what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2006-10-21

php-fd.txt
Posted Oct 21, 2006
Authored by dimmoborgir

The php functions "exec", "system", "popen" (and similar) keep file descriptors of the parent process opened. When a new process is run this program will inherit all opened file descriptors of its parent. This can be used by hostile programs to listen and accept connections on port 80, or write to the apache log files.

tags | advisory, php
SHA-256 | df0886b7417f348dce9959a45e47a889aa6e01dd100f026507d0c694e50c33e3
Armorize-ADV-2006-0006.txt
Posted Oct 21, 2006
Authored by Armorize | Site armorize.com

Armorize-ADV-2006-0006 discloses multiple cross-site scripting vulnerabilities that are found in KnowledgeBank (http://sourceforge.net/projects/knowledgebank/), which is a is a PHP/mySQL web app that allows you to create a searchable database application with categories, subcategories, and screenshots.

tags | advisory, web, php, vulnerability, xss
SHA-256 | c927285de10b58e4f08255e17e9aac5473d0afa4e7f732a3759dd534a2c01d3d
KICS-cms.txt
Posted Oct 21, 2006
Authored by fireboy

KICS cms suffers from an SQL injection vulnerability that can be used to gain administrative privileges.

tags | exploit, sql injection
SHA-256 | c63da37314a6840ff5959a53f296ea306761576606a8d1acabaa3afa922df13b
UltraCMS-0.9.txt
Posted Oct 21, 2006
Authored by fireboy

UltraCMS 0.9 suffers from an SQL injection vulnerability which can be used to gain administrative privileges.

tags | exploit, sql injection
SHA-256 | 16f09bababa6c7297143a2a4505336bd9103adb0e2dc170f27c5573543ee0858
DigitalHive2.0.txt
Posted Oct 21, 2006
Authored by Mahmood_ali

DigitalHive 2.0 RC2 suffers from a remote file inclusion vulnerability in base_include.php.

tags | exploit, remote, php, file inclusion
SHA-256 | 64c56e2bb825fa0e0a6fff5d832614de9a5d2c84b668a23f35957848a9af3001
TORQUE-audit.pdf
Posted Oct 21, 2006
Authored by Luis Miguel Ferreira da Silva | Site csirt.fe.up.pt

A paper discussing a race condition vulnerability in a software package called TORQUE Resource Manager.

tags | advisory
SHA-256 | 8e3866e0319643aa29a9919eaa286e3471d96bfe045e873e7e743efd8891fb19
rPSA-2006-0195-1.txt
Posted Oct 21, 2006
Site rpath.com

rPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | d62aeb3881b902a5efb505319342562b3c2dd128421144cad0ce895f592acd96
aimject-0.8.tar.gz
Posted Oct 21, 2006
Authored by Jon Oberheide | Site jon.oberheide.org

Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.

Changes: integrated ARP/DNS spoofing, IP forwarding command execution (linux/*bsd), max screenname length bumped to account for extended names, screenname formatting issue fixed to avoid detection during local message injection
tags | tool, sniffer, protocol
SHA-256 | 8975e8f16ac28ee7b9331a2b37d25c54c13dab742ee263dc198ad8e73e93e6bd
HP Security Bulletin 2006-12.64
Posted Oct 21, 2006
Authored by Hewlett Packard | Site hp.com

HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065: Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.

tags | advisory, vulnerability
SHA-256 | d534dbc9037f027408f159b6b857432cbdcb78dbb5f9bd0ddedf322433ac96f7
Ubuntu Security Notice 367-1
Posted Oct 21, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 367-1: An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service.

tags | advisory, denial of service, arbitrary, sql injection
systems | linux, ubuntu
SHA-256 | 90854ac0e96c7bdf1a8c3510f8ee136c7c53119f8c29929c8dcea427e0ab3fa5
Ubuntu Security Notice 366-1
Posted Oct 21, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
SHA-256 | 1ffc1a3c73c760ac58f91ec3ae453c8ca7a813338127f8d1868f21bb892b88b0
Ubuntu Security Notice 366-1
Posted Oct 21, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
SHA-256 | 1ffc1a3c73c760ac58f91ec3ae453c8ca7a813338127f8d1868f21bb892b88b0
Gentoo Linux Security Advisory 200610-8
Posted Oct 21, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200610-08 - Unchecked use of strcpy() and *scanf() leads to several buffer overflows. Versions less than 15.5.20060927 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | 28493ecd8598067c624d4c2bb2b0a887735dd04d2ba935ad91f1d97352b11180
DRUPAL-SA-2006-024.txt
Posted Oct 21, 2006
Authored by Uwe Hermann | Site drupal.org

Drupal security advisory - DRUPAL-SA-2006-024: Multiple XSS (cross site scripting) vulnerabilities have been discovered.

tags | advisory, vulnerability, xss
SHA-256 | 1aa675f91c66e69c739dbfa33817a0d04e6526d3a5f2b4c2b15192944ad977b4
DRUPAL-SA-2006-025.txt
Posted Oct 21, 2006
Authored by Uwe Hermann | Site drupal.org

Drupal security advisory DRUPAL-SA-2006-025: Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal site while visiting a website created by an attacker. This website will now be able to submit any form to the Drupal site with the privileges of user 1, either by enticing the user to submit a form or by automated means. An attacker can exploit this vulnerability by changing passwords, posting PHP code or creating new users, for example. The attack is only limited by the privileges of the session it executes in.

tags | advisory, web, php
SHA-256 | c2eab01fab47cd53866e412e9c040859163e8d5a1dfd064f8742b495b323b50a
DRUPAL-SA-2006-026.txt
Posted Oct 21, 2006
Authored by Uwe Hermann | Site drupal.org

Drupal security advisory DRUPAL-SA-2006-026: A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site.

tags | advisory
SHA-256 | aac4a667546b92b6c6ad5f65a8adf2bf591fd7078837743847a284bbb2d5ba58
2006_novell_httpstk.pdf
Posted Oct 21, 2006
Authored by Ryan Smith, Michael Ligh

Novell eDirectory/iMonitor Remote Code Execution Security Advisory: Novell's HTTP Protocol Stack (httpstk) is a component of iMonitor which provides a web-based interface for management of eDirectory, an LDAP service forming the basis for many of the world s largest identity-management deployments. The code fails to check the length of client-supplied HTTP Host request-header (e.g. Host: www.host.com) values before using them to build a formatted URL into an inadequate, statically-sized buffer on the stack. This condition occurs in a call to snprintf() while the server is preparing an HTTP redirect response and can be triggered remotely, before any authentication takes place. This can allow attacker supplied code to be executed on vulnerable systems.

tags | advisory, remote, web, code execution, protocol
SHA-256 | 83f493818d78f80ff8f029bc85f643e0e2806d60376926715e9dc35b65088b58
CA Security Advisory 34693
Posted Oct 21, 2006
Authored by Ken Williams, Computer Associates | Site ca.com

[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED): Summary: CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.

tags | advisory, remote, overflow, arbitrary, local, vulnerability
systems | windows
SHA-256 | aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5b
ast-chan_skinny.txt
Posted Oct 21, 2006
Site Security-Assessment.com

The Asterisk Skinny channel driver for Cisco SCCP phones chan_skinny.so) incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root.

tags | advisory, remote, arbitrary, root, code execution
systems | cisco
SHA-256 | 375f21639bb208bd239538725658092493aa1588e6038a60e78e34e06d806e2d
Technical Cyber Security Alert 2006-291A
Posted Oct 21, 2006
Authored by US-CERT | Site cert.org

National Cyber Alert System - Technical Cyber Security Alert TA06-291A: Oracle Updates for Multiple Vulnerabilities

tags | advisory, vulnerability
SHA-256 | 8c2cf43c1e1381dd8f0795056b5bc8eeed34189c5408d22004d2fb83b5e60de0
fmat.txt
Posted Oct 21, 2006
Authored by K-sPecial | Site xzziroz.net

An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.

tags | paper
systems | unix
SHA-256 | 0c45b1d562e077e6945b0677cd1ab74d79b4754f927c1df8be3f30b948146365
Secunia-JoomlaBSQ.txt
Posted Oct 21, 2006
Site secunia.com

Secunia Research 18/10/2006 - Joomla BSQ Sitestats Script Insertion and SQL Injection: Secunia Research has discovered some vulnerabilities in the BSQ Sitestats component for Joomla, which can be exploited by malicious people to conduct script insertion or SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 75f22230642955d8f34b22474e9d1fbc4ee2657453e32d589105b5c872b599fc
Secunia-LotusNotes.txt
Posted Oct 21, 2006
Site secunia.com

Secunia Research 18/10/2006: IBM Lotus Notes Insecure Default Folder Permissions - Secunia Research has discovered a security issue in Lotus Notes, which can be exploited by malicious, local users to manipulate arbitrary files.

tags | advisory, arbitrary, local
SHA-256 | 329a738d598319ed98c9d729752ed575b69c649c13730dad35244762b9e39337
Airmagnet-vuln.txt
Posted Oct 21, 2006
Authored by ptsecurity

The management interface of AirMagnet Enterprise contains several middle-risk vulnerabilities. Vulnerabilities ranges from reflected and stored Cross-Site scripting to remote code execution and protection bypass.

tags | advisory, remote, vulnerability, code execution, xss
SHA-256 | 45b51e4b288d9397d096ede91151af95bd3a8a02a4557cdb8b9a9635359a4393
Highwall-ids.txt
Posted Oct 21, 2006
Authored by ptsecurity

Highwall Enterprise and Highwall Endpoint wireless IDS management interface contain multiple vulnerabilities which can lead to privilege escalation and code execution.

tags | advisory, vulnerability, code execution
SHA-256 | 104af84b88d66190c16142880c76ba81765558cf0f8d6a9b89f3c81eacec3f1d
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close