what you don't know can hurt you
Showing 1 - 25 of 84 RSS Feed

Files Date: 2006-08-18

Technical Cyber Security Alert 2006-220A
Posted Aug 18, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA06-220A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | windows
MD5 | 7ec097a96a4e090747f3fde6af006749
bloghoster.txt
Posted Aug 18, 2006
Site darkend.org

BlogHoster version 2.2 suffers from a HTML injection flaw.

tags | advisory
MD5 | 8f71c06ff3dd166c415b5e6023e2106e
Gentoo Linux Security Advisory 200608-14
Posted Aug 18, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-14 - Luigi Auriemma found a heap-based buffer overflow in the it_read_envelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a .it (Impulse Tracker) file with a large number of nodes. Versions less than 0.9.3-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
MD5 | cf4e6dedd54e0982e632567cd9898355
AD20060808.txt
Posted Aug 18, 2006
Authored by Sowhat | Site nevisnetworks.com

A vulnerability Microsoft Powerpoint allows remote attackers to execute arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious .PPT file in order to redirect execution into attacker-supplied data. Exploitation requires that the attacker coerce or persuade the victim to open a malicious .PPT file.

tags | advisory, remote, arbitrary
advisories | CVE-2006-3449
MD5 | 6b059b804c16dc79c26bb096e7389989
cwfm091.txt
Posted Aug 18, 2006
Authored by Philipp Niedziela

Cwfm version 0.9.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | e55cb05b02b959800f62d85b4186b98b
ISR-novellxss.txt
Posted Aug 18, 2006
Authored by Francisco Amato | Site infobyte.com.ar

Novell Groupwise WebAccess is susceptible to cross site scripting attacks. Versions 7 and 6.5 are susceptible.

tags | advisory, xss
advisories | CVE-2006-3817
MD5 | 5348a6588f8934f49053edd7efd0ee76
TSRT-06-10.txt
Posted Aug 18, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.

tags | advisory, remote, web, arbitrary
advisories | CVE-2006-3086
MD5 | 4cd4fcb31b87b3caf74c3f6a33872b84
TSRT-06-09.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the DirectAnimation.DATuple ActiveX control when improperly calling the Nth() method. By supplying a positive integer we can control a data reference calculation that is later used to control execution. The problem is due to the lack of sanity checking on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in danim.dll.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3638
MD5 | 62ebccb883a929d71f78ed572f32721c
TSRT-06-08.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability can lead to code execution when instantiating the Internet.HHCtrl COM object through Internet Explorer. The flaw exists due to invalid freeing of heap memory when several calls to the "Image" property of the ActiveX control are performed. By abusing the jscript.dll CScriptBody::Release() function user supplied data can be executed.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3357
MD5 | 7828ca0ead357bb71ab8824fba67dda7
MITKRB-SA-2006-001.txt
Posted Aug 18, 2006
Site web.mit.edu

MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.

tags | advisory, local, vulnerability
advisories | CVE-2006-3083, CVE-2006-3084
MD5 | 0c1c5ebbbd9d2f09b63d67ad70fcacd1
arch.txt
Posted Aug 18, 2006
Site darkend.org

Archangel Weblog versions 0.90.02 and below suffer from html injection flaws.

tags | advisory
MD5 | 99b34f70fdb588a210de89755410c25c
Zero Day Initiative Advisory 06-027
Posted Aug 18, 2006
Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com

A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2006-3450
MD5 | 60d51fbccc544e1027e68c4f283ca29a
Zero Day Initiative Advisory 06-026
Posted Aug 18, 2006
Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com

A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. Crafting a long chain of CSS imports in an HTML document results in a memory corruption eventually leading to code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2006-3451
MD5 | 3bbef368a489c3994360b8254ca78877
TSRT-06-07.txt
Posted Aug 18, 2006
Authored by Pedram Amini | Site zerodayinitiative.com

The eIQnetworks Enterprise Security Analyzer suffers from multiple vulnerabilities that allow remote attackers the ability to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2006-3838
MD5 | b793276ff876a405eb48b8b0259692db
phNNTP13.txt
Posted Aug 18, 2006
Authored by Tr_ZiNDaN

phNNTP version 1.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | d1a07a8e92fb05ea13efdb956d28e394
petefinnigan.pdf
Posted Aug 18, 2006
Authored by Pete Finnigan | Site petefinnigan.com

Black Hat Conference Presentation - How to Unwrap Oracle PL/SQL.

tags | paper
MD5 | 0a38b917b800a534ce283d5555895fc9
FCEUltra.txt
Posted Aug 18, 2006
Authored by KaiJern, Lau

FCE Ultra versions 0.98.1 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 9dd2b44e9702133a550b74ffad5f01d8
mojoxss.txt
Posted Aug 18, 2006
Authored by tugra

MojoScripts' mojoGallery is susceptible to cross site scripting attacks.

tags | exploit, xss
MD5 | 06e6fc7ecf0eee66a2a5bc0c3c96f94a
docpile.txt
Posted Aug 18, 2006
Authored by XORON

docpile:we version 0.2.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | caf20aed0c04a078eb5cba7740149fed
Gentoo Linux Security Advisory 200608-13
Posted Aug 18, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-13 - Damian Put has discovered a boundary error in the pefromupx() function used by the UPX extraction module, which unpacks PE Windows executable files. Both the clamscan command-line utility and the clamd daemon are affected. Versions less than 0.88.4 are affected.

tags | advisory
systems | linux, windows, gentoo
MD5 | 04392bfae45c8b347770bfbb6b5d9f01
mywayxss.txt
Posted Aug 18, 2006
Authored by codeslag

mysearch.myway.com suffers from a cross site scripting flaw.

tags | exploit, xss
MD5 | d7265888db73fb951c290e2effe0ce60
msxss2.txt
Posted Aug 18, 2006
Authored by Thomas Pollet

forums.microsoft.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6e3141ca6f59ab82bd70256f88dc1d3c
bypassScript.txt
Posted Aug 18, 2006
Authored by Cheng Peng Su

Whitepaper discussing the bypassing of script filter with variable-width encodings.

tags | paper
MD5 | d6ee6506d4d8e6e0d0032a49e253c3a6
Debian Linux Security Advisory 1145-1
Posted Aug 18, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1145-1 - Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2005-4745, CVE-2006-4746
MD5 | f7b7e545b82b72d82c85a53069c7b316
EEYEB-20060719.txt
Posted Aug 18, 2006
Site eeye.com

eEye Digital Security has discovered a vulnerability in McAfee Security Center that ships with all McAfee consumer products. There is a remote code execution vulnerability that allows an attacker to take complete control of a remote computer by exploiting a vulnerability found in the Subscription Manager ActiveX control.

tags | advisory, remote, code execution, activex
MD5 | 7bc189cfeb13dd834ac8dd9109dc3f18
Page 1 of 4
Back1234Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close