what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2005-10-27

Debian Linux Security Advisory 873-1
Posted Oct 27, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 873-1 - A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's that have opened a stream based protocol (eg TCP but not UDP). By default, Net-SNMP does not open a TCP port.

tags | advisory, denial of service, udp, tcp, protocol
systems | linux, debian
advisories | CVE-2005-2177
MD5 | 275979f6f9691c200bdd81ca61d00f32
Posted Oct 27, 2005
Authored by Farhad Koosha | Site kapda.ir

Various Techno Dreams scripts are susceptible to sql injection flaws. Proof of concept examples provided.

tags | exploit, sql injection, proof of concept
MD5 | 9dfaf6f058204304f8c96c9a17cffee7
Posted Oct 27, 2005
Authored by Andreas Sandblad | Site secunia.com

Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the t_core_path parameter in bug_sponsorship_list_view_inc.php is not properly verified before it used to include files. This can be exploited to include arbitrary files from external and local resources. Affected versions: Mantis 0.19.2 and 1.0.0rc2. Other versions may also be affected.

tags | exploit, arbitrary, local, php
MD5 | a80126dd9202835f1f33d9100084b167
Posted Oct 27, 2005
Authored by [R] | Site batznet.com

Woltlab Burning Board info_db.php is susceptible to multiple sql injection flaws. Versions 2.7 and below are affected.

tags | exploit, php, sql injection
MD5 | ec97c539d271cd59c541a54b02a795b6
Posted Oct 27, 2005
Authored by cOre

MyBB Preview Release 2 sql injection proof of concept exploit.

tags | exploit, sql injection, proof of concept
MD5 | 40b801a07add54caa862ba4d1f969fe0
Posted Oct 27, 2005
Authored by bhfh01

PHP-Nuke is susceptible to cross site scripting attacks.

tags | exploit, php, xss
MD5 | f6cd8a88ef6a2719b0a48477f4da38c0
Posted Oct 27, 2005
Authored by Sven Tantau | Site sven-tantau.de

A vulnerability in CHM Lib (chmlib) can be exploited to compromise a user's system. Versions 0.36 and below are affected.

tags | advisory
MD5 | a2ded0153a4524af0272819ed1ebb973
Posted Oct 27, 2005
Authored by Lostmon | Site lostmon.blogspot.com

Flyspray versions 0.9.7, 0.9.8, and 0.9.8-devel are susceptible to cross site scripting. Exploitation details included.

tags | exploit, xss
MD5 | ea71179354fed766b45b5fc6c8e73f36
Posted Oct 27, 2005
Authored by Rodrigo Rubira Branco | Site sourceforge.net

StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.

Changes: StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums.
tags | kernel
systems | linux
MD5 | f313063dc584e55fdafe538507128366
Posted Oct 27, 2005
Authored by Pavel Stano | Site websupport.sk

rum version 0.9 - A one process tcp redirector with sockfile support, the ability to listen on multiple ports, and to offer statistics. Written for 2.6 kernels because it uses the epoll syscall.

tags | kernel, tcp
systems | linux
MD5 | 0655624469e84c349b7ef9a0200ad6ed
Posted Oct 27, 2005
Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.

tags | exploit, web, xss
MD5 | 07936548503e95a84c2ec606f8e734e8
Posted Oct 27, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.

tags | exploit, remote, web, php
MD5 | 907f0220f39742e9598e02d67bfe5f84
Posted Oct 27, 2005
Authored by EADS CCR DCR/STI/C

The EADS/CRC security team discovered a flaw in Skype client. An attacker can send a specially crafted packet that will trigger a heap overflow condition and execute arbitrary code on the target. Hence, an attacker can gain full control of the target. Conversely to what is written in Skype's advisory, remote code execution IS possible. Affected Versions: Skype for Windows - All releases prior to and including 1.4.*.83, Skype for Mac OS X - All releases prior to and including 1.3.*.16, Skype for Linux - All releases prior to and including 1.2.*.17, Skype for Pocket PC - All releases prior to and including 1.1.*.6.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, windows, apple, osx
MD5 | 67161508fc72be52f6c85027157722eb
Posted Oct 27, 2005
Authored by sikikmail

SparkleBlog is susceptible to HTML injection flaws that allow for cross site scripting attacks.

tags | exploit, xss
MD5 | 775aeb551561457e29c4205809440543
PHP iCalendar Cross Site Scripting
Posted Oct 27, 2005
Authored by Francesco Ongaro | Site ush.it

PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.

tags | exploit, php, xss
MD5 | f1a20e7ff53f7521b7f8098bdcf0dbac
Posted Oct 27, 2005
Authored by Thomas Henlich

Mozilla Thunderbird SMTP down-negotiation behavior allows a man-in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper. Affected versions: Mozilla Thunderbird 1.0.7 (20050923), Mozilla Thunderbird 1.5 Beta 2 (20051006), possibly other programs using the Mozilla mail component.

tags | advisory
MD5 | 7e5be0447839c5dd25c4dab137f8c438
Posted Oct 27, 2005
Authored by Thomas H. Ptacek | Site matasano.com

Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating the iSCSI Login Negotiation protocol. The impact of this vulnerability is the negation of iSCSI security on affected NetApp filers.

tags | advisory, protocol
MD5 | 739aff790d505a1cec2c2ee598a37e10
Posted Oct 27, 2005
Authored by rd | Site thc.org

THCsnortbo 0.3 - Remote Snort ping exploit that makes use of a stack-based overflow vulnerability in Snort's Back Orifice preprocessor.

tags | exploit, remote, overflow
MD5 | 6b9bc3163959d212600e9272212e50cf
Page 1 of 1

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By