Purple Paper: Exegesis Of Virtual Hosts Hacking - First paper written on the topic of virtual hosts hacking. It covers basic skills such as passive discovery techniques and (almost) stealth active discovery techniques. It also presents possible scenarios of exploitation.
6a45b8e7895fe76ca657fbbe88dec0c24eff9e9c15bb2b9647844931fd4e3168Secunia Security Advisory - retard has discovered a vulnerability in textfileBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
f5f9bd5e7787e71bbb36995fb3ace8bcafd05035637670f97c74e49a5d915a08Secunia Security Advisory - A vulnerability has been reported in Kerio MailServer, which can be exploited by malicious people to cause a DoS (Denial of Service).
3e7d46655d5f45c98d037e253e2fb16c7d24d1cc87cebcd5a1da9f26dbbf470bSecunia Security Advisory - Hamid Ebadi has discovered two vulnerabilities in Nodez, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
9e9e00fde7451dee8da5ca08c8bcfaa6331a54724ec99ee9d55755681a4abec9Secunia Security Advisory - rgod has discovered a vulnerability in Gallery, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
2ce8caf030c0c89391565bc1349c6914506860406e66b82a1926a4bde65422c2Secunia Security Advisory - Debian has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious users to manipulate certain information and by malicious people to conduct cross-site scripting attacks.
2855d97b2816c867a62c4938b1f163ba511df4d04745f327f85d638eb7bfad19Secunia Security Advisory - KAPDA has discovered two vulnerabilities in D2KBlog, which can be exploited by malicious people to conduct script insertion and SQL injection attacks.
0bfced96a2db3b8fca66a21e8f6b835f829a16a03cac5195b456d7c5af2565c0Secunia Security Advisory - x128 has discovered a vulnerability in RedBLoG, which can be exploited by malicious people to conduct SQL injection attacks.
ab043439404a82dbae2b05bea2f03b9784255636021bd2755bd82553c98189bbSecunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), cause files to be extracted to arbitrary locations on a user's system, and potentially compromise a user's system.
9a5242d666a7077c8d2087fb893bac056f822f21bef490985c6e99747b8ee143Gallery version 2.0.3 and below stepOrder[] remote command execution exploit.
f8924adab9bc965dfeac5c86eb94a9bd4a873ce8874d3b75619b71e3f623ee76Noah's Classifieds version 1.x is susceptible to multiple cross site scripting flaws.
a4f4050450ea038d773fad923cd13ddc8bb97173cfcf10ae5e33658a5c63febdSnort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
b9f3e21467a5f6dd827ddb80dc9ac29ea272e4a5633a6a8a583f523a219e00e918 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000.
58f962ac238c6133586c48ff429444c47dea31886161594510684c0686e9bf7bapGuard is an innovative project which automates the process of setting up permanent rights for files and directories.
2c0c851432a2725e0e5720ccf1cb8d621ddcfe03edec952d532212a9cab42c5dSecurity Cloak is designed to protect against TCP/IP stack fingerprinting and computer identification/information leakage via timestamp and window options by modifying relevant registry keys. The settings used are based on the results of SYN packet analysis by p0f. While the OS reported by other OS detection scanners were not identical to those of p0f, testing against Nmap, xprobe2, queso and cheops showed that they were unable to identify the correct operating system/version after Security Cloak settings had been applied.
66e4dab7b1c77acc36e113c187db43fce3b3e2841a33f0be05bdce710d59e95bAnother credential leak was found in the Netcool/NeuSecure Security Information Management platform which allows for remote backend database access with administrative privileges by an unauthenticated remote user.
0415c243f02aa6998f94cdbbc394030b7d77015586e9f344715982d6638a0b4ctextfileBB versions 1.0 and below suffer from multiple cross site scripting flaws.
5eb4e5cf22834d35068ecfd02e8d2c4ff8cab55454516658027b2915c06aa0f1capi4hylafax version 01.03.00 is susceptible to a symbolic link creation vulnerability.
d1187b6447a12e8aa60baebabb24d3f366afa29a92c4f621947b96d0a4a6c446Dropbear SSH server remote denial of service exploit that makes use of a design error in the authorizations-pending connection code. Version 0.47 and below are susceptible to attack.
8a2ce32dd786ff500d942044c4e4b7de76dd2cf0e0f782fab34404795ffeaa46sBlog version 0.7.2 suffers from multiple cross site scripting vulnerabilities.
3efd11fdde77f4a3ac198fa685c5bdbe4f4eafb8e987b89af57c116ed761bf5dProof of concept exploit for Alien Arena 2006 Gold Edition versions 5.00 and below which suffer from format string and buffer overflow vulnerabilities.
a8503872a481d4bca38db317775f731292d9c2a870c718e7ef2526bb0c9b0989Alien Arena 2006 Gold Edition versions 5.00 and below suffer from format string and buffer overflow vulnerabilities.
758b2865a8389885d4f51a1d927a643500f2bd9557c72ef68f88f5c01b9939b9Loudblog CMS is susceptible to SQL injection and a couple inclusion flaws.
a87c53fc69e1553e5d8ba4572e563ff78f4913d6365ff10d0deefc888916ca31Revilloc MailServer and Proxy version 1.21 remote proof of concept exploit for the USER directive heap overflow. Binds a shell to port 9191.
3c9ad856259ed9d850a7e48cd14c79377eb82fa3483a9cd37f035a2880eedc5aOinkmaster is simple Perl script released under the BSD license to help update and manage Snort 2.0+ rules and to comment out the unwanted ones after each update. It will report what has changed since the last update, offering good change control.
3d52f0426aa7c81b122cef22b80d708d8bb8337537e48754a065804f46c46162
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed