what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 162 RSS Feed

Files Date: 2006-12-06

barracude-uulib.txt
Posted Dec 6, 2006
Authored by Jean-Sebastien Guay-Leroux

Further research has been performed against the Barracuda Convert-UUlib library buffer overflow.

tags | advisory, overflow
advisories | CVE-2005-1349
SHA-256 | f6951b1ebcbd690adceae17e1c1dfc054bf9a724c4c9727d2dd586cd08c7292f
pirana-0.3.1.tar.gz
Posted Dec 6, 2006
Authored by Jean-Sebastien Guay-Leroux | Site guay-leroux.com

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA's goal is to test whether or not any vulnerability exists on the content filtering platform.

Changes: Added uulib exploitation module and bindshell type of shellcode. Cleanup in the exploit codes. Modifications to the manpage, how the shellcode generator was called, and the README.
systems | unix
SHA-256 | 4f4bf22a3446dcede66d3f4fc60bfd1cdac5e6fd174c4f6f682bbdf405cdca09
Debian Linux Security Advisory 1228-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1228-1 - Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.

tags | advisory, web, arbitrary, shell
systems | linux, debian
advisories | CVE-2006-5925
SHA-256 | e1f2cf0b745dc84e94b07a769ffacfbeca83f0f01fcf41c0d6a909221bc0f2df
HP Security Bulletin 2006-12.67
Posted Dec 6, 2006
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a denial of service.

tags | advisory, remote, denial of service, shell
systems | hpux
advisories | CVE-2006-0225, CVE-2006-4924
SHA-256 | a63c3adb81a7a6e1cbb3e069c7b5ae7ff1aa4ff929852b66154ad2e582fa94bd
CYBSEC-Arbitrary.txt
Posted Dec 6, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.

tags | advisory, web
SHA-256 | 992d1c3e589ee06443567d8375401c73114e94090b39202776695427f219875f
CYBSEC-SAP-IGS.txt
Posted Dec 6, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.

tags | advisory
SHA-256 | a54d1cedef3e5d18339a313268d765c9d82972cf5f13660663dec05e76e801b6
snort-covert.txt
Posted Dec 6, 2006
Authored by fryxar

Snort patch based on the "tcpstatflow" tool and written to be compiled with snort-2.6.1.1 using the stream4 preprocessor. It is designed to detect traffic that is not HTTP / HTTPS / FTP / SMTP, with a reasonable margin of error.

tags | tool, web, sniffer
SHA-256 | 3e7d1c6ba3cd8817eff4ec346d0ef9b08d438b4e3d0085d7760509a1fd878e23
KDE Security Advisory 2006-12-04.1
Posted Dec 6, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2006-6120
SHA-256 | 5e616116d126762e0386e401b5ffeb2270a95ffca025fe458d9dd87fc7b1f07b
TSRT-06-14.txt
Posted Dec 6, 2006
Site tippingpoint.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities. Versions below 5.2.9 and below 5.3.4 are affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2006-5855
SHA-256 | b6409e103665027e1bbc1a0f81c4db6a199f6fa4adf5dc912c78d0039687c485
Ubuntu Security Notice 392-1
Posted Dec 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 392-1 - A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-6172
SHA-256 | 3f0af71c62a72c504b2c28651e5b1a81ce95ac569333fbdbe2d3f2e01d1de107
Ubuntu Security Notice 391-1
Posted Dec 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 391-1 - A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-4514
SHA-256 | 929b269c10f07d7786858ef7e0831a23174f1d6b61610c015938ae38155df102
snmpcheck-1.6.txt
Posted Dec 6, 2006
Authored by Matteo Cantoni | Site nothink.org

snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD and Windows (Cygwin) systems.

tags | tool, scanner, protocol
systems | cisco, linux, windows, unix, solaris, bsd, hpux
SHA-256 | d761829bf0e54681d7f7286dc9fdb8136fc370c218b85024b7c22a2e209970ca
mowdbb.txt
Posted Dec 6, 2006
Authored by ScReAmDz

mowdBB RC-6 suffers from a cross site scripting flaw.

tags | exploit, xss
SHA-256 | f86cea861786bd96984df6e5f0de48a23fdd58a719a9e85b75f29a07cefbfac6
envolution.txt
Posted Dec 6, 2006
Authored by Kacper | Site rahim.webd.pl

Remote code execution exploit for Envolution versions 1.1.0 and below.

tags | exploit, remote, code execution
SHA-256 | d7ea55d503f25ce48922e6071a8bf9c486ef31458e649719a55850f0f48111a5
blazevideo.txt
Posted Dec 6, 2006
Authored by Greg Linares

BlazeVideo HDTV Player versions 2.1 and below malformed PLF buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | e14fc20ba2561606a692242387bab8938d4ac558a312d0f056e02d6364ffafdb
atftp.txt
Posted Dec 6, 2006
Authored by acaro, Qixu Liu

AT-TFTP version 1.9 and below remote buffer overflow exploit that makes use of long filenames.

tags | exploit, remote, overflow
SHA-256 | 3c055612e0d3fc3c594e459088e2ca19c7013d09596cc2b275be81d1dd9fdf14
tcpknock-v01.tar.bz
Posted Dec 6, 2006
Authored by ganhawk | Site p2pbridge.sourceforge.net

TCP Knocking provides a port knocking implementation that attempts to solve problems of opening firewalls to provide remote access by incorporating the knock into unused fields in the TCP handshake sequence packets, rather than using UDP packets with secret ports.

tags | tool, remote, udp, scanner, tcp
systems | unix
SHA-256 | e6853f592b09665053445d9ae0240ffcee7a2a8cf03115caa0daebc05b209b9a
floppyfw-3.0.0.img
Posted Dec 6, 2006
Authored by Thomas Lundquist | Site zelow.no

Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the floppy disk version.

Changes: Kernel 2.4.33.3.
tags | tool, firewall
systems | linux
SHA-256 | 5b3dcb5bdbad187b52f13220163511aec5af3bc3b26406eabfd7ac74e68b929e
floppyfw-3.0.0.iso
Posted Dec 6, 2006
Authored by Thomas Lundquist | Site zelow.no

Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the ISO version.

Changes: Kernel 2.4.33.3.
tags | tool, firewall
systems | linux
SHA-256 | 2836e68291e1bf8f69d6babae8b3fccc0e43eefbe3657e14e4b1283ef2e95090
jabgb-xss.txt
Posted Dec 6, 2006
Authored by James Barnsley

JAB Guest Book suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | de73cbd93e53f5680513b090ea1341071a7a29d9f6fe4d905318c56216a00d0b
Mandriva Linux Security Advisory 2006.214
Posted Dec 6, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-5864
SHA-256 | b0a8590ea11ba4afad9185f0a981496234a1d44af2df33534e836aa6a73fd319
fprot-dos.txt
Posted Dec 6, 2006
Authored by Evgeny Legerov | Site gleg.net

Two vulnerabilities in F-Prot Antivirus version 4.6.6 for Unix platforms could allow a remote attacker to cause a denial of service or execute arbitrary code. Exploit included.

tags | exploit, remote, denial of service, arbitrary, vulnerability
systems | unix
SHA-256 | 226cbefa040587fac72452eb5aa3327444b503a468263378f2fc442655fea874
Top_10_Ajax_SH_v1.1.pdf
Posted Dec 6, 2006
Authored by Shreeraj Shah

Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".

tags | paper
SHA-256 | 1ed5c65dfd0826c823dfd1a9f124b537e561dd5ffcc62aee60d328f4953f93ef
Debian Linux Security Advisory 1227-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1227-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, debian
advisories | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748
SHA-256 | 5050bcb7d102f7e9246310110557a762f337740a07b1e1485cdcae55b3c42379
Debian Linux Security Advisory 1226-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1226-1 - Teemu Salmela discovered that the links character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.

tags | advisory, web, arbitrary, shell
systems | linux, debian
advisories | CVE-2006-5925
SHA-256 | 663357653cd8e772e98a4eaf6f33bbb444e0a01338c6bbdc50cec7955ddea496
Page 1 of 7
Back12345Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close