exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2005-10-27

Debian Linux Security Advisory 873-1
Posted Oct 27, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 873-1 - A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's that have opened a stream based protocol (eg TCP but not UDP). By default, Net-SNMP does not open a TCP port.

tags | advisory, denial of service, udp, tcp, protocol
systems | linux, debian
advisories | CVE-2005-2177
MD5 | 275979f6f9691c200bdd81ca61d00f32
Posted Oct 27, 2005
Authored by Farhad Koosha | Site kapda.ir

Various Techno Dreams scripts are susceptible to sql injection flaws. Proof of concept examples provided.

tags | exploit, sql injection, proof of concept
MD5 | 9dfaf6f058204304f8c96c9a17cffee7
Posted Oct 27, 2005
Authored by Andreas Sandblad | Site secunia.com

Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the t_core_path parameter in bug_sponsorship_list_view_inc.php is not properly verified before it used to include files. This can be exploited to include arbitrary files from external and local resources. Affected versions: Mantis 0.19.2 and 1.0.0rc2. Other versions may also be affected.

tags | exploit, arbitrary, local, php
MD5 | a80126dd9202835f1f33d9100084b167
Posted Oct 27, 2005
Authored by [R] | Site batznet.com

Woltlab Burning Board info_db.php is susceptible to multiple sql injection flaws. Versions 2.7 and below are affected.

tags | exploit, php, sql injection
MD5 | ec97c539d271cd59c541a54b02a795b6
Posted Oct 27, 2005
Authored by cOre

MyBB Preview Release 2 sql injection proof of concept exploit.

tags | exploit, sql injection, proof of concept
MD5 | 40b801a07add54caa862ba4d1f969fe0
Posted Oct 27, 2005
Authored by bhfh01

PHP-Nuke is susceptible to cross site scripting attacks.

tags | exploit, php, xss
MD5 | f6cd8a88ef6a2719b0a48477f4da38c0
Posted Oct 27, 2005
Authored by Sven Tantau | Site sven-tantau.de

A vulnerability in CHM Lib (chmlib) can be exploited to compromise a user's system. Versions 0.36 and below are affected.

tags | advisory
MD5 | a2ded0153a4524af0272819ed1ebb973
Posted Oct 27, 2005
Authored by Lostmon | Site lostmon.blogspot.com

Flyspray versions 0.9.7, 0.9.8, and 0.9.8-devel are susceptible to cross site scripting. Exploitation details included.

tags | exploit, xss
MD5 | ea71179354fed766b45b5fc6c8e73f36
Posted Oct 27, 2005
Authored by Rodrigo Rubira Branco | Site sourceforge.net

StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.

Changes: StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums.
tags | kernel
systems | linux
MD5 | f313063dc584e55fdafe538507128366
Posted Oct 27, 2005
Authored by Pavel Stano | Site websupport.sk

rum version 0.9 - A one process tcp redirector with sockfile support, the ability to listen on multiple ports, and to offer statistics. Written for 2.6 kernels because it uses the epoll syscall.

tags | kernel, tcp
systems | linux
MD5 | 0655624469e84c349b7ef9a0200ad6ed
Posted Oct 27, 2005
Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.

tags | exploit, web, xss
MD5 | 07936548503e95a84c2ec606f8e734e8
Posted Oct 27, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.

tags | exploit, remote, web, php
MD5 | 907f0220f39742e9598e02d67bfe5f84
Posted Oct 27, 2005
Authored by EADS CCR DCR/STI/C

The EADS/CRC security team discovered a flaw in Skype client. An attacker can send a specially crafted packet that will trigger a heap overflow condition and execute arbitrary code on the target. Hence, an attacker can gain full control of the target. Conversely to what is written in Skype's advisory, remote code execution IS possible. Affected Versions: Skype for Windows - All releases prior to and including 1.4.*.83, Skype for Mac OS X - All releases prior to and including 1.3.*.16, Skype for Linux - All releases prior to and including 1.2.*.17, Skype for Pocket PC - All releases prior to and including 1.1.*.6.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, windows, apple, osx
MD5 | 67161508fc72be52f6c85027157722eb
Posted Oct 27, 2005
Authored by sikikmail

SparkleBlog is susceptible to HTML injection flaws that allow for cross site scripting attacks.

tags | exploit, xss
MD5 | 775aeb551561457e29c4205809440543
PHP iCalendar Cross Site Scripting
Posted Oct 27, 2005
Authored by Francesco Ongaro | Site ush.it

PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.

tags | exploit, php, xss
MD5 | f1a20e7ff53f7521b7f8098bdcf0dbac
Posted Oct 27, 2005
Authored by Thomas Henlich

Mozilla Thunderbird SMTP down-negotiation behavior allows a man-in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper. Affected versions: Mozilla Thunderbird 1.0.7 (20050923), Mozilla Thunderbird 1.5 Beta 2 (20051006), possibly other programs using the Mozilla mail component.

tags | advisory
MD5 | 7e5be0447839c5dd25c4dab137f8c438
Posted Oct 27, 2005
Authored by Thomas H. Ptacek | Site matasano.com

Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating the iSCSI Login Negotiation protocol. The impact of this vulnerability is the negation of iSCSI security on affected NetApp filers.

tags | advisory, protocol
MD5 | 739aff790d505a1cec2c2ee598a37e10
Posted Oct 27, 2005
Authored by rd | Site thc.org

THCsnortbo 0.3 - Remote Snort ping exploit that makes use of a stack-based overflow vulnerability in Snort's Back Orifice preprocessor.

tags | exploit, remote, overflow
MD5 | 6b9bc3163959d212600e9272212e50cf
Page 1 of 1

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By