Exploit the possiblities
Showing 1 - 25 of 754 RSS Feed

Files Date: 2007-01-01 to 2007-01-31

ohh-indirect-privilege-escalation.pdf
Posted Jan 30, 2007
Authored by David Litchfield | Site ngssoftware.com

Defeating Virtual Private Databases, a chapter from the Oracle Hacker's Handbook.

tags | paper
MD5 | b3c9459470580aece5ec02534708d917
ohh-defeating-vpd.pdf
Posted Jan 30, 2007
Authored by David Litchfield | Site ngssoftware.com

Indirect Privilege Escalation, a chapter from the Oracle Hacker's Handbook.

tags | paper
MD5 | 5346915d186c78932798fb0f283ea09c
OpenPKG Security Advisory 2007.8
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.

tags | advisory, denial of service
advisories | CVE-2007-0347
MD5 | 0b5659d03a1c3f75f54ba3f47f82e56d
cvstrac200-dos.txt
Posted Jan 30, 2007
Authored by Ralf S. Engelschall | Site engelschall.com

A denial of service vulnerability exists in CVSTrac version 2.0.0.

tags | advisory, denial of service
advisories | CVE-2007-0347
MD5 | c6c3dbcb035364359371caa0c802a879
Universal_printer_provider_exploit.zip
Posted Jan 30, 2007
Authored by Andres Tarasco | Site 514.es

Universal exploit for vulnerable EnumPrintersW() calls related to the spooler service. Allows code execution with SYSTEM privileges. Affected includes DiskAccess NFS Client (dapcnfsd.dll version 0.6.4.0), Citrix Metaframe - cpprov.dll, and Novell - nwspool.dll.

tags | exploit, code execution
advisories | CVE-2006-5854
MD5 | 7772176447738b443f1b8706a46460e0
mdpro-sql.txt
Posted Jan 30, 2007
Authored by adexior

MDPro version 1.0.76 suffers from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
MD5 | e894e03ee3be6b21b1b86f63a4c38d29
phorum-xss.txt
Posted Jan 30, 2007
Authored by DoZ | Site hackerscenter.com

Phorum version 5.1.18 is susceptible to cross site scripting attacks.

tags | advisory, xss
MD5 | aeb6051d17c3c1a7d5baac06583990e5
VIINCIS-CFP2007.txt
Posted Jan 30, 2007
Site acis.org.co

Call for papers for the VII National Computer and Information Security Conference ACIS 2007.

tags | paper, conference
MD5 | 270a78691c50072f08fd2756eb4f4e41
OpenPKG Security Advisory 2007.7
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".

tags | advisory, remote, denial of service
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | ef98c338e7f5a017b8877bfeaad6e259
Debian Linux Security Advisory 1254-1
Posted Jan 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1254-1 - It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extensions. Please note that the CVE listed in this advisory is incorrect.

tags | advisory, denial of service
systems | linux, debian
MD5 | b907768273ac2898bec098b21758ca35
MOAB-28-01-2007.rb.txt
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.

tags | exploit, arbitrary, root, ruby
systems | apple
advisories | CVE-2007-0467
MD5 | d2a1cdd08b0f39cc9d815a3572650b30
MOAB-27-01-2007.tgz
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.

tags | exploit, arbitrary, code execution
systems | apple
advisories | CVE-2007-0466
MD5 | 251f0955c2ec6f2f9ea3ea7160b05822
zzuf-0.7.tar.gz
Posted Jan 29, 2007
Authored by Sam Hocevar | Site sam.zoy.org

zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.

tags | fuzzer
MD5 | 234810a9dd47bdfa583f2511335e1fba
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jan 29, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: strongSwan now interoperates with the NCP Secure Entry Client, the Shrew Soft VPN Client, and the Cisco VPN client, doing both XAUTH and Mode Config. UNITY attributes are now recognized and UNITY_BANNER is set to a default string.
tags | kernel, encryption
systems | linux
MD5 | 57427f5b48123851a73b10d78dd4f8d6
advchk-1.03.tar.gz
Posted Jan 29, 2007
Authored by Stephan Schmieder | Site advchk.unixgu.ru

Advchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.

systems | unix
MD5 | 23565c73d10e37efd8a1f834b118b5c9
Writing_nasl_scripts.pdf
Posted Jan 29, 2007
Authored by Hemil Shah

Small whitepaper discussing Nessus and the functions related to writing NASL scripts along with some debugging tips.

tags | paper
MD5 | 36b024263ba35ed9530a0e4f24d249a9
MsgEng.py.txt
Posted Jan 29, 2007
Authored by Winny Thomas

Heap overflow exploit for msgeng.exe in Computer Associates BrightStor ARCserve Backup.

tags | exploit, overflow
MD5 | 007fb8db9780785af6cfbae92d4c03d4
Gentoo Linux Security Advisory 200701-25
Posted Jan 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-25 - Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Versions less than 1.1.1-r4 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
MD5 | 7b32d79997096fb64e0c1d9f92b12c2b
Debian Linux Security Advisory 1253-1
Posted Jan 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1253-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability
systems | linux, debian
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503
MD5 | 71853013fa9f3eebef5078c94aff5f90
lcs11-rfi.txt
Posted Jan 29, 2007
Authored by Tr_ZiNDaN

Local Calendar System version 1.1 suffers from a remote file inclusion flaw.

tags | exploit, remote, local, code execution, file inclusion
MD5 | c1397db7851ddeaef4bb0baff9e654ad
Debian Linux Security Advisory 1252-1
Posted Jan 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1252-1 - Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-0017
MD5 | 50f008dc34116d113f668e55e7928a24
admentor-sql.txt
Posted Jan 29, 2007
Authored by sn0oPy

AdMentor suffers from a SQL injection vulnerability that allows for login bypass.

tags | exploit, sql injection
MD5 | 255ca22fc52604dc52d49c8054b99032
stompy.tgz
Posted Jan 29, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.

tags | web
MD5 | d5f3de170e61b5ec865dfc5d0c1790a1
Ubuntu Security Notice 398-4
Posted Jan 29, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 398-4 - USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504, CVE-2006-6503
MD5 | 2b879bf8f586b2da0b440c0492eac96a
Mandriva Linux Security Advisory 2007.029
Posted Jan 29, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2006-5876
MD5 | 09cffdbfe97db78837e0fc7b847a5448
Page 1 of 31
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close