exploit the possibilities
Showing 1 - 25 of 64 RSS Feed

Files Date: 2007-02-06

Ubuntu Security Notice 418-1
Posted Feb 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 418-1 - A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | 41abac30121fdc265f3ded01646f1ed8
Mandriva Linux Security Advisory 2007.034
Posted Feb 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-0452, CVE-2007-0454
MD5 | 49db2b01127faff68ad720c66cf9ff4e
oracle-sql.txt
Posted Feb 6, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL injection exploit.

tags | exploit, sql injection
MD5 | e8c1ad7a358b928402e6586d17beed9f
geeklog-rfi.txt
Posted Feb 6, 2007
Authored by GolD_M

Geeklog version 2 suffers from a remote file inclusion vulnerability in BaseView.php.

tags | exploit, remote, php, code execution, file inclusion
MD5 | 470d022ae9e8d3b12a21f75b7646d444
smadb-rfi.txt
Posted Feb 6, 2007
Authored by The Death

SMA-DB versions 0.3.9 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 441af94cfc1ebd96005287e2cb3fe8bc
ggcms-exec.txt
Posted Feb 6, 2007
Authored by Kacper | Site rahim.webd.pl

GGCMS versions 1.1.0 RC1 and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 9dae554301470c962ca6eba2be65dc62
msie6-npd.txt
Posted Feb 6, 2007
Authored by AmesianX

Microsoft Internet Explorer 6 mshtml.dll null pointer derefence exploit.

tags | exploit
MD5 | 471fa4258ccebe6eb43a24994ad5b1c9
mina-rfi.txt
Posted Feb 6, 2007
Authored by Gokhan, BLaCKWHITE

Mina Ajans Script suffers from a remote file inclusion flaw.

tags | exploit, remote, code execution, file inclusion
MD5 | 5ae593b038727e080e79ad0c61c927fc
Debian Linux Security Advisory 1257-1
Posted Feb 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1257-1 - Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2007-0452, CVE-2007-0454
MD5 | 716b84149699e209c03b2728d1f47a6b
Ubuntu Security Notice 417-1
Posted Feb 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 417-1 - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. Jeff Trout reported that the query planner did not verify that a table was still compatible with a previously made query plan. By using ALTER COLUMN TYPE during query execution, an attacker could exploit this to read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-0555, CVE-2007-0556
MD5 | 94784312b719d3d0d5857d0ebe86a78f
iDEFENSE Security Advisory 2007-02-02.t
Posted Feb 6, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to trigger a heap corruption vulnerability. The vulnerability can be triggered by sending an overly long HTTP CONNECT request to WinProxy's HTTP proxy service. iDefense has confirmed this vulnerability in WinProxy 6.1a and 6.0 r1c. All previous versions are suspected vulnerable.

tags | advisory, remote, web
MD5 | 952bc9a9e5539510beb9c556c2a4e22b
NGS00471.txt
Posted Feb 6, 2007
Authored by Chris Anley | Site ngssoftware.com

Versions of Jetty, the popular java web server, are vulnerable to a session id prediction attack. Jetty uses java.util.Random to generate session ids. The internal state of this generator can be easily discovered, leading to an attacker being able to hijack existing and future sessions. Jetty versions below 4.2.27, 5.1.12, 6.0.2 and 6.1.0pre3 are affected.

tags | advisory, java, web
MD5 | 4bdbaba8ee24eb86cc078feb1cda8988
CVE-2007-0454.tgz
Posted Feb 6, 2007
Site samba.org

The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin. This affects Samba versions 3.0.6 through 3.0.23d. Patch included.

tags | advisory
advisories | CVE-2007-0454
MD5 | eccb0d5eb64aff39de90329ce4125dc9
CVE-2007-0452.tgz
Posted Feb 6, 2007
Site samba.org

A logic error in the deferred open code can lead to an infinite loop in smbd. This affect Samba versions 3.0.6 through 3.0.23d. Patch included.

tags | advisory
advisories | CVE-2007-0452
MD5 | f0ba91b5de2d60182956874ec84f0bc6
CVE-2007-0453.tgz
Posted Feb 6, 2007
Authored by Olivier Gay | Site samba.org

Samba versions 3.0.21 through 3.0.23d suffer from a potential overrun in the gethostbyname() and getipnodebyname() in the nss_winbind.so.1 library on Solaris that can potentially allow for code execution. Patch included.

tags | advisory, overflow, code execution
systems | solaris
advisories | CVE-2007-0453
MD5 | 9d2e2d59f2d09444848d5da2e098f6be
flashchat478-xss.txt
Posted Feb 6, 2007
Authored by binaryloc | Site binary.copyleftwriting.org

Flashchat versions 4.7.8 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 4851dfa6101a9dece739c308ff55eac4
cold-xss.txt
Posted Feb 6, 2007
Authored by digi7al64

The Cold Fusion web server suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | d78f55d5a50dac30d925e2e8ed4887e8
uphotogallery-xss.txt
Posted Feb 6, 2007
Authored by DoZ | Site hackerscenter.com

Uphotogallery version 1.1 is susceptible to cross site scripting attacks.

tags | exploit, xss
MD5 | 25b2d4fb2ceb3bdd1a1217cd8a5eb8e2
dvddb06-rfi.txt
Posted Feb 6, 2007
Authored by Blaster

dvddb version 0.6 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 8343150180711339de7f65fcc3b2387d
taof-0.3.tgz
Posted Feb 6, 2007
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.3 adds support for fuzzing both TCP and UDP protocols. Moreover, Taof 0.3 aids the monitoring process during fuzzing by the use of an embedded debugger (PyDbg).
tags | protocol, python, fuzzer
MD5 | 32c86c5f27a66aa583f0b2ce1534afcc
xoops2016-sql.txt
Posted Feb 6, 2007
Authored by Omid | Site hackers.ir

Xoops version 2.0.16 core suffers from SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
advisories | CVE-2007-0377
MD5 | 7ed3a02ad16d0cbe197e02cdb9c1dcbd
letterman123-sql.txt
Posted Feb 6, 2007
Authored by Omid | Site hackers.ir

Letterman version 1.2.3 suffers from SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
advisories | CVE-2006-6945, CVE-2007-0376, CVE-2007-0382
MD5 | 382ae62c702c63fc770055681b537554
joomla150beta-sql.txt
Posted Feb 6, 2007
Authored by Omid | Site hackers.ir

Joomla! version 1.5.0 Beta suffers from SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-0373, CVE-2007-0374, CVE-2007-0375, CVE-2007-0387
MD5 | f0b549c795cc857b5396c7e260d8e5ba
firefox-popup.txt
Posted Feb 6, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.0.9.

tags | advisory, arbitrary
MD5 | 539edaff52bc57444bea4293420707f2
wps1-rfi.txt
Posted Feb 6, 2007
Authored by rUnViRuS | Site sec-area.com

Wap Portal Server version 1.x suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 70f73f01bf017c31dd3c134d0efd17ca
Page 1 of 3
Back123Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    34 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close