exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2005-12-29

Stealfly.tar.gz
Posted Dec 29, 2005
Authored by hash | Site gotfault.net

Stealfly is proof of concept perl code that illustrates the usage of port knocking. The server sits on a defined interface and listens for a certain amount of UDP packets to be sent from a chosen ip that will use a range of source ports for each packet. If the rules are satisfied then server will open it's port or connect back using netcat.

tags | tool, udp, scanner, perl, proof of concept
systems | unix
SHA-256 | 9b559d856cf19a59caa00955eca0de80d9ab917be989d8b0911d9f6f8de86843
bugzila-2.16.10.txt
Posted Dec 29, 2005
Authored by David Miller | Site bugzilla.mozilla.org

Bugzilla versions 2.9 through 2.16.10 use a script called syncshadowdb to manually replicate data between a master database and a slave. The script uses temporary files in an unsafe way since it selects a name for the file based on PID and does not make any effort to determine if the file exists and if it is a symlink. A local user could use this to direct symlink attacks and overwrite files that Bugzilla has access to.

tags | advisory, local
SHA-256 | 93790c5a8d3316a6d1d1db5a5d4d0009b19eff072c4ccee7b43fc98982b908f3
JuniperNSM.txt
Posted Dec 29, 2005
Authored by David Maciejak

A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).

tags | advisory, remote, denial of service
systems | juniper
SHA-256 | 797817f93ca63bd55c20e9ac4d6c679d95eeadee929cea0952179beb1d73a6e5
dBpowerAMPv11.5.txt
Posted Dec 29, 2005
Authored by fRoGGz | Site secubox.shadock.net

BpowerAMP Music Converter v11.5 and prior local buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | cf04f5bc0582b451c80de935838ac72f71728992af35d26522be7e7bdbfba831
secunia-IceWarp.txt
Posted Dec 29, 2005
Authored by Secunia Research | Site secunia.com

Secunia Research has discovered some vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users and by malicious people to disclose potentially sensitive information and to compromise a vulnerable system.

tags | advisory, web, vulnerability
SHA-256 | 468316ce679c99742ba111c55cf9768dfd3f23c467d4ee76c196fe6c831eb720
AdvGuestbookXSS.txt
Posted Dec 29, 2005
Authored by MorX | Site morx.org

Advanced Guestbook 2.2 and 2.3.1 and possibly other versions suffer from XSS

tags | advisory
SHA-256 | 97fdbbe1eee5c91e2152c46da5323b175e5a48a306303940f269f788384a56c7
cerberus-sql.txt
Posted Dec 29, 2005
Authored by Alejandro Ramos | Site unsec.net

Cerberus Helpdesk suffers from multiple SQL injection vulnerabilities in cerberus-gui and support-center.

tags | advisory, vulnerability, sql injection
SHA-256 | 6c67e69bf43d9d62e135bbbb69e30ab523d5dcf792a7af2e1980e5ce02a2dc36
translateXSS.txt
Posted Dec 29, 2005
Authored by _6mO_HaCk | Site morx.org

Simo Ben youssef has found that many translation websites are vulnerable to cross site scripting attacks. Poof of concept provided.

tags | advisory, xss
SHA-256 | 8f0c6e69d24b5d5fff6b5fa377b992d590cb87ddd32fe849a3a441a3affbf90b
BuHa-6.txt
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #6 - DoS - Null Pointer Dereference in Internet Explorer. POC code provided.

tags | advisory
SHA-256 | 0f56804f1fe3912279272224abf49a61fbd758a6412a7ee682d35bea37787589
BuHa-5.txt
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #5 - DoS - Null Read Dereference in Internet Explorer. POC code provided.

tags | advisory
SHA-256 | adc3ad8dea999499e1161a4bb4a85fc5449eaffe3deeb8f55c311fb56f2895d4
BuHa-4.txt
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #4 - DoS - Null Pointer Dereference in Internet Explorer. POC code provided.

tags | advisory
SHA-256 | c256b95d508314bcb345b9e44201f19f3c7fb9e102b53ba115deab67e98c23a2
SpbKioskEngine.txt
Posted Dec 29, 2005
Authored by Airscanner | Site airscanner.com

Airscanner Mobile Security Advisory #05083101 - Kiosk Engine allows an administrator to enter their passcode to gain full control over a PDA with the Kiosk Engine installed . This passcode is stored in the registry as plaintext and can be obtained several different ways (eg. remote registry access.)

tags | advisory, remote, registry
SHA-256 | f17d7447a363b29aee64bab6f4e548afeaf6030d0f0ca9994ac377e6d9af245b
Dev_15_sql_xpl.php.txt
Posted Dec 29, 2005
Authored by rgod | Site retrogod.altervista.org

Dev Web versions less than of equal to 1.5 'cat' SQL injection and admin MD5 password hash disclosure exploit.

tags | exploit, web, sql injection
SHA-256 | 6386c2a11ecb3fc31da5a8300471e2e749259809a7057c0b741d2963cb3616de
TKADV2005-12-001.txt
Posted Dec 29, 2005
Authored by Tobias Klein | Site trapkit.de

MyBB Versions PR2 Rev.686 and prior contain multiple SQL Injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | f14b861afdba28a4b669c3dac2d290c463a747fab9d50c2f75c7bf75d79098c4
bluediving.tgz
Posted Dec 29, 2005
Authored by Bastian Ballmann | Site sourceforge.net

Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.

tags | tool, spoof, rootkit
systems | unix
SHA-256 | 12ce045142c5b1982084ea31b13a719e9e073630450a049fd5d6f92e8726ba3b
PUISIS10202005.txt
Posted Dec 29, 2005
Authored by Polytechnic University ISIS | Site isis.poly.edu

Polytechnic University ISIS Security Advisory - Electric Sheep v2.6.3: Due to insufficient bounds checking, a lengthy window-id parameter can cause a stack based buffer overflow to occur allowing execution of arbitrary code with the privileges of the invoking user. This could potentially be used as a backdoor entry point.

tags | advisory, overflow, arbitrary
SHA-256 | fe535e672aca384ceba19535d79a547f40b9701c01707efbe397fa4f149d98c2
radmind-1.5.1.tgz
Posted Dec 29, 2005
Site rsug.itd.umich.edu

radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.

Changes: Added support for case insensitive file systems. Added lsort to sort transcripts. Various bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 25341041c0578263393b348ae88e4a856a2c28806aa1994949247da7cec50c78
Simpbook.txt
Posted Dec 29, 2005
Authored by zeus | Site olimpusklan.org

Simpbook suffers from an HTML injection vulnerability in the guestbook HTML area. #

tags | advisory
SHA-256 | 681b3414ac3067c1597530450adb7f44d2f5d742655d0d8b216bd889d04b062c
silc-toolkit-1.0.2.tar.gz
Posted Dec 29, 2005
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.

Changes: Multiple bug fixes.
tags | protocol
SHA-256 | 3057fac128fb7230fb770d859e7dbc677729be42dcdbd3669b41b20e518775f0
Samhain File Integrity Checker
Posted Dec 29, 2005
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 0c7021635a0c2cc47be8758fd56fdeb7c33cac289d853d193f4cb38cdfb4f1fc
multiadm-1.0.3.tbz2
Posted Dec 29, 2005
Authored by Jan Engelhardt | Site alphagate.hopto.org

The MultiAdmin security framework kernel module provides a means to have multiple root users with unique UIDs. This bypasses collation order problems with NSCD, allows you to have files with unique owners, and allows you to track the quota usage for every real user. It also implements a sub-admin, a partially restricted root user who has full read-only access to most subsystems, but write rights only to a limited subset, for example writing to files or killing processes only of certain users.

tags | kernel, root
systems | linux
SHA-256 | edfa083298657fae0722de83c91b01baf9712a9cff9a739298a60b6c7aeaa86e
SA-20051223-1.txt
Posted Dec 29, 2005
Authored by SEC Consult | Site sec-consult.com

SEC Consult Security Advisory 20051223-1 - It is possible to read arbitrary files of the system such as the WEB-INF directory through the OracleAS discussion forum portlet. An attacker needs to know the file names.

tags | advisory, web, arbitrary
SHA-256 | 775697c50859caa89bbb921a8a51d9bd892979eb7a28b8ba315d443a6c2d066a
0.2a1.tgz
Posted Dec 29, 2005
Authored by Adam Gleave | Site metawire.org

Arri provides an interface for accessing arrays in a safe manner that means that it is impossible to cause an overflow and, if the array is set to hard (it normally is), truncation. In addition to simply providing an interface for handling arrays, it also provides interfaces for using the arrays such as an IO API.

tags | overflow
systems | unix
SHA-256 | 15ea6a61c07655d09a0585cc3729145aac56ac5e0a5ca02b1d268af5c47fd466
SA-20051223-0.txt
Posted Dec 29, 2005
Authored by SEC Consult | Site sec-consult.com

SEC Consult Security Advisory 20051223-0 - OracleAS Discussion Forum Portlet suffers from multiple Cross Site Scripting vulnerabilities. E.g. it is possible to create relogin trojans, steal session cookies, alter the content of the site or hide articles which don't show up in the overview page.

tags | advisory, trojan, vulnerability, xss
SHA-256 | d04346051912499b9c28f07d881f6390328e316d05d29a873a9d1b5b4f88b1a6
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close