exploit the possibilities
Showing 1 - 25 of 733 RSS Feed

Files Date: 2005-12-01 to 2005-12-31

Posted Dec 29, 2005
Authored by hash | Site gotfault.net

Stealfly is proof of concept perl code that illustrates the usage of port knocking. The server sits on a defined interface and listens for a certain amount of UDP packets to be sent from a chosen ip that will use a range of source ports for each packet. If the rules are satisfied then server will open it's port or connect back using netcat.

tags | tool, udp, scanner, perl, proof of concept
systems | unix
MD5 | 654a6be0a89a56b3b2084d3d7c89f76a
Posted Dec 29, 2005
Authored by David Miller | Site bugzilla.mozilla.org

Bugzilla versions 2.9 through 2.16.10 use a script called syncshadowdb to manually replicate data between a master database and a slave. The script uses temporary files in an unsafe way since it selects a name for the file based on PID and does not make any effort to determine if the file exists and if it is a symlink. A local user could use this to direct symlink attacks and overwrite files that Bugzilla has access to.

tags | advisory, local
MD5 | c431672933e2b7aa1270fc278c499911
Posted Dec 29, 2005
Authored by David Maciejak

A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).

tags | advisory, remote, denial of service
systems | juniper
MD5 | 680f74d21d1a351f37673fcf3805d73b
Posted Dec 29, 2005
Authored by fRoGGz | Site secubox.shadock.net

BpowerAMP Music Converter v11.5 and prior local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 07cdccb20d13c9120729756bbdc1d4ee
Posted Dec 29, 2005
Authored by Secunia Research | Site secunia.com

Secunia Research has discovered some vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users and by malicious people to disclose potentially sensitive information and to compromise a vulnerable system.

tags | advisory, web, vulnerability
MD5 | aff9785b36131a1c01ce2292d1cf2250
Posted Dec 29, 2005
Authored by MorX | Site morx.org

Advanced Guestbook 2.2 and 2.3.1 and possibly other versions suffer from XSS

tags | advisory
MD5 | bb208b247b2b6abab2678c395179ed2c
Posted Dec 29, 2005
Authored by Alejandro Ramos | Site unsec.net

Cerberus Helpdesk suffers from multiple SQL injection vulnerabilities in cerberus-gui and support-center.

tags | advisory, vulnerability, sql injection
MD5 | b47c61cc65884c5d1f68d4c61798d03e
Posted Dec 29, 2005
Authored by _6mO_HaCk | Site morx.org

Simo Ben youssef has found that many translation websites are vulnerable to cross site scripting attacks. Poof of concept provided.

tags | advisory, xss
MD5 | 5891a2f036e6ca6b9bcffb9f105581a3
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #6 - DoS - Null Pointer Dereference in Internet Explorer. POC code provided.

tags | advisory
MD5 | f96e8b0d97987f2e44a2023f83b8bc04
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #5 - DoS - Null Read Dereference in Internet Explorer. POC code provided.

tags | advisory
MD5 | 0027afb1177f844f5fd9ab13ab3b1673
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #4 - DoS - Null Pointer Dereference in Internet Explorer. POC code provided.

tags | advisory
MD5 | 74cabe9f392d640b64bb64e83de2c0a5
Posted Dec 29, 2005
Authored by Airscanner | Site airscanner.com

Airscanner Mobile Security Advisory #05083101 - Kiosk Engine allows an administrator to enter their passcode to gain full control over a PDA with the Kiosk Engine installed . This passcode is stored in the registry as plaintext and can be obtained several different ways (eg. remote registry access.)

tags | advisory, remote, registry
MD5 | fa89bd85f3e83ee6a86402d14d8ea0c5
Posted Dec 29, 2005
Authored by rgod | Site retrogod.altervista.org

Dev Web versions less than of equal to 1.5 'cat' SQL injection and admin MD5 password hash disclosure exploit.

tags | exploit, web, sql injection
MD5 | 4e8ecca6f99911710c2e7703c1042181
Posted Dec 29, 2005
Authored by Tobias Klein | Site trapkit.de

MyBB Versions PR2 Rev.686 and prior contain multiple SQL Injection vulnerabilities.

tags | advisory, vulnerability, sql injection
MD5 | e3352fc0de7050311d21273de8c12b86
Posted Dec 29, 2005
Authored by Bastian Ballmann | Site sourceforge.net

Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.

tags | tool, spoof, rootkit
systems | unix
MD5 | 7a7211935db1965f3ca5c7822a1497d5
Posted Dec 29, 2005
Authored by Polytechnic University ISIS | Site isis.poly.edu

Polytechnic University ISIS Security Advisory - Electric Sheep v2.6.3: Due to insufficient bounds checking, a lengthy window-id parameter can cause a stack based buffer overflow to occur allowing execution of arbitrary code with the privileges of the invoking user. This could potentially be used as a backdoor entry point.

tags | advisory, overflow, arbitrary
MD5 | b589365583035a87d0a037ad76b2bec8
Posted Dec 29, 2005
Site rsug.itd.umich.edu

radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.

Changes: Added support for case insensitive file systems. Added lsort to sort transcripts. Various bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | 6c8d0e9a9e954e89cffcc64421b783f5
Posted Dec 29, 2005
Authored by zeus | Site olimpusklan.org

Simpbook suffers from an HTML injection vulnerability in the guestbook HTML area. #

tags | advisory
MD5 | e9c1c354b8228dfb9f5ac98af15c62bb
Posted Dec 29, 2005
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.

Changes: Multiple bug fixes.
tags | protocol
MD5 | 0287d21697281da6270bab548ada0982
Samhain File Integrity Checker
Posted Dec 29, 2005
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 8ace68c504e7c149a4647b33a5ea3078
Posted Dec 29, 2005
Authored by Jan Engelhardt | Site alphagate.hopto.org

The MultiAdmin security framework kernel module provides a means to have multiple root users with unique UIDs. This bypasses collation order problems with NSCD, allows you to have files with unique owners, and allows you to track the quota usage for every real user. It also implements a sub-admin, a partially restricted root user who has full read-only access to most subsystems, but write rights only to a limited subset, for example writing to files or killing processes only of certain users.

tags | kernel, root
systems | linux
MD5 | f014a4fed15e3e18ac3607ea854f01c4
Posted Dec 29, 2005
Authored by SEC Consult | Site sec-consult.com

SEC Consult Security Advisory 20051223-1 - It is possible to read arbitrary files of the system such as the WEB-INF directory through the OracleAS discussion forum portlet. An attacker needs to know the file names.

tags | advisory, web, arbitrary
MD5 | 1d87d1947ae86f0e4cf8d658138ddc9b
Posted Dec 29, 2005
Authored by Adam Gleave | Site metawire.org

Arri provides an interface for accessing arrays in a safe manner that means that it is impossible to cause an overflow and, if the array is set to hard (it normally is), truncation. In addition to simply providing an interface for handling arrays, it also provides interfaces for using the arrays such as an IO API.

tags | overflow
systems | unix
MD5 | ae5ae83b2c9ef51c49f74f9ee87a442a
Posted Dec 29, 2005
Authored by SEC Consult | Site sec-consult.com

SEC Consult Security Advisory 20051223-0 - OracleAS Discussion Forum Portlet suffers from multiple Cross Site Scripting vulnerabilities. E.g. it is possible to create relogin trojans, steal session cookies, alter the content of the site or hide articles which don't show up in the overview page.

tags | advisory, trojan, vulnerability, xss
MD5 | c09f976f74b323a3b69215d45d934089
Posted Dec 28, 2005
Authored by Juha-Matti Laurio | Site networksecurity.fi

Networksecurity.fi Security Advisory (21-12-2005) - dtSearch versions prior than 7.20 Build 7136 uses an old version of the unzip library leaving it vulnerable to a buffer overflow.

tags | advisory, overflow
MD5 | 7000edcb2cf95f0a4b67e67f7120484f
Page 1 of 30

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    7 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By