exploit the possibilities
Showing 1 - 25 of 79 RSS Feed

Files Date: 2006-10-12

Hardened-PHP Project Security Advisory 2006-09.133
Posted Oct 12, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity. The successful exploitation of this integer overflow will result in arbitrary code execution. PHP versions below 4.3.0 and versions below or equal to 5.1.6 are affected.

tags | advisory, overflow, arbitrary, php, vulnerability, code execution
MD5 | e179df9a8badbdc246d4a3c33f86142d
adv51-K-159-2006.txt
Posted Oct 12, 2006
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

docmint versions 2.0 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | 00bcbdb40616b76d9cbb32fd7cd0191b
Echo Security Advisory 2006.49
Posted Oct 12, 2006
Authored by Echo Security, the_day | Site advisories.echo.or.id

OpenDock Easy Doc versions 1.4 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | 2536a4e95f847a9541f2cd0f3afbb4e4
Echo Security Advisory 2006.48
Posted Oct 12, 2006
Authored by Echo Security, the_day | Site advisories.echo.or.id

WebYep versions 1.1.19 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | 5e87cdff362e9cc7ebcb7a92549a4b7a
moodle162.txt
Posted Oct 12, 2006
Site w4ck1ng.com

Moodle version 1.6.2 is susceptible to SQL injection attacks.

tags | exploit, sql injection
MD5 | 0b0cb809b03e560194c1f8582bbe43ec
advancedpoll202.txt
Posted Oct 12, 2006
Authored by Pro Hacker | Site worlddefacers.de

Advanced Poll version 2.02 suffers from a remote file inclusion flaw.

tags | exploit, remote, file inclusion
MD5 | 2a046c9fe86c9f155a0ba4b2e5560360
fastfind.txt
Posted Oct 12, 2006
Authored by Dr.Ninux

FastFind, a popular search engine script, suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | edbef8cc42a5631c903ae0e6145c5a31
freeforum097.txt
Posted Oct 12, 2006
Authored by XORON

FreeForum version 0.9.7 suffers from a remote file inclusion vulnerability in fpath.

tags | exploit, remote, file inclusion
MD5 | 5881e2a25dd7b2a879ae9ce8d0b13ff2
cahierSQL.txt
Posted Oct 12, 2006
Authored by S4mi

Cahier de textes version 2.0 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 39e02c606d85f6a80f0ac3bc1dd93453
phpIncludes.txt
Posted Oct 12, 2006
Authored by DarkFig | Site acid-root.new.fr

TribunaLibre version 3.12 Beta, registroTL, compteur_v2, eboli, Jasmine-Web, and Foafgen version 0.3, and Album Photo Sans Nom version 1.6 all suffer from file inclusion and/or source disclosure flaws.

tags | exploit, web, file inclusion
MD5 | 064c0286718d6d70aab452eec0bb40d8
LSsec Security Advisory 2006-03-30
Posted Oct 12, 2006
Authored by LSsec | Site lssec.com

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due to incorrect handling of RPC requests on TCP port 6503. The interface is identified by dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 45 specifies the vulnerable operation within this interface.

tags | advisory, arbitrary, tcp
MD5 | 3b7c765a2ecc349f349588246f562d62
LSsec Security Advisory 2006-03-30
Posted Oct 12, 2006
Authored by LSsec | Site lssec.com

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due to incorrect handling of RPC requests on TCP port 6503. The interface is identified by c246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 43 specifies the vulnerable operation within this interface.

tags | advisory, arbitrary, tcp
MD5 | 2c97d955e2d14d7b2c2f319ea7efce92
LSsec Security Advisory 2006-03-30
Posted Oct 12, 2006
Authored by LSsec | Site lssec.com

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Discovery Service (casdscsvc.exe) due to incorrect handling of requests on TCP port 41523.

tags | advisory, arbitrary, tcp
MD5 | b6105d76cd92a456c5578370c02539bb
TOR Virtual Network Tunneling Tool 0.1.1.24
Posted Oct 12, 2006
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Major and minor bug fixes in this release.
tags | tool, remote, local, peer2peer
MD5 | 28dea6a77a43b6e421e1bd7b2cc3d940
honeytrap-0.6.3.1.tar.gz
Posted Oct 12, 2006
Authored by Tillmann Werner | Site honeytrap.sourceforge.net

Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.

tags | tcp, system logging
systems | unix
MD5 | e81c42c4f69046911bd38e255ab66ee7
phpbbViewed10.txt
Posted Oct 12, 2006
Authored by XORON

phpBB User Viewed Posts Tracker versions 1.0 and below suffer from a remote file inclusion vulnerability in phpbb_root_path.

tags | exploit, remote, file inclusion
MD5 | 9cb0e3443425143920820266b160757a
emekportal21.txt
Posted Oct 12, 2006
Authored by Dj ReMix

Emek Portal version 2.1 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 0530792b3afa2a2ca6fc1b0762ca084f
lotusApplets.txt
Posted Oct 12, 2006
Authored by Jouko Pynnonen | Site klikki.fi

Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.

tags | advisory, java, vulnerability
MD5 | 62b31aee8f7e335e5bf9356eca15eae2
wikyblog.txt
Posted Oct 12, 2006
Authored by Mohandko

WikyBlog versions 1.2.3 and below suffer from a remote file inclusion vulnerability in includeDir.

tags | exploit, remote, file inclusion
MD5 | 11a006c1ac77b56ceb682a95311ece5f
glsa-2006010-03.txt
Posted Oct 12, 2006
Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200610-03 - Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. Versions less than 4.2.4.1 are affected.

tags | advisory
systems | linux, gentoo
MD5 | 6af5650e4f8e6b6edbd58c6cd9dbe9d9
Ubuntu Security Notice 359-1
Posted Oct 12, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 359-1 - Benjamin C. Wiley Sittler discovered that Python's repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2006-4980
MD5 | 88f2eb792fa6a2cce2592044b53f592c
torrentfluxXSS.txt
Posted Oct 12, 2006
Authored by Steven Roddis | Site stevenroddis.com.au

Torrentflux version 2.1 suffers from a cross site scripting condition using the User-Agent as an attack vector.

tags | advisory, xss
MD5 | 442e4995d057717e055e2797d857c9bd
freewps-exec.txt
Posted Oct 12, 2006
Authored by HACKERS PAL | Site soqor.net

Exploit for remote command execution due to a flaw in the Free WPS file upload functionality.

tags | exploit, remote, file upload
MD5 | d7784b69861b3c126dd0234a91a485ae
exploit-NAVENG-222AD3.rar
Posted Oct 12, 2006
Authored by Ruben Santamarta | Site reversemode.com

Local proof of concept exploit for the Symantec Antivirus Engine that requires no special privileges (6 of 6).

tags | exploit, local, proof of concept
MD5 | 54519922ca7814de921c787148896b56
exploit-NAVEX15-222AD3.rar
Posted Oct 12, 2006
Authored by Ruben Santamarta | Site reversemode.com

Local proof of concept exploit for the Symantec Antivirus Engine that requires no special privileges (5 of 6).

tags | exploit, local, proof of concept
MD5 | 06ad9f6a32c65dc3e856dd94f6b58039
Page 1 of 4
Back1234Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close