Posted Oct 7, 2005
Authored by Tan Chew Keong | Site secunia.com

Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive. This can be exploited to cause a stack-based buffer overflow when a malicious ALZ archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled.

tags | advisory, overflow, arbitrary, code execution, virus
MD5 | 4dfdb61fed501a284f4d52c09a10c719
Ubuntu Security Notice 194-1
Posted Oct 7, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-194-1 - Frank Lichtenheld discovered that the texindex program created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running texindex.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3011
MD5 | 83460f47ed5cbc07b753192b4fa2d5d5
Posted Oct 7, 2005
Authored by keen | Site legions.org

Keen Veracity Issue 14 - This issue has articles entitled Squatters Exposed!, The Art of Social Engineering, ciscoBNC.c, Wireless Technology Exposed, and more.

tags | magazine
MD5 | 05fea62d4b2eff64b235e68f40ad467e
Gentoo Linux Security Advisory 200510-6
Posted Oct 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-06 - Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Versions less than 0.94-r3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2966
MD5 | 114e5dfb39db409864890e9ca2f239f7
Gentoo Linux Security Advisory 200510-5
Posted Oct 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-05 - Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. Versions less than 1.8.3 are affected.

tags | advisory, ruby
systems | linux, gentoo
advisories | CVE-2005-2337
MD5 | 88ac6fd53184ba4a6e11156ba4a244e9
Posted Oct 7, 2005
Authored by Andreas Sandblad | Site secunia.com

Secunia Research has discovered two vulnerabilities in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. Version below 6.00.110 are affected.

tags | advisory, php, vulnerability, sql injection
MD5 | 8c4815a17df4bad3d4298331fa0e4608
Posted Oct 7, 2005
Authored by Tan Chew Keong | Site secunia.com

Secunia Research has discovered two vulnerabilities in Webroot Desktop Firewall, which can be exploited by malicious, local users to gain escalated privileges or bypass certain security restrictions. Versions below 1.3.0 build 52 are affected.

tags | advisory, local, vulnerability
MD5 | f266bd0d0d30df9f9a6c6b1b640541f2
Posted Oct 7, 2005
Authored by defa

The 'Additional Images' Module of OScommerce is susceptible to a SQL injection attack.

tags | advisory, sql injection
MD5 | aab7def149ac97dc18ed9bd8450053d1
Debian Linux Security Advisory 845-1
Posted Oct 7, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 845-1 - Christoph Martin noticed that upon configuration mason, which interactively creates a Linux packet filtering firewall, does not install the init script to actually load the firewall during system boot. This will leave the machine without a firewall after a reboot.

tags | advisory
systems | linux, debian
advisories | CVE-2005-3118
MD5 | 35d12bbb65a4483dafd25a7045b59c6c
Posted Oct 7, 2005
Authored by Luis Miguel Silva

The Planet Technology Corp FGSW2402RS switch has a backdoor hardwired into the firmware when using a default password.

tags | exploit
MD5 | 8a8922998fb4dcba8245d02e7f3a02cb
Posted Oct 7, 2005
Authored by Ariel Berkman

Three buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.

tags | exploit, overflow, proof of concept
MD5 | 4ebe115927efb8268af7d4de94c58dc9
Posted Oct 7, 2005
Site webappsec.org

Whitepaper detailing the Threat Classification system for the Web Application Security Consortium. The Web Security Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language for web security related issues.

tags | paper, web
MD5 | 71a846da8ad5c8d4f051c2340114b530
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    15 Files
  • 24
    Jan 24th
    5 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By