what you don't know can hurt you
Showing 1 - 25 of 162 RSS Feed

Files Date: 2006-12-06

barracude-uulib.txt
Posted Dec 6, 2006
Authored by Jean-Sebastien Guay-Leroux

Further research has been performed against the Barracuda Convert-UUlib library buffer overflow.

tags | advisory, overflow
advisories | CVE-2005-1349
MD5 | 0317d42592e8a5ff205667efc5ae7cf7
pirana-0.3.1.tar.gz
Posted Dec 6, 2006
Authored by Jean-Sebastien Guay-Leroux | Site guay-leroux.com

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA's goal is to test whether or not any vulnerability exists on the content filtering platform.

Changes: Added uulib exploitation module and bindshell type of shellcode. Cleanup in the exploit codes. Modifications to the manpage, how the shellcode generator was called, and the README.
systems | unix
MD5 | 5e0aba05b87c5a85cd827b9c583d9943
Debian Linux Security Advisory 1228-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1228-1 - Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.

tags | advisory, web, arbitrary, shell
systems | linux, debian
advisories | CVE-2006-5925
MD5 | 5d878222604b9d0cb04c1dedc8a865ca
HP Security Bulletin 2006-12.67
Posted Dec 6, 2006
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a denial of service.

tags | advisory, remote, denial of service, shell
systems | hpux
advisories | CVE-2006-0225, CVE-2006-4924
MD5 | f0dc16e20b7646299e0b0ccb7b51a158
CYBSEC-Arbitrary.txt
Posted Dec 6, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.

tags | advisory, web
MD5 | d57a01a5b3d05aaf6ecec121dbb72fec
CYBSEC-SAP-IGS.txt
Posted Dec 6, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.

tags | advisory
MD5 | ed52b8035c0c9f2625fff8c9fbdacce2
snort-covert.txt
Posted Dec 6, 2006
Authored by fryxar

Snort patch based on the "tcpstatflow" tool and written to be compiled with snort-2.6.1.1 using the stream4 preprocessor. It is designed to detect traffic that is not HTTP / HTTPS / FTP / SMTP, with a reasonable margin of error.

tags | tool, web, sniffer
MD5 | 1d850cbbfbd2d2b20aeab7d455b919a8
KDE Security Advisory 2006-12-04.1
Posted Dec 6, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2006-6120
MD5 | c18e632bb7ac947a47aa6c2371282695
TSRT-06-14.txt
Posted Dec 6, 2006
Site tippingpoint.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities. Versions below 5.2.9 and below 5.3.4 are affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2006-5855
MD5 | 06a9842e1dad53cc6352302e7020854c
Ubuntu Security Notice 392-1
Posted Dec 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 392-1 - A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-6172
MD5 | 4805d19f9bf436969ea48098b2db01c7
Ubuntu Security Notice 391-1
Posted Dec 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 391-1 - A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-4514
MD5 | 2e9b45e731cb3c390191fcacb3a778d9
snmpcheck-1.6.txt
Posted Dec 6, 2006
Authored by Matteo Cantoni | Site nothink.org

snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD and Windows (Cygwin) systems.

tags | tool, scanner, protocol
systems | cisco, linux, windows, unix, solaris, bsd, hpux
MD5 | 9545e5fd6e9f8ee19414e98d6fe0756c
mowdbb.txt
Posted Dec 6, 2006
Authored by ScReAmDz

mowdBB RC-6 suffers from a cross site scripting flaw.

tags | exploit, xss
MD5 | 4847acaad48a98c7421c355331644640
envolution.txt
Posted Dec 6, 2006
Authored by Kacper | Site rahim.webd.pl

Remote code execution exploit for Envolution versions 1.1.0 and below.

tags | exploit, remote, code execution
MD5 | 1e8dcd6da9786a4e9e8c12f659ad841f
blazevideo.txt
Posted Dec 6, 2006
Authored by Greg Linares

BlazeVideo HDTV Player versions 2.1 and below malformed PLF buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 5f17838629967b7725af835c06997f18
atftp.txt
Posted Dec 6, 2006
Authored by acaro, Qixu Liu

AT-TFTP version 1.9 and below remote buffer overflow exploit that makes use of long filenames.

tags | exploit, remote, overflow
MD5 | 211c5300388fa1e0595f4ecf7b3ce368
tcpknock-v01.tar.bz
Posted Dec 6, 2006
Authored by ganhawk | Site p2pbridge.sourceforge.net

TCP Knocking provides a port knocking implementation that attempts to solve problems of opening firewalls to provide remote access by incorporating the knock into unused fields in the TCP handshake sequence packets, rather than using UDP packets with secret ports.

tags | tool, remote, udp, scanner, tcp
systems | unix
MD5 | 8bc291b1dd32bdf447aa464742276b8c
floppyfw-3.0.0.img
Posted Dec 6, 2006
Authored by Thomas Lundquist | Site zelow.no

Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the floppy disk version.

Changes: Kernel 2.4.33.3.
tags | tool, firewall
systems | linux
MD5 | 59fac935d433c75eaa5442bee7dfa510
floppyfw-3.0.0.iso
Posted Dec 6, 2006
Authored by Thomas Lundquist | Site zelow.no

Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the ISO version.

Changes: Kernel 2.4.33.3.
tags | tool, firewall
systems | linux
MD5 | 78b97236c4f2afc8d5f776607892ca58
jabgb-xss.txt
Posted Dec 6, 2006
Authored by James Barnsley

JAB Guest Book suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 0d68d0243222cd60d8554a571862e6bf
Mandriva Linux Security Advisory 2006.214
Posted Dec 6, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-5864
MD5 | 217423cbf724de2784e9f414070441dd
fprot-dos.txt
Posted Dec 6, 2006
Authored by Evgeny Legerov | Site gleg.net

Two vulnerabilities in F-Prot Antivirus version 4.6.6 for Unix platforms could allow a remote attacker to cause a denial of service or execute arbitrary code. Exploit included.

tags | exploit, remote, denial of service, arbitrary, vulnerability
systems | unix
MD5 | ae96141504b7e9a401df8956712104e1
Top_10_Ajax_SH_v1.1.pdf
Posted Dec 6, 2006
Authored by Shreeraj Shah

Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".

tags | paper
MD5 | 038020f7d532137619a96c59296463db
Debian Linux Security Advisory 1227-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1227-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, debian
advisories | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748
MD5 | 394551b0027ce326ff0e261531693734
Debian Linux Security Advisory 1226-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1226-1 - Teemu Salmela discovered that the links character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.

tags | advisory, web, arbitrary, shell
systems | linux, debian
advisories | CVE-2006-5925
MD5 | d2a066ec0e4097a655ba7a441467513f
Page 1 of 7
Back12345Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close