what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 84 RSS Feed

Files Date: 2006-08-18

Technical Cyber Security Alert 2006-220A
Posted Aug 18, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA06-220A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | windows
SHA-256 | 50b39f90e5bfc23ce326ca67856a8f3a70330c703736854854acf826a243ce64
bloghoster.txt
Posted Aug 18, 2006
Site darkend.org

BlogHoster version 2.2 suffers from a HTML injection flaw.

tags | advisory
SHA-256 | d5b526974018700bbd8fe91f5d4d6f62eaa062dfc230fcc969722bf17d654abe
Gentoo Linux Security Advisory 200608-14
Posted Aug 18, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-14 - Luigi Auriemma found a heap-based buffer overflow in the it_read_envelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a .it (Impulse Tracker) file with a large number of nodes. Versions less than 0.9.3-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | 6d82ac4cf611d503f02d89a31a96faf2174778c5db38990eb8eef12fb10e2980
AD20060808.txt
Posted Aug 18, 2006
Authored by Sowhat | Site nevisnetworks.com

A vulnerability Microsoft Powerpoint allows remote attackers to execute arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious .PPT file in order to redirect execution into attacker-supplied data. Exploitation requires that the attacker coerce or persuade the victim to open a malicious .PPT file.

tags | advisory, remote, arbitrary
advisories | CVE-2006-3449
SHA-256 | 30b627d479aa605a484c97b5825eb6551f6f35f7202004e7be15e2a53a90f1cd
cwfm091.txt
Posted Aug 18, 2006
Authored by Philipp Niedziela

Cwfm version 0.9.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 22a59ac7440748d601b9477c803a79ed340dbbe76b48c5c72b4905f91b107e8e
ISR-novellxss.txt
Posted Aug 18, 2006
Authored by Francisco Amato | Site infobyte.com.ar

Novell Groupwise WebAccess is susceptible to cross site scripting attacks. Versions 7 and 6.5 are susceptible.

tags | advisory, xss
advisories | CVE-2006-3817
SHA-256 | ed89535ccb04b5ad07312b883638ed4b701ecaca83e8db67c376289feaf92856
TSRT-06-10.txt
Posted Aug 18, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.

tags | advisory, remote, web, arbitrary
advisories | CVE-2006-3086
SHA-256 | d8d3c87b1ba6bb1e1400f579fa2ee1f092e95d727fbaf20eac30d77c0be0dd20
TSRT-06-09.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the DirectAnimation.DATuple ActiveX control when improperly calling the Nth() method. By supplying a positive integer we can control a data reference calculation that is later used to control execution. The problem is due to the lack of sanity checking on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in danim.dll.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3638
SHA-256 | 769bb97641bc409682a302fdc938fac3ae5a377904cf391babafeb05d9e2157c
TSRT-06-08.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability can lead to code execution when instantiating the Internet.HHCtrl COM object through Internet Explorer. The flaw exists due to invalid freeing of heap memory when several calls to the "Image" property of the ActiveX control are performed. By abusing the jscript.dll CScriptBody::Release() function user supplied data can be executed.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3357
SHA-256 | 0bc39862ef933a14031affb82e5ca6d358a21f94744cabd82cdadf1d60eea715
MITKRB-SA-2006-001.txt
Posted Aug 18, 2006
Site web.mit.edu

MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.

tags | advisory, local, vulnerability
advisories | CVE-2006-3083, CVE-2006-3084
SHA-256 | 5db9ff2738fcd6d0a0ced2e2d5163d49ea87c62d41b14cf20dadce5116a9f956
arch.txt
Posted Aug 18, 2006
Site darkend.org

Archangel Weblog versions 0.90.02 and below suffer from html injection flaws.

tags | advisory
SHA-256 | 2b91910a0fd834c4306140bccb4665ffe30dd8dbf099b23fb0d76c6abca63478
Zero Day Initiative Advisory 06-027
Posted Aug 18, 2006
Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com

A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2006-3450
SHA-256 | 57fb1dc0472d53d18e1e1b8b3ad21deb294e25b88cdbc8f2051142b0af1bbafb
Zero Day Initiative Advisory 06-026
Posted Aug 18, 2006
Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com

A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. Crafting a long chain of CSS imports in an HTML document results in a memory corruption eventually leading to code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2006-3451
SHA-256 | dac941decc7a45743d5845a19527090e075dfa85d406566b90b661b23341d886
TSRT-06-07.txt
Posted Aug 18, 2006
Authored by Pedram Amini | Site zerodayinitiative.com

The eIQnetworks Enterprise Security Analyzer suffers from multiple vulnerabilities that allow remote attackers the ability to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2006-3838
SHA-256 | 0c958ba0e58c280878e97816e04c3b684803e7205a47ff82e11b381192278831
phNNTP13.txt
Posted Aug 18, 2006
Authored by Tr_ZiNDaN

phNNTP version 1.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 4c9c4c08b8c74d80ad77f027e0d7c95aa26967c41a4e4c75e4cbee6e290a7532
petefinnigan.pdf
Posted Aug 18, 2006
Authored by Pete Finnigan | Site petefinnigan.com

Black Hat Conference Presentation - How to Unwrap Oracle PL/SQL.

tags | paper
SHA-256 | 129dd1ef0f1f01363f56cf461f6fea2c38b211109db9b4f409ac4020178a32c0
FCEUltra.txt
Posted Aug 18, 2006
Authored by KaiJern, Lau

FCE Ultra versions 0.98.1 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | ad753b7507a83df06c7222379c89ac4990dfdd983aa2c093328bb594e5d8da25
mojoxss.txt
Posted Aug 18, 2006
Authored by tugra

MojoScripts' mojoGallery is susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | be6c3660444254095dd335b4565132864c43ad1aa0d34d6f9ad2a40852354e1b
docpile.txt
Posted Aug 18, 2006
Authored by XORON

docpile:we version 0.2.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | ecb9a47ead5901d0ddbd0efa404ea5658a38e7dcc9baa8f037b01915fba35e81
Gentoo Linux Security Advisory 200608-13
Posted Aug 18, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-13 - Damian Put has discovered a boundary error in the pefromupx() function used by the UPX extraction module, which unpacks PE Windows executable files. Both the clamscan command-line utility and the clamd daemon are affected. Versions less than 0.88.4 are affected.

tags | advisory
systems | linux, windows, gentoo
SHA-256 | b8545eb7310735bc5ee730c9fb80a86582661d462797e3f6084fa9b098590cf4
mywayxss.txt
Posted Aug 18, 2006
Authored by codeslag

mysearch.myway.com suffers from a cross site scripting flaw.

tags | exploit, xss
SHA-256 | 33e8a6086d4078848a1edb6f03f3f893633f2d30d076a3ebd93f6fb812dbbbcd
msxss2.txt
Posted Aug 18, 2006
Authored by Thomas Pollet

forums.microsoft.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6f370fd3372a87514edf914d1db2374c4fa868c1095ee6fba50efb57c3ef3a99
bypassScript.txt
Posted Aug 18, 2006
Authored by Cheng Peng Su

Whitepaper discussing the bypassing of script filter with variable-width encodings.

tags | paper
SHA-256 | 3f758cdb2a9ed75213ae2fa409be10c8c8b216d0491636c6a61a4c332194a72f
Debian Linux Security Advisory 1145-1
Posted Aug 18, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1145-1 - Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2005-4745, CVE-2006-4746
SHA-256 | 032830d52ad0cc8337c6c145d15954022bdf14ddecc112ada9a40655f1eafee0
EEYEB-20060719.txt
Posted Aug 18, 2006
Site eeye.com

eEye Digital Security has discovered a vulnerability in McAfee Security Center that ships with all McAfee consumer products. There is a remote code execution vulnerability that allows an attacker to take complete control of a remote computer by exploiting a vulnerability found in the Subscription Manager ActiveX control.

tags | advisory, remote, code execution, activex
SHA-256 | 33f57785079720127a76ff9e72a1751b5ec39328493dd4c70ff158e5396f4cd4
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close