what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2007-02-08

IMF-CFP-2007.txt
Posted Feb 8, 2007
Authored by IMF Conference 2007 | Site imf-conference.org

IMF 2007 Call For Papers - The International Conference on IT-Incident Management and IT-Forensics invites submissions for IMF 2007 being held from September 11th through 12th.

tags | paper, conference
SHA-256 | 5acdf532e5828b18e7b100807cf2776c6bdb996e25c9b86a8590c81a7633b198
whm-rfi.txt
Posted Feb 8, 2007
Authored by s3rv3r_hack3r

Web Host Manager suffers from a remote file inclusion vulnerability.

tags | exploit, remote, web, code execution, file inclusion
SHA-256 | 47c9dd974147e14d236970558aa967471014a566a515b5d044a6a36d5369707f
syscp1215-exec.txt
Posted Feb 8, 2007
Authored by Florian Lippert | Site syscp.org

The System Control Panel (SysCP) suffers from a flaw that allows an attack the ability to inject and execute any code as root. Versions 1.2.15 and below are affected. Details provided.

tags | exploit, root
SHA-256 | d4d314ebfbad52610661cd6d142591a35a7d3d2f221f7a5692e283190df3104e
Mandriva Linux Security Advisory 2007.040
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4, as well as the 2.6 kernel, does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. The listxattr syscall can corrupt user space under certain circumstances. The problem seems to be related to signed/unsigned conversion during size promotion. The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. The mincore function in the Linux kernel before 2.4.33.6, as well as the 2.6 kernel, does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

tags | advisory, denial of service, kernel, local
systems | linux, mandriva
advisories | CVE-2006-5749, CVE-2006-5753, CVE-2006-6053, CVE-2006-4814
SHA-256 | 3f1e7bc824821ea2b210030bdddf0ed3535f8f6790b69937d9be3fbbb072c5a7
Mandriva Linux Security Advisory 2007.039
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails various portions of the lsb-test-desktop test suite, part of LSB 3.1 certification testing.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2007-0010
SHA-256 | 8583aa630e91420597b34c7857fa9a219acd85c52738faee54f2e873cd96063a
iDEFENSE Security Advisory 2007-02-07.3
Posted Feb 8, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.07.07 - Remote exploitation of a buffer overflow vulnerability within Trend Micro's AntiVirus engine could allow an attacker to crash the scan engine or execute arbitrary code. This vulnerability is caused by improper input validation when scanning specially crafted malformed UPX compressed executables. Memory corruption could occur leading to a invalid memory access or a potentially exploitable condition.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 87c9005d1f957cc6b1cc01ccd27fc8b3c79d0bddcb59beadfa0f77aa31125a0b
iDEFENSE Security Advisory 2007-02-07.2
Posted Feb 8, 2007
Authored by iDefense Labs, Ruben Santamarta | Site idefense.com

iDefense Security Advisory 02.07.07 - Local exploitation of an input validation vulnerability within version 1.5.0.1052 of TmComm.sys as included with Trend Micro's AntiVirus engine could allow an attacker execute arbitrary code in kernel context. This vulnerability specifically exists due to insecure permissions on the \\.\TmComm DOS device interface. The permissions on this device allows "Everyone" write access. This could allow a locally logged in user to access functionality via IOCTLs which was designed for privileged use only. Additionally, the IOCTL handlers for this DOS device interface do not validate addresses passed to them. As such, it is possible to overwrite arbitrary memory or execute attacker-supplied code in the context of the kernel (RING 0).

tags | advisory, arbitrary, kernel, local
SHA-256 | 47e891511817c6191b842e3d5cab713abafda306c646da3189ce8577d7ead857
iDEFENSE Security Advisory 2007-02-07.1
Posted Feb 8, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.07.07 - Remote exploitation of a stack based buffer overflow vulnerability in RARLabs Unrar may allow an attacker to execute arbitrary code with the privileges of the user opening the archive. Unrar is prone to a stack based buffer overflow when processing specially crafted password protected archives. iDefense has confirmed the existence of this vulnerability in version 3.60 for Linux and 3.61 for Windows. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, windows
SHA-256 | 8800578fae7c8c5cccbd56b8a8f2a61648ea03be6c8fc31630068178678c7bd1
xlnc-rfi.txt
Posted Feb 8, 2007
Authored by Gokhan

XLNC1 Radio Classical Music Nuke Portal suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | e81b1cbcdc6ba40874821ac11d60b80013eba4ba8e9a457dc6841e7d52894825
Debian Linux Security Advisory 1258-1
Posted Feb 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1258-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox.

tags | advisory
systems | linux, debian
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503
SHA-256 | 639b4c0e2e1d962db6e58534946aa92e5691656a4c7a1a132db05de3020e2cae
exploit_alipay_vul.rar
Posted Feb 8, 2007
Authored by cocoruder | Site ruder.cdut.net

Demonstration exploit for a remote code execution vulnerability in Alipay's password input control "pta.dll".

tags | exploit, remote, code execution
SHA-256 | 8f3a0ae3fc3e5c1705315ff8dbc5dd8f8346ab8d35e84c9e90bdb2227a8ce770
alibaba-exec.txt
Posted Feb 8, 2007
Authored by cocoruder | Site ruder.cdut.net

A remote code execution vulnerability in Alipay's password input control "pta.dll" allows a remote attacker the ability to take complete control of the affected system.

tags | advisory, remote, code execution
SHA-256 | 53a11841b90cc60be21d85cb1e923255a3f54b83a76ff9ef3a462057f7747e9c
NDSA20070206.txt.asc
Posted Feb 8, 2007
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20070206) - The FreeProxy HTTP proxy server suffers from a denial of service condition which causes the server to hang. This occurs when an attacker makes a request for the hostname/portnumber combination in use by the server itself.

tags | advisory, web, denial of service
SHA-256 | c7b12f6799051d5027341db08ed250fa1d21493fba113dbb006a7fc84bbdda28
Ubuntu Security Notice 417-2
Posted Feb 8, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 417-2 - USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | bdf06d0e455510a394e29a85f4918f980b1575313c7778897783270c3a618c48
mne-rfi.txt
Posted Feb 8, 2007
Authored by Blaster, Gokhan

MySQLNewsEngine suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | a1352d82ae441004360c2a10e72b88627de6aa3b03b5ba5275b00cc518d0919c
agermenu-rfi.txt
Posted Feb 8, 2007
Authored by GolD_M

AgerMenu version 0.01 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 34b4dc7e1a94118d26c9c29d3c3f812afae1ef2db9444871267d748ef5dcf0ae
webmatic-rfi.txt
Posted Feb 8, 2007
Authored by MadNet

WebMatic versions 2.6 suffers from a remote file inclusion vulnerability in index_album.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 6a61e184322c0062700965c236178a156a7a13dd14e80d5339ed593408875447
ap205-gen.txt
Posted Feb 8, 2007
Authored by diwou

Advanced Poll versions 2.0.5-dev and below remote admin session generation exploit.

tags | exploit, remote
SHA-256 | e6cf714dfd7abb5e1fc7873e41a9ae17e76faa258a9f3cdfc39aa664ac159fe5
otscms-multi.txt
Posted Feb 8, 2007
Authored by GregStar | Site c4f.pl

OTSCMS version 2.1.5 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 0565f561bef62cdc8351a4435fbf79816311b335df5eff1de7171a29f225e829
maian-rfi.txt
Posted Feb 8, 2007
Authored by Denven

Maian Recipe version 1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 0d73f9ccb38e3eeca9e28a978c76404bc3996e8a1b0ff0819b503264147ebfb6
lightro-rfi.txt
Posted Feb 8, 2007
Authored by ajann

LightRO CMS version 1 beta suffers from a remote file inclusion vulnerability in inhalt.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 270f4e58bdac1ef845bc43b4c1b29b2a53d69063255d592528bd31d8061aac75
02062007-raptor_winudf.tgz
Posted Feb 8, 2007
Authored by Marco Ivaldi

This is a MySQL backdoor kit for Windows based on the UDFs (User Defined Functions) mechanism. It can be used to spawn a reverse shell (netcat UDF on port 80/tcp) or to execute single OS commands (exec UDF). Tested on MySQL 4.0.18-win32 (running on Windows XP SP2), MySQL 4.1.22-win32 (running on Windows XP SP2), MySQL 5.0.27-win32 (running on Windows XP SP2).

tags | exploit, shell, tcp
systems | windows
SHA-256 | 15313890177e90628311c6c464cf5a183ed19e89a0eb0fae3370dd041b770aea
Mandriva Linux Security Advisory 2007.038
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. PHP uses an embedded copy of GD and may be susceptible to the same issue.

tags | advisory, remote, denial of service, overflow, arbitrary, local, php
systems | linux, mandriva
advisories | CVE-2006-6383, CVE-2007-0455
SHA-256 | 20bd43ac9ea3ba7f56ad433b0486fe65759e84d86c4a41734fbc2d70733c5101
Mandriva Linux Security Advisory 2007.037
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this. As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-0555, CVE-2007-0556
SHA-256 | 8ba13b500368cd9f0de2fc453f06366e7735626f388086f0770d74d75a357737
Mandriva Linux Security Advisory 2007.036
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Libwmf uses an embedded copy of the gd source and may also be affected by this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-0455
SHA-256 | 3ccb8f4b2f9c4ee4a6b8b26adeb9496f9c74bfdda291175576d8232aa18da431
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close