exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 320 RSS Feed

Files Date: 2006-08-27

Gentoo Linux Security Advisory 200608-22
Posted Aug 27, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-22 - Toth Andras has discovered a typographic mistake in the fbgs script, shipped with fbida if the fbcon and pdf USE flags are both enabled. This script runs gs without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Versions less than 2.03-r4 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 6cec3afd39bd10ee352f14acd884741c7ed21dec898be1dcc467e2552ea83fe6
Gentoo Linux Security Advisory 200608-21
Posted Aug 27, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-21 - The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid(). Versions less than 0.7.2-r3 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | bb1b35e9d3dd9b1f6370f6632d37f9aadcf832696631e7876acde0288f69862a
MU Security Advisory 2006-08.01
Posted Aug 27, 2006
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record() application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Asterisk versions 1.0.0 through 1.2.10 are affected.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | dbdc141ab5d77885c8dca0d5658fe534d27d30e676035e308e313dba03713a10
Cisco Security Advisory 20060823-firewall
Posted Aug 27, 2006
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Certain versions of the software for the Cisco PIX 500 Series Security Appliances, the Cisco ASA 5500 Series Adaptive Security Appliances (ASA), and the Firewall Services Module (FWSM) are affected by a software bug that may cause the EXEC password, passwords of locally defined usernames, and the enable password in the startup configuration to be changed without user intervention. Unauthorized users can take advantage of this bug to try to gain access to a device that has been reloaded after passwords in its startup configuration have been changed. In addition, authorized users can be locked out and lose the ability to manage the affected device.

tags | advisory
systems | cisco
SHA-256 | 86dedcd234326e37b42f15eef3c2fd8202ebbd8078d22832f633ccdf00fb98bf
Cisco Security Advisory 20060823-vpn3k
Posted Aug 27, 2006
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco VPN 3000 series concentrators are affected by two vulnerabilities when file management via File Transfer Protocol (FTP) is enabled that could allow authenticated or unauthenticated attackers to execute certain FTP commands and delete files on the concentrator.

tags | advisory, vulnerability, protocol
systems | cisco
SHA-256 | bfbf535d988f55392acf03695c462a2f9b98d2368b393a83dad8223de399d4cf
fuckmd5.cpp
Posted Aug 27, 2006
Authored by slythers

MD5 recomputation proof of concept utility.

tags | cracker, proof of concept
SHA-256 | 5ac647a903b57757dcfdf0d60895e4eaccee583636e5928d54d7f91200faec58
coolmessenger.txt
Posted Aug 27, 2006
Authored by Tan Chew Keong | Site vuln.sg

A vulnerability has been found in Cool Messenger Office/School Server. When exploited, the vulnerability allows any people to logon to the messenger server as any user without requiring knowledge of any passwords.

tags | advisory
SHA-256 | 9fd837b7913663fe4e67231c162238ff62e76ec61010aa9b3dfd5b23060068e2
powerzip.txt
Posted Aug 27, 2006
Authored by Tan Chew Keong | Site vuln.sg

A vulnerability has been found in PowerZip version 7.06 build 3895. When exploited, the vulnerability allows execution of arbitrary code when the user opens a malicious ZIP archive.

tags | advisory, arbitrary
SHA-256 | 1095a9a0d27e136c86405542df69e9e2eb4624755051ce1675b03404e3fd3bb2
mcafee-linux1.txt
Posted Aug 27, 2006
Authored by Wei Wang | Site mcafee.com

The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to gain root privileges and execute arbitrary code at kernel privilege level. Versions affected include 2.4.23 through 2.4.32, 2.6 up to and including 2.6.17.7.

tags | advisory, arbitrary, kernel, local, root
systems | linux
SHA-256 | 7275b8171711354a13630e315ec244484467c3a1094dca1f19ecb620b5458b4f
mcafee-symantec1.txt
Posted Aug 27, 2006
Authored by Anthony Bettini

The Symantec Enterprise Security Manager (ESM) platform and agent are susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Affected versions include Symantec Enterprise Security Manager Platform 6 and 6.5.x, Symantec Enterprise Security Manager Agent 6 and 6.5.x.

tags | advisory
SHA-256 | 322d28df666d810593ca68219600180c57c5a335d772cc57ce5f34ab1bc283dd
blsXSS.txt
Posted Aug 27, 2006
Authored by PrOtOn, digi7al64

Blackboard Learning System release 6 suffers from a multitude of cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b3e98ad32f7e9dcdbac019cbb91d5660eafdc9cf66ed34ec23b24b6cfeb29c5b
Mandriva Linux Security Advisory 2006.147
Posted Aug 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-147 - A cross-site scripting (XSS) vulnerability exists in search.php in SquirrelMail versions 1.5.1 and below, when register_globals is enabled, allowing remote attackers to inject arbitrary HTML via the mailbox parameter.

tags | advisory, remote, arbitrary, php, xss
systems | linux, mandriva
advisories | CVE-2006-3174
SHA-256 | e48f8621a446de70b7a28e43f2b627fd78b7ccb7e8c71e4002f2580436949c2b
EEYE-MS06-042.txt
Posted Aug 27, 2006
Authored by Derek Soeder | Site eeye.com

eEye has confirmed that the Internet Explorer crash vulnerability as described in MS06-042 is indeed exploitable.

tags | advisory
SHA-256 | 25511fcd2687aa34d588259c7d6ccedff89b97a4eb9e6853540042e50efcb196
ids_evasion_oracle_sqlnet.pdf
Posted Aug 27, 2006
Authored by Joxean Koret

Write up discussing Oracle database IDS evasion techniques for SQL*Net.

tags | paper
SHA-256 | 64438722e11b55e629becc5c145742b7146f0ec202c91870108b9aec9564fdad
smf_11rc2_lock.html
Posted Aug 27, 2006
Authored by rgod | Site retrogod.altervista.org

Simple Machines Forum versions 1.1 rc2 and below "lock"/Zend_Hash_Del_Key_Or_Index exploit.

tags | exploit
SHA-256 | 711deb0b4203aa77219b3a6ff363dbce6e2703dc948d9f080f362eaf5aeb3b22
smf_11rc2_local_incl.html
Posted Aug 27, 2006
Authored by rgod | Site retrogod.altervista.org

Simple Machines Forum versions 1.1 rc2 and below "lngfile" Zend_Hash_Del_Key_Or_Index/arbitrary local inclusion exploit for use on Windows machines.

tags | exploit, arbitrary, local
systems | windows
SHA-256 | 7ed25559e33e56afba3a0addcba3d760b08a56feccefa5b9f141e0cef632796d
mdaemon_poc.txt
Posted Aug 27, 2006
Authored by Leon Juranic | Site infigo.hr

Proof of concept remote exploit for the MDaemon POP3 preauth buffer overflow. MDaemon versions 8 and 9 are susceptible to this.

tags | exploit, remote, overflow, proof of concept
SHA-256 | e36d9a6cd5875ac91dfbfc8be90a0ef092197e21924979c6115982c649be0d8b
INFIGO-2006-08-04.txt
Posted Aug 27, 2006
Authored by Leon Juranic | Site infigo.hr

During an audit, a critical vulnerability has been discovered in the MDaemon POP3 server. There is a buffer overflow vulnerability in 'USER' and 'APOP' command processing part of the Altn MDaemon POP3 server. The vulnerability can be triggered with providing a long string to USER or APOP commands with '@' characters included in the string. In this case, MDaemon will incorectly process the string and a heap overflow will happen as a result. To trigger the vulnerability, a few USER commands have to be sent to the POP3 Server. Sometimes (depending on the heap state and string length), it is even possible to redirect code execution directly to the supplied input buffer on the heap. MDaemon versions 8 and 9 are confirmed vulnerable.

tags | advisory, overflow, code execution
SHA-256 | d5c9043c3a5da6e06fbb9448e0ee6aac59f636527f57112ed1d576f7218e753d
altnwebadmin.txt
Posted Aug 27, 2006
Authored by TTG

Alt-N WebAdmin versions 3.2.3 and 3.2.4 running with MDaemon version 9.0.5 are susceptible to a directory traversal attack.

tags | exploit
SHA-256 | 72c19e7cb362ea5ae509f0865fb12a638c781d3c384beba7be266c78cd52960d
issue_28_2006.pdf
Posted Aug 27, 2006
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 28 - Featured articles include - How to Report Security Breaches and Why and Should we trust remote kids? monitoring services? - as well as an interview with Nick, SecureMAC.com.

tags | remote
SHA-256 | 2ce0b1c27680b7662bc58565a0cadeb448aeb965ca93f5b4accbacbac7cc8a0f
issue_27_2006.pdf
Posted Aug 27, 2006
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 27 - Featured articles include - Establishing an internal security awareness culture the basics and How do I figure out who?s attacking me? - as well as an interview with Roberto Preatoni, Zone-H.org.

SHA-256 | 1282c77409b38a1fa17f1300ba9e930a766f7794004f1bf06e5b7f035aede53e
issue_26_2006.pdf
Posted Aug 27, 2006
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 26 - Featured articles include - What is your position in the emerging market for software vulnerabilities? and If you don't take care of your Security, someone else will - as well as an interview with Martin Herfurt, Trifinite.org.

tags | vulnerability
SHA-256 | b14b863f77d8a8788db2f65f1cca08a6e32da3a67eae9322cf288166e885d8ec
issue_25_2006.pdf
Posted Aug 27, 2006
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 25 - Featured articles include - Organizational training and today's threatscape and Fortifying your browser even more! - as well as an interview with Johnny Long, johnny.ihackstuff.com.

SHA-256 | 8cd6365a270fa93bd8df9cfd9bc3d8933f26d4ba288c2fb12d51ccfa3459b29d
issue_24_2005.pdf
Posted Aug 27, 2006
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 24 - Featured articles include - Breaking through security myths Part 2 and Threats posed by P2P software - as well as an interview with Vladimir, 3APA3A, Security.nnov.ru.

SHA-256 | 830e18d4705ce26f1e041603177586529d43b14cb082943724f2c19567a29fc7
issue_23_2005.pdf
Posted Aug 27, 2006
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter - Issue 23 - Featured articles include - Breaking through security myths Part 1 and Managing the threats posed by stolen laptops - Tips as well as an interview with David Endler, TippingPoint.com.

SHA-256 | e2b3b7d1424c28b027898642d1641da6afd325a7adb28344e2f941be113a7ea5
Page 1 of 13
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close