what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 72 RSS Feed

Files Date: 2007-02-14

Debian Linux Security Advisory 1260-1
Posted Feb 14, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1260-1 - Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective.

tags | advisory
systems | linux, debian
advisories | CVE-2007-0770
SHA-256 | aa765e35bfdb110955bbb705eadfd520de8170552327d53417c194a5f414cad3
Debian Linux Security Advisory 1259-1
Posted Feb 14, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1259-1 - Isaac Wilcox discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2006-5867
SHA-256 | c60bdd36c32a73ec0793bd760ad373fbc9341b987529b19badf093420add44fe
Cisco Security Advisory 20070214-fwsm
Posted Feb 14, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Firewall Services Module (FWSM). These vulnerabilities occur in the processing of specific Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), Session Initiation Protocol (SIP), and Simple Network Management Protocol (SNMP) traffic. If verbose logging is enabled for debugging purposes, a vulnerability exists when the FWSM processes packets destined to itself. All of these vulnerabilities may result in a reload of the device. An additional vulnerability is included in this advisory in which the manipulation of access control lists (ACLs) that make use of object groups may corrupt the ACL and create a situation where unwanted traffic may be permitted or desirable traffic may be blocked.

tags | advisory, web, vulnerability, protocol
systems | cisco
SHA-256 | ffbdee2e2df1c95386813f4b5df5bdee58d2eda35f1e59c5085488098a4ab9bb
lotus.sh.txt
Posted Feb 14, 2007
Authored by Marco Ivaldi

Lotus Domino versions R6 and below Webmail remote password hash dumper exploit.

tags | exploit, remote
SHA-256 | ad22d459010ddc2813609f50832c4ec30e103ff1c2e8748027b6e972b7278f8f
openssh-timing.txt
Posted Feb 14, 2007
Authored by Marco Ivaldi

Portable OpenSSH versions 3.6.1p-PAM / 4.1-SUSE and below timing attack exploit.

tags | exploit
systems | linux, suse
SHA-256 | f25691280caf5c0610c2c430c5e76c98a08e326e070c34a498599bbe58fdb48f
Cisco Security Advisory 20070214-pix
Posted Feb 14, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities have been found in Cisco PIX 500 Series Security Appliances and the Cisco ASA 5500 Series Adaptive Security Appliances. They affect enhanced inspection of Malformed Hypertext Transfer Protocol (HTTP) traffic, inspection of malformed Session Initiation Protocol (SIP) packets, inspection of a stream of malformed Transmission Control Protocol (TCP) packets, and privilege escalation.

tags | advisory, web, tcp, vulnerability, protocol
systems | cisco
SHA-256 | 8167feaea4e52bdf8cc4dfe4e381154dc1507696ef8d8b36ae4361e623cd4510
12070214.txt
Posted Feb 14, 2007
Authored by DarkFig | Site acid-root.new.fr

Jupiter CMS version 1.1.5 suffers from multiple vulnerabilities including SQL injection, cross site scripting, local and remote file inclusion, and more. I think it should be a do-over.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 29e4e1338ce8216c5004ac09b14b7abd2b0eea6f1b8b9af2df13bcfda27ab063
webtester-sqlxss.txt
Posted Feb 14, 2007
Authored by Moran Zavdi | Site vigilon.com

WebTester versions 5.0.20060927 and below suffer from SQL injection and cross site scripting flaws.

tags | advisory, xss, sql injection
SHA-256 | e072f5af00a163f6288185a2212762ff0cd963b7b81dcc1a25cd51da6caf7e74
HP Security Bulletin 2006-12.33
Posted Feb 14, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ARPA transport. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).

tags | advisory, denial of service, local
systems | hpux
SHA-256 | 55dff529c8ef517e31a1991a7cdccfc61e23e35d42ff73562762cab1f40764ef
HP Security Bulletin 2007-13.2
Posted Feb 14, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running SLSd. The vulnerability could be exploited by a remote unauthorized user to create arbitrary files leading to root access.

tags | advisory, remote, arbitrary, root
systems | hpux
SHA-256 | 3f718e1378fd6f2413e83eaa4cb427097d432fd050e954c73ff2c3d7fe959fe4
secunia-mailenable-xss.txt
Posted Feb 14, 2007
Authored by JJ Reyes | Site secunia.com

Secunia Research has discovered some vulnerabilities in MailEnable Web Mail Client, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. MailEnable Professional Edition 2.351 is affected. Other versions may also be affected.

tags | advisory, web, vulnerability, xss, csrf
advisories | CVE-2007-0651, CVE-2007-0652
SHA-256 | fb4fcc8670e75296e9a154f415cc4bef6be8cace7506203c92a9bec17712698c
maildisable-v7.pl.txt
Posted Feb 14, 2007
Authored by mu-b

MailEnable Pro/Enterprise version 2.37 proof of concept exploit that makes use of an out of bounds memory read in the NTLM authentication routines.

tags | exploit, proof of concept
SHA-256 | 8232149536e1a3a79572b4f8e18e033b75359eb3dae51b2236c5f1c0d6873713
maildisable-v5.pl.txt
Posted Feb 14, 2007
Authored by mu-b

MailEnable Pro/Enterprise versions below 2.351 proof of concept exploit that makes use of an out of bounds memory read in the NTLM authentication routines.

tags | exploit, proof of concept
SHA-256 | 0eb226440d272dd7b50d84b1d0e45df785d10d57377fc564492aed8c271a5494
Nikto Web Scanner 1.36
Posted Feb 14, 2007
Authored by Sullo | Site cirt.net

Nikto is a perl open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2400 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.

Changes: Nikto 1.36 has been released. This version adds a new option for setting a 404 string from the command line, a new plugin to test PUT/DELETE methods, new header checks and obligatory bug fixes.
tags | remote, web, local, cgi, perl, vulnerability
systems | unix
SHA-256 | e53a16d73c9ed116b1f771b1da3a606aa16b6322b50463730c14ed0ccecb3bb3
iDEFENSE Security Advisory 2007-02-13.2
Posted Feb 14, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.13.07 - Remote exploitation of a design error within Hewlett-Packard's "SLSd" daemon could allow an attacker to execute privileges as the superuser. The problem specifically exists due to a design error within the "SLSd_daemon" RPC daemon that provides connectivity between the distributed systems. This daemon registers itself under the RPC PROGID of 536870913 or 351456, depending on the HP-UX version. By sending a specially crafted request, the daemon will write attacker supplied data to an arbitrary file as the superuser. iDefense has confirmed the existence of this vulnerability within the "SLSd_daemon" binary as shipped with HP-UX 11.11i and 10.20. All versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary
systems | hpux
SHA-256 | 5d966ffbfa9606e8285b6e8431b6e6159a78119177ab10f3baecfe0340ab61d3
mscbo-overflow.txt
Posted Feb 14, 2007
Authored by Brett Moore SA

Microsoft Interactive Training suffers from a buffer overflow vulnerability when accessing files with .cbo extensions.

tags | advisory, overflow
SHA-256 | ea92dd141ee858165b4262471ac6a3e5cdc1e188ccf30be4703e290ce93ca574
ruined-0.6.tar.gz
Posted Feb 14, 2007
Authored by toady | Site ruined.sourceforge.net

Ruined "Ruby Iptables NEtwork Displayer" draws a svg from your Linux IP tables generated from "iptables-save".

tags | tool, firewall, ruby
systems | linux
SHA-256 | efc430a244fbf3c9251d627309f0d9be3caa71360a9a9654f689e24cbd1be3dd
Clam AntiVirus Toolkit 0.90
Posted Feb 14, 2007
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Various bug fixes and enhancements.
tags | virus
systems | unix
SHA-256 | c39005318d4a7d27d9710c3d71396b8c500e0bc5a184cb7392051c9ca9dea60d
authforce-0.9.8.tar.gz
Posted Feb 14, 2007
Site kapheine.hypa.net

Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.

Changes: Various bug fixes.
tags | web, cracker
SHA-256 | 041b5668ad440fa0a752ab4f956da4a64dc6403df1b48f8cfe342631b275f447
Gentoo Linux Security Advisory 200702-4
Posted Feb 14, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200702-04 - RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Versions less than 3.7.0_beta1 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | c64c2f4d7e09f6b419696909f88a5a7491475c13b34413689fa586cb6682e5aa
Gentoo Linux Security Advisory 200702-3
Posted Feb 14, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200702-03 - Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a backtracking attack to perform numerous time-consuming operations. Versions less than 2.6.1.2 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 65c813c6f8def59606b0a6f869a75f30ed68138fe2555257e5cc8c804c85c7cc
Gentoo Linux Security Advisory 200702-2
Posted Feb 14, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200702-02 - A flaw exists in the mod_ctrls module of ProFTPD, normally used to allow FTP server administrators to configure the daemon at runtime. Versions less than 1.3.1_rc1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | e3494f4786d21ba459f57467fc252395dccb62ce7f6364e4e60eb0550b575d8d
SYMSA-2007-002.txt
Posted Feb 14, 2007
Authored by J.R. Wikes, Matt Cooley, Scott King | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-002 - Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attacker may use this vulnerability to retrieve information from a locked device.

tags | advisory
advisories | CVE-2007-0859
SHA-256 | 2734f632d4167db6cb0b20e9be04487d20d1f292bf2c6fa64475d18ee0570c91
iDEFENSE Security Advisory 2007-02-13.t
Posted Feb 14, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 02.13.07 - Remote exploitation of a design error in Microsoft Corp.'s 'wininet.dll' FTP client code could allow an attacker to execute arbitrary code. The vulnerability specifically exists in the parsing of reply lines from remote FTP servers. During an FTP session, the client makes requests for the server to perform some operation and the server responds with a numeric code, a human readable message and possibly some other information. As there can be multiple lines in a reply, code in the client breaks the reply up into lines, putting a null byte (character 0x00) after any end of line character. In the case where a line ends exactly on the last character of the reply buffer, the terminating null byte is written outside of the allocated space, overwriting a byte of the heap management structure. By sending a specially crafted series of replys to the client, the heap may be corrupted in a controlled way to cause the execution of arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2007-0217
SHA-256 | d22eb45fb37255371e9e850913d16605ad17aba88ae9adde20de88175b31549f
Gentoo Linux Security Advisory 200702-1
Posted Feb 14, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200702-01 - A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Versions less than 3.0.24 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | e5ec610ebb8382e354a24ce5c218a5bbe4df6e7cb8d78ac88b5904c811a4b34a
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close