exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 64 RSS Feed

Files Date: 2007-02-06

Ubuntu Security Notice 418-1
Posted Feb 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 418-1 - A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | 4e27064239e27efad0867437ada801b295703285f25ca38ca440f58e4547cb08
Mandriva Linux Security Advisory 2007.034
Posted Feb 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-0452, CVE-2007-0454
SHA-256 | 79f22ffaa9ce0e3537037b26164de8346063ae90e18bc9ca00754aa260337d75
oracle-sql.txt
Posted Feb 6, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 5da3679527ba84f7b21f36ba7d9b950eca072f5b36d1fd021648d1a4da8fd4c0
geeklog-rfi.txt
Posted Feb 6, 2007
Authored by GolD_M

Geeklog version 2 suffers from a remote file inclusion vulnerability in BaseView.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 020a17a5d039bcd5f6cb9badf8370da0737693fe9553451ebc835e5a1281336f
smadb-rfi.txt
Posted Feb 6, 2007
Authored by The Death

SMA-DB versions 0.3.9 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 51617bc83ceb460927bb96383e952935fb60cd6bc42a7284a233569c1544cdbe
ggcms-exec.txt
Posted Feb 6, 2007
Authored by Kacper | Site rahim.webd.pl

GGCMS versions 1.1.0 RC1 and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 9c4a046334dab11a9dab1b9164db0c1f49ffc786f32fdb20bdfeb3e81412f917
msie6-npd.txt
Posted Feb 6, 2007
Authored by AmesianX

Microsoft Internet Explorer 6 mshtml.dll null pointer derefence exploit.

tags | exploit
SHA-256 | 3d73f7db428d98af7dbd722e320dd226e577a86ac0031666cacc354105d2604a
mina-rfi.txt
Posted Feb 6, 2007
Authored by Gokhan, BLaCKWHITE

Mina Ajans Script suffers from a remote file inclusion flaw.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 8fa8941eb4ca19e4bde94c86e22ee7e00f59884c0e272f5aae02943dce8278b8
Debian Linux Security Advisory 1257-1
Posted Feb 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1257-1 - Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2007-0452, CVE-2007-0454
SHA-256 | 3b833c5f2326b67c9b1aac0c35214a834900e47eb5d521e30655f20b36fdc993
Ubuntu Security Notice 417-1
Posted Feb 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 417-1 - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. Jeff Trout reported that the query planner did not verify that a table was still compatible with a previously made query plan. By using ALTER COLUMN TYPE during query execution, an attacker could exploit this to read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-0555, CVE-2007-0556
SHA-256 | 276efa3f8ae6e6316c21d9bd4a5cc9aad843153f184120b3fde27f02a2123412
iDEFENSE Security Advisory 2007-02-02.t
Posted Feb 6, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to trigger a heap corruption vulnerability. The vulnerability can be triggered by sending an overly long HTTP CONNECT request to WinProxy's HTTP proxy service. iDefense has confirmed this vulnerability in WinProxy 6.1a and 6.0 r1c. All previous versions are suspected vulnerable.

tags | advisory, remote, web
SHA-256 | d2044d04ae53aaf7545b251d93ad6569c3f042b4971c7610071ef2cf8d54ed23
NGS00471.txt
Posted Feb 6, 2007
Authored by Chris Anley | Site ngssoftware.com

Versions of Jetty, the popular java web server, are vulnerable to a session id prediction attack. Jetty uses java.util.Random to generate session ids. The internal state of this generator can be easily discovered, leading to an attacker being able to hijack existing and future sessions. Jetty versions below 4.2.27, 5.1.12, 6.0.2 and 6.1.0pre3 are affected.

tags | advisory, java, web
SHA-256 | c1d988304d1385f3280f2844850635794020da733cf9d0150423c973335069fc
CVE-2007-0454.tgz
Posted Feb 6, 2007
Site samba.org

The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin. This affects Samba versions 3.0.6 through 3.0.23d. Patch included.

tags | advisory
advisories | CVE-2007-0454
SHA-256 | 1b9a5933a61b5ba5816be5b3ed95fee8d77b027e7ccbbe015eab2b33ace3c7f3
CVE-2007-0452.tgz
Posted Feb 6, 2007
Site samba.org

A logic error in the deferred open code can lead to an infinite loop in smbd. This affect Samba versions 3.0.6 through 3.0.23d. Patch included.

tags | advisory
advisories | CVE-2007-0452
SHA-256 | f7857b2a68d7a679f8925c8272b9cc6e79a032b0159f6cba512e0905b3125d31
CVE-2007-0453.tgz
Posted Feb 6, 2007
Authored by Olivier Gay | Site samba.org

Samba versions 3.0.21 through 3.0.23d suffer from a potential overrun in the gethostbyname() and getipnodebyname() in the nss_winbind.so.1 library on Solaris that can potentially allow for code execution. Patch included.

tags | advisory, overflow, code execution
systems | solaris
advisories | CVE-2007-0453
SHA-256 | 25a9b7c50109733111e809ad13bdcb9a8fcd574b275715d781e59adc978d92cf
flashchat478-xss.txt
Posted Feb 6, 2007
Authored by binaryloc | Site binary.copyleftwriting.org

Flashchat versions 4.7.8 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | af9d13bd1320de1c3f19c2229110eb574d95c749be57051c6365edc9eeee3c15
cold-xss.txt
Posted Feb 6, 2007
Authored by digi7al64

The Cold Fusion web server suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | c6134e49f82cb3a72792bf007c285e2438ecca4f849550526c75b89ecbf0f72e
uphotogallery-xss.txt
Posted Feb 6, 2007
Authored by DoZ | Site hackerscenter.com

Uphotogallery version 1.1 is susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 59252f18f2ce50937d9715492ada82d603c7e61eefec55763422383eacaeefa6
dvddb06-rfi.txt
Posted Feb 6, 2007
Authored by Blaster

dvddb version 0.6 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 88703db88496df688d24e0d1cacc0eb44effd92e50a589aa29f366cb36639206
taof-0.3.tgz
Posted Feb 6, 2007
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.3 adds support for fuzzing both TCP and UDP protocols. Moreover, Taof 0.3 aids the monitoring process during fuzzing by the use of an embedded debugger (PyDbg).
tags | protocol, python, fuzzer
SHA-256 | 602cb39c8ea3a3fed659db86b8e125037d32883c0f0f836cb2930f82c109dd9a
xoops2016-sql.txt
Posted Feb 6, 2007
Authored by Omid | Site hackers.ir

Xoops version 2.0.16 core suffers from SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
advisories | CVE-2007-0377
SHA-256 | 34878ea90a9132a807a8e2ad4c09ae99ef0a091018537753850d42a8c96cdbdb
letterman123-sql.txt
Posted Feb 6, 2007
Authored by Omid | Site hackers.ir

Letterman version 1.2.3 suffers from SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
advisories | CVE-2006-6945, CVE-2007-0376, CVE-2007-0382
SHA-256 | 3420c0a7e898fac992969113dfb02a9dfcda84fd50178579165cb6c69c1da9b3
joomla150beta-sql.txt
Posted Feb 6, 2007
Authored by Omid | Site hackers.ir

Joomla! version 1.5.0 Beta suffers from SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-0373, CVE-2007-0374, CVE-2007-0375, CVE-2007-0387
SHA-256 | b7622a565def445ec0da61a9e888f37a0de5e91edaa09b53cb64ab04c7303807
firefox-popup.txt
Posted Feb 6, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.0.9.

tags | advisory, arbitrary
SHA-256 | 84992efa78bb3a3fb28262ec1636137a11f3ea4f0311648432ccd5daf13f4aa1
wps1-rfi.txt
Posted Feb 6, 2007
Authored by rUnViRuS | Site sec-area.com

Wap Portal Server version 1.x suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 918b8f998f6aadbdf4b3b953ea6945b76631821843a635718da845398c7436e7
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close