exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files Date: 2007-01-16

uninformed-vol6.tgz
Posted Jan 16, 2007
Authored by Matt Miller, H D Moore, Johnny Cache, Skywing, uninformed | Site uninformed.org

Uninformed is pleased to announce the release of its sixth volume. This volume includes 3 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: Subverting PatchGuard Version 2, Engineering in Reverse: Locreate: An Anagram for Relocate, Exploitation Technology: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows. PDFs of all articles and related code are included in this tarball.

tags | vulnerability
systems | windows
SHA-256 | 77ce1bc8aec65cc4a56356bef955197cab0127a53332ee6046b934865b61016f
Mandriva Linux Security Advisory 2007.016
Posted Jan 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2006-5687
SHA-256 | 9ae09d57d9ff020d864b9569e5e17e2aea52648d89cd2e3b9c47ad4148760743
Mandriva Linux Security Advisory 2007.015
Posted Jan 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the second or third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

tags | advisory, remote, arbitrary, php, sql injection
systems | linux, mandriva
advisories | CVE-2006-6799
SHA-256 | 4180b3cd621c2af8f68cb6c5a6db1d83b0ba017cc150b6ba8ebb8560e34ecd00
Mandriva Linux Security Advisory 2007.014
Posted Jan 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2006-6899
SHA-256 | a2153161375c85054b2a297202b2fcf5ecab050726d6e7fa45843826bc04e926
Gentoo Linux Security Advisory 200701-10
Posted Jan 16, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-10 - When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in wp-login.php based upon whether or not a user exists. David Kierznowski has discovered that WordPress fails to properly sanitize recent file information in /wp-admin/templates.php before sending that information to a browser. Versions less than 2.0.6 are affected.

tags | advisory, php
systems | linux, gentoo
SHA-256 | 34d7811644496094a6c2edd78e8abb4236900b727cb2a882654ec92cd37f45d0
zzuf-0.5.tar.gz
Posted Jan 16, 2007
Authored by Sam Hocevar | Site sam.zoy.org

zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.

tags | fuzzer
SHA-256 | 98f5d6e5a7a64acc331add2e90596b43b28c32d0427c68c52bbea20a8ac79aae
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jan 16, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support for extended authentication (XAUTH) in combination with ISAKMP Main Mode RSA or PSK authentication. Both client and server side were implemented. Handling of user credentials can be done by a run-time loadable XAUTH module. By default user credentials are stored in ipsec.secrets. Mixed PSK/RSA authentication is now possible between two hosts with static IP addresses.
tags | kernel, encryption
systems | linux
SHA-256 | e8e5c1a42f50d0f03956b41bf1c59ba561b1b34b46407fe8f71b1df6c0b23d6b
Debian Linux Security Advisory 1249-1
Posted Jan 16, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1249-1 - Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation or denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2006-6101, CVE-2006-6102, CVE-2006-6103
SHA-256 | ed5d69ac62299e4332a836ee6f8b8eb2430a4754a55340e4c65197ed22882f54
tftpdwin042.txt
Posted Jan 16, 2007
Authored by acaro

TFTPDWIN version 0.4.2 remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | e724fe199ca4d5e5a07bb6f90f052bc00ca8afcef913ba5252f577b1d730625d
mercur-imap.txt
Posted Jan 16, 2007
Authored by acaro

Mercur Messaging 2005 IMAP remote buffer overflow exploit.

tags | exploit, remote, overflow, imap
SHA-256 | 649b1fde3c13ae9c52cbaf05b122cbce2c70938b002e95398d2969941beb60c1
kgb19-lfi.txt
Posted Jan 16, 2007
Authored by Kacper | Site rahim.webd.pl

KGB versions 1.9 and below local file inclusion exploit that makes use of sesskglogadmin.php.

tags | exploit, local, php, file inclusion
SHA-256 | 8fd9be6f9157e3b2d3cd4d5abe0b1a4335159f2899aff72be8ebfeacbdb7ee00
kav60-escalate.txt
Posted Jan 16, 2007
Authored by m4d | Site unl0ck.net

Kaspersky Antivirus version 6.0 local privilege escalation exploit.

tags | exploit, local
SHA-256 | 0ee25edafeac4992843e0e61d1ebbd53e92782b9e400cda1b22adb5b293b1336
Gentoo Linux Security Advisory 200701-9
Posted Jan 16, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-09 - By specifying an unsupported address family in the arguments to a LPRT or LPASV command, an assertion in oftpd will cause the daemon to abort. Versions less than 0.3.7-r3 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | ef53f91d6a7b1104a098f8055a68effccfa5d3bcb56b5ca6f79cd36da9f4a3bc
outpost40-vuln.txt
Posted Jan 16, 2007
Site matousec.com

A self-protection bypass flaw exists in Outpost Firewall PRO 4.0.

tags | advisory
SHA-256 | 44ee0d70984d6bd9e8c3c0843c736d1b59d27e20f90e5834ce3c05f717480280
BTP00003P004AO.zip
Posted Jan 16, 2007
Site matousec.com

Demonstration exploit code for a self-protection bypass flaw that exists in OutPost Firewall PRO 4.0.

tags | exploit
SHA-256 | f8d92e16dd5182d877773729fadd8b36131a15097314c886a3aecef90393eb14
Ubuntu Security Notice 409-1
Posted Jan 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 409-1 - Federico L. Bossi Bonin discovered a Denial of Service vulnerability in ksirc. By sending a special response packet, a malicious IRC server could crash ksirc.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2006-6811
SHA-256 | a055491065ea57f4b04c1ced3f58041f349e3f872ae274f4be0a15d5fe648853
Ubuntu Security Notice 408-1
Posted Jan 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 408-1 - The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2006-6143
SHA-256 | e079b7c7e47961cfa7ff2d1f16f02981d8f6e75fcf8965a3c0ce46723b5c0d19
remedy-enumerate.txt
Posted Jan 16, 2007
Authored by Davide Del Vecchio

Remedy Action Request System 5.01.02 Patch 1267 suffers from a user enumeration flaw.

tags | advisory
SHA-256 | c91485e8cd570f655024b88b05b5b416846fdf3d0c5163d1c561286d9a1907f4
okul-sql.txt
Posted Jan 16, 2007
Authored by Ilker Kandemir

Okul Web Otomasyon Sistemi suffers from a SQL injection vulnerability.

tags | exploit, web, sql injection
SHA-256 | 47a4e0f2901ef6e13d17d86cbf36f3f79a7072f8ffdb33fbe74c86c3a8333c7d
Ubuntu Security Notice 407-1
Posted Jan 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 407-1 - Liu Qishuai discovered a buffer overflow in the /proc parsing routines in libgtop. By creating and running a process in a specially crafted long path and tricking an user into running gnome-system-monitor, an attacker could exploit this to execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
SHA-256 | e49b9c73115df920c7d5ebf0e8cb10f2139db11ddbfee899f0f6a00cbbf7c718
oraclepasswords.pdf
Posted Jan 16, 2007
Authored by Paul Wright | Site ngssoftware.com

New Oracle Security Paper - How to secure Oracle passwords from rainbow tables and new password cracking patches. Also includes a free audit tool called OraBrute to brute force SYS AS SYSDBA in order to check that it has been secured. Unfortunately by default it is not but can be secured by following this papers recommendations.

tags | paper
SHA-256 | d01676e8a88e2d6cb26473a80fe847d360a18ce0fbd1a995aafac93055168522
rixstep_pwnage.c
Posted Jan 16, 2007
Authored by Rixstep Pwned

Rixstep arbitrary file overwrite exploit.

tags | exploit, arbitrary
SHA-256 | 9eccd9f6dbf175ad8c92a11eec4ec5a4f5a636c5041c9cd9055c82b5272d114e
instant-xss.txt
Posted Jan 16, 2007
Authored by DoZ | Site hackerscenter.com

InstantForum.NET software suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a9b9988870599cedd07c45eec8acea3df97550383969d1264ea4e50742c8196f
jax-rfi.txt
Posted Jan 16, 2007
Authored by Ilker Kandemir

Jax Petition Book suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 9b42b3b3cfe94c714c9dd6af4bdb4c8559d623a5ff9a1d79eb73f54ba67e79e0
wcsimple-disclose.txt
Posted Jan 16, 2007
Authored by Ilker Kandemir

wcSimple Poll allows for a direct download of the system password.

tags | exploit, info disclosure
SHA-256 | 8e4a72d51348e823a4d46315d5353c268eaeda5c471b1e97131f65f4ddfc412c
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close