what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2005-11-10

Secunia Security Advisory 14159
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in osh, which can be exploited by malicious, local users to gain escalated privileges. 1) A boundary error exists in the function iopen() in main.c and can be exploited to cause a buffer overflow by supplying an overly long argument. Example: /usr/sbin/osh exit [more than 1024 bytes] 2) A boundary error exists in the writable() function in handlers.c and can be exploited to cause a buffer overflow by running osh from a directory with a directory name of more than 255 bytes. Successful exploitation may allow execution of arbitrary code with root privileges. The vulnerabilities have been reported in version 1.7. Other versions may also be affected.

tags | advisory, overflow, arbitrary, local, root, vulnerability
SHA-256 | c9f4e6e6889ea85ce86bfe3c73a149c794968e080177bcfe946d0059002413c9
Secunia Security Advisory 17466
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Astaro has issued an update for Astaro Security Linux. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions. For more information: SA17151 Several other bugs have also been fixed in this update.

tags | advisory
systems | linux
SHA-256 | 6ab4427e28a9c0fa2ee89553993c86cc8c5953420dc5522f3d93d4cf72cad51c
Secunia Security Advisory 17496
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for emacs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of Lisp code in local variables, which can be exploited to execute arbitrary commands via a specially crafted text file.

tags | advisory, arbitrary, local
systems | linux, mandriva
SHA-256 | f425711868e4f71a206dc1414fc1bccd7dcd88a787d7b22637c65cdd957b5ff2
Secunia Security Advisory 17513
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability and a security issue have been reported in IPCop, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to gain access to potentially sensitive information. 1) A vulnerability in Squid may be exploited by malicious people to cause a DoS. For more information: SA17271 2) The key used to encrypt web backup files is stored in /var/ipcop/backup/ and is world-readable. This can potentially be exploited by malicious users to decrypt backup files, or by the nobody user to overwrite arbitrary files by creating malicious backup files and restoring them. A race condition that can potentially allow the nobody user to replace the backup file before it is encrypted has also been fixed.

tags | advisory, web, denial of service, arbitrary, local
SHA-256 | ddf3f71d06f1b787be3c47572a647ee435a12cb620a7c396f8a5a4f95c6be85e
Secunia Security Advisory 17515
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Cybsec S.A. has reported some vulnerabilities in SAP Web Application Server, which can be exploited by malicious people to conduct cross-site scripting, phishing, and HTTP response splitting attacks. 1) Input passed to the sap-syscmd parameter in fameset.htm and the BspApplication field in the SYSTEM PUBLIC test application isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities have been reported in versions 6.10, 6.20, 6.40, and 7.00, and affect the BSP runtime of SAP Web Application Server. Other versions may also be affected. 2) Input passed to the query string in pages generating error messages isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 6.10 and affects the BSP runtime of SAP Web Application Server. Prior versions may also be affected. 3) The problem is that an absolute URL for an external site can be specified in the sapexiturl parameter passed to fameset.htm. This can be exploited to trick users into visiting a malicious web site by following a specially crafted link with a trusted hostname redirecting to the malicious web site. The vulnerabilities have been reported in versions 6.10, 6.20, 6.40, and 7.00, and affect the BSP runtime of SAP Web Application Server. Other versions may also be affected. 4) Input passed to the sap-exiturl parameter isn't properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTTP headers, which will be included in the response sent to the user. The vulnerabilities have been reported in versions 6.10, 6.20, 6.40, and 7.00, and affect the BSP runtime of SAP Web Application Server. Other versions may also be affected.

tags | advisory, web, arbitrary, vulnerability, xss
SHA-256 | a2a02074941471909712b5efce0e9ece647f94ee3398122dab8bfdb3d551e25a
Secunia Security Advisory 17516
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for lsb-rpm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA15949 SA16137

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | b0bbb865cc35b072fc1c0c28333c5bcdda03263af97c1c674180111aa8b9ad5b
Secunia Security Advisory 17517
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Preben Nylokken has discovered a vulnerability in ASPKnowledgebase, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the username and password when logging in isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where arbitrary HTML and script code can be inserted into the front page. The vulnerability has been confirmed in the latest available version.

tags | advisory, arbitrary, sql injection
SHA-256 | f36209109fd41237033fd1e99ac29899f0480bdbfde8de0158a3be0a950bfc34
Secunia Security Advisory 17520
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Moritz Naumann has reported a vulnerability in Antville, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the query string isn't properly sanitised before being returned to the user via the notfound.skin error document. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 1.1. Other versions may also be affected.

tags | advisory, arbitrary, xss
SHA-256 | 8bf413dc70cba2ec14241852e5b39347e0e09fbf494afee895d05ba59498222f
Secunia Security Advisory 17521
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Moritz Naumann has reported a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the topics_offset parameter in tiki-view_forum_thread.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. It is also possible to disclose the full path to tiki-view_forum_thread.php by accessing it with an invalid topics_sort_mode parameter. The vulnerability has been reported in versions 1.9.x through 1.9.2. Other versions may also be affected.

tags | advisory, arbitrary, php, xss
SHA-256 | a35bca9f1b8d776d3b5e484bbd1fd109d51904c9898b1fe5beed33cdb2ce3075
Secunia Security Advisory 17527
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in osh, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in main.c when handling environment variable substitutions. This can be exploited to inject arbitrary environment variables (e.g. LD_PRELOAD) to cause malicious shared libraries to be loaded by osh. Successful exploitation allows arbitrary code execution with root privileges. The vulnerability has been reported in version 1.7-14. Prior versions may also be affected. Note: An exploit for this vulnerability is publicly available.

tags | advisory, arbitrary, local, root, code execution
SHA-256 | a10d5fed81f4cd8a9b3f93065ce202ccc7631245f83967fa3da7b2545d688ca9
Secunia Security Advisory 17386
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of an inefficient regular expression in /SpamAssassin/Message.pm to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients. The vulnerability has been reported in version 3.0.4. Prior versions may also be affected.

tags | advisory, denial of service, perl
SHA-256 | 03eca2e2892b96726f69d5d2aa62adea9bd9f73fa1868ed77bb1ca6268f0e006
Secunia Security Advisory 17388
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in DB2 Content Manager, which potentially can be exploited by malicious users to cause a DoS (Denial of Service). 1) An error exists in the library server when creating a text index of an imported Exel file. This may be exploited by malicious users to cause the db2fmp process to consume large amount of CPU resources by importing a malformed Exel file. 2) An unspecified error in the handling of LZH files on AIX may cause a crash in the INSO code. Several other issues, which may be security related, have also been fixed.

tags | advisory, denial of service, vulnerability
systems | aix
SHA-256 | f85c4b31e657b93a80cac8e42d2846a4b27bcc28e366f82227b2a2fdb8323e1d
Secunia Security Advisory 17489
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for w3c-libwww. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17119

tags | advisory, denial of service
systems | linux, mandriva
SHA-256 | 00c08bd67e4f4611a7ae4d230aaa124710adc01746af6e451c0aa8d75acc05dc
Secunia Security Advisory 17491
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for fetchmail. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of certain sensitive information. For more information: SA17293

tags | advisory, local
systems | linux, mandriva
SHA-256 | f98f6f912be05d2a2c385baad9505f163dd3a5313cb0efa1f3c1a0105dbb3388
Secunia Security Advisory 17508
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for libungif. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17436

tags | advisory, denial of service, vulnerability
systems | linux, mandriva
SHA-256 | 65353ed67fbd9dbfaf2ac2bda3692e8de9191e998e2a0d676c2e7edc9ea26fd5
Secunia Security Advisory 17518
Posted Nov 10, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17386

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 4eaeed96bd81da7a6ed86b4c96606f27b88812d7e2370e538462aef4bfbb9d97
plash-1.14.tar.gz
Posted Nov 10, 2005
Authored by Mark Seaborn | Site cs.jhu.edu

Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.

Changes: Multiple bug fixes.
tags | tool, shell, kernel
systems | linux, unix
SHA-256 | 1322265b90db957d35062302b75b1f0a5d6dce5f5f92fa7fd0ca9da2524a2ae2
susechfn.sh.txt
Posted Nov 10, 2005
Authored by Hunger

Local root exploit for chfn under SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0, and SuSE Linux Enterprise Server {8,9}.

tags | exploit, local, root
systems | linux, suse
SHA-256 | d6f60a4c747ccc20d91eb071b663dd492f8bab5c73280fa823a145e795a28096
fsigk_exp.py.txt
Posted Nov 10, 2005
Authored by xavier | Site xavsec.blogspot.com

F-Secure Internet Gatekeeper for Linux local root exploit written in Python.

tags | exploit, local, root, python
systems | linux
SHA-256 | a7d56ff4e5c5d57e8e6bee5a056b1b22243cc46266d105e8b2eb6fa7df25a0d7
Mandriva Linux Security Advisory 2005.210
Posted Nov 10, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Sam Varshavchik discovered the HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2005-3183
SHA-256 | d684ad4b1982a9e213ada39667380fb6feb671cc6334f9f8596cd9bc45837773
sudo168p10.sh.txt
Posted Nov 10, 2005
Authored by breno

Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.

tags | exploit, local, root
advisories | CVE-2005-2959
SHA-256 | 01540d7b6b0b6ee45a0878ef444900d18cdc75c2444c243cfc128279fd8df1b5
0004.txt
Posted Nov 10, 2005
Site moritz-naumann.com

Antville version 1.1 suffers from a cross site scripting flaw.

tags | exploit, xss
advisories | CVE-2005-3530
SHA-256 | 65a13345a6370cbd83ef8303e92c2f6af6db5ae09e9fa12c4473aa0ad5bf627d
0003.txt
Posted Nov 10, 2005
Site moritz-naumann.com

TikiWiki versions 1.9.x up to and including 1.9.2 suffer from a cross site scripting vulnerability and possible SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
advisories | CVE-2005-3528, CVE-2005-3529
SHA-256 | 789603d9c715231cce4f6b651dd6544281cef61c96ee4a15e4b6dada3144cd12
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close