what you don't know can hurt you
Showing 1 - 25 of 41 RSS Feed

Files Date: 2007-03-09

CA Security Advisory 35145
Posted Mar 9, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

The CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).

tags | advisory, remote
advisories | CVE-2007-1345
SHA-256 | 3962113ae17c146b5640bd4ec12da7a3f96a4ed5be77c2f201e85de1071f6d9e
PHP import_request_variables() Arbitrary Variable Overwrite
Posted Mar 9, 2007
Authored by Stefano Di Paola, Francesco Ongaro | Site wisec.it

PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().

tags | exploit, arbitrary, php
SHA-256 | 5fa15988075ab903a6fb5db15ca53a4cf5cbc587310a227e5c83e5aa6494637b
msfilemanagement.txt
Posted Mar 9, 2007
Authored by 3APA3A | Site securityvulns.com

Article discussing file management security issues in Microsoft Windows Vista/2003/XP/2000.

tags | advisory
systems | windows
SHA-256 | af2416acea7784325eb7b5e5fd487071fe970b7a59fd3bfa82407217ee7559d8
Port Scanning Techniques Whitepaper
Posted Mar 9, 2007
Authored by Kris Katterjohn

Whitepaper discussing various port scanning techniques with explanations, diagrams, and examples using Nmap and Hping3. PDF version.

tags | paper
SHA-256 | c0dd9c2daf75d423372e3098be822433dd1a7a63f0118e0a205fe59b2b971571
Port Scanning Techniques Whitepaper
Posted Mar 9, 2007
Authored by Kris Katterjohn

Whitepaper discussing various port scanning techniques with explanations, diagrams, and examples using Nmap and Hping3. Text version.

tags | paper
SHA-256 | d3019251c4f27b4d2fb8cce28300a408be8e83c9a19904cca9e409520ba51ed4
Mandriva Linux Security Advisory 2007.057
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The DMO_VideoDecoder_Open function in dmo/DMO_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-1246
SHA-256 | c5cdff64d715a5ff1636f58d8abe75e80d9cf94154c2f6c414ecfa5963b5f403
Mandriva Linux Security Advisory 2007.056
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2007-1218
SHA-256 | 6b5b611577e93ca97e04c8e9a9708f6ef4e8e175667239866876ec1cabe8ae60
Mandriva Linux Security Advisory 2007.055
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-1246
SHA-256 | 98e19e2b7caff2cbb310887cdedbd0652b406d4d07adca198bf3b319303a428d
Mandriva Linux Security Advisory 2007.054
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2007-1308
SHA-256 | 151bc594bf49a8d4c06b8d0066b3308be2e049c336aacb3b9f336c29486f9541
Ubuntu Security Notice 432-1
Posted Mar 9, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 432-1 - Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1263
SHA-256 | b20afc54d5ee0271c49512ca07738acf7c820aafc428e8929919d4c440074d7c
Ubuntu Security Notice 424-2
Posted Mar 9, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 424-2 - USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
SHA-256 | e310fb1be714d20b26c72bf2cab12289e3cc50abbc9dc4f113ed397d55290dbe
php_446_crack_opendict_local_bof.txt
Posted Mar 9, 2007
Authored by rgod | Site retrogod.altervista.org

PHP version 4.4.6 crack_opendict() local buffer overflow exploit.

tags | exploit, overflow, local, php
SHA-256 | 94c68df67e2e1df9884d7e59cdc21affda88015442b720d1db00be61a81e5c00
BlackhatCFP-2007.txt
Posted Mar 9, 2007
Site blackhat.com

Black Hat USA 2007 Call For Papers. Black Hat USA Briefings 2007 takes place at Caesars Palace Las Vegas, Nevada, July 28-August 2.

tags | paper, conference
SHA-256 | 39881c79d18cff4a2243ee345d72c9e352f1ba186ebc8a37744b40431f26e9fb
dynaliens-xss.txt
Posted Mar 9, 2007
Authored by sn0oPy

dynaliens versions 2.0 and 2.1 suffer from admin bypass and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 7ba86a132b64ef2603f7d81fe45715ad0422256df5f5da3b27ad3b7c7e64ec30
MU Security Advisory 2007-03.01
Posted Mar 9, 2007
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

Asterisk crashes when handed an otherwise valid request message but with no URI and no SIP-version in the request-line of the message. Asterisk versions 1.2.15 and 1.4.0, along with prior versions, are affected.

tags | advisory
SHA-256 | 4df0189ab0730598e7eef2261fe6960b91fbe72020bb219fd37a290679ce1e96
conquest-overflow.txt
Posted Mar 9, 2007
Authored by Luigi Auriemma | Site aluigi.org

Conquest versions 8.2a (svn 691) and below suffer from buffer overflow and memory corruption vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 858134cf9631a43c96c8ccdb82c9d9e1ae83103f68ee6d3468c7fa13d3ca8cd0
winamp512-overflow.txt
Posted Mar 9, 2007
Authored by Umesh Wanve

Winamp versions 5.12 and below crafted .PLS file remote buffer overflow exploit. Written in Perl.

tags | exploit, remote, overflow, perl
SHA-256 | 07d8b624ae8c747343fe22839b4742a9d2799a0d8bc965bb30020428d8281dde
winzip-heap.txt
Posted Mar 9, 2007
Authored by prdelka | Site blogs.23.nu

WinZip versions 10.0.7245 and below FileView ActiveX buffer overflow exploit.

tags | exploit, overflow, activex
SHA-256 | 13135b625739a870d46e0156520936ebef5b93a66dc0bdbacf68dd04b7de0584
modsec-bypass.txt
Posted Mar 9, 2007
Authored by Stefan Esser | Site hardened-php.net

mod_security versions 2.1.0 and below suffer from a POST rules bypass vulnerability.

tags | exploit, bypass
SHA-256 | b3244d2e4f4855891b5b0d5e7fdac24d64fef9bb75f24aacf1299123e1bdf3bb
esser-php.txt
Posted Mar 9, 2007
Authored by Stefan Esser | Site hardened-php.net

PHP versions 4.4.5 and below and 5.2.1 and below shmop SSL RSA private key disclosure exploit.

tags | exploit, php
SHA-256 | 534c6aa03aa244af3fb2bbddad9f72491afa2df620545dc250817d60a24cf3cc
snort-dos.txt
Posted Mar 9, 2007
Authored by Antimatt3r

Snort versions 2.6.1.1, 2.6.1.2, and 2.7.0 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 64c07aec5e8b5052f034febd2b9696cf0e4590dcd7684d523ffe6b812079b68f
Debian Linux Security Advisory 1264-1
Posted Mar 9, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1264-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-0906, CVE-2007-0907, CVE-2006-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
SHA-256 | 8e3df8f485e671883be6bec88e44bb6c9e66f4edf58ff94affb4718bc6fd522c
Zero Day Initiative Advisory 07-010
Posted Mar 9, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on Apple QuickTime Player version 7.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user.

tags | advisory, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2007-0714
SHA-256 | 3c46b27729a5cc0f77a4436b174b66b57347bfc4d93cec3e17ad567beaa38d7d
Zero Day Initiative Advisory 07-09
Posted Mar 9, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on Novell NetMail version 3.5.2. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port 89. During HTTP Basic authentication, a long username of at least 213 bytes will trigger a stack based buffer overflow due to a vulnerable sprintf() call. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, overflow, arbitrary, tcp, code execution
advisories | CVE-2007-1350
SHA-256 | ffb6df8237fe772875dbde8970d3255dc11ed6808126cdb08a3ecb0b4b34fa8b
Advisory2-24012007.txt
Posted Mar 9, 2007
Authored by AlFa | Site virtuax.be

PhpMyAdmin versions 2.9.2 and below suffer from cross site scripting and cross site request forgery flaws.

tags | exploit, xss, csrf
SHA-256 | c091998521db907f610d4211ad5dff7c231c9f9f496f1e6d1d635a31d5158d5b
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close