what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files Date: 2007-03-14

Gentoo Linux Security Advisory 200703-11
Posted Mar 14, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200703-11 - The Magnatune downloader doesn't quote the m_currentAlbumFileName parameter while calling the unzip shell command. Versions less than 1.4.5-r1 are affected.

tags | advisory, shell
systems | linux, gentoo
SHA-256 | 9921fd92676a28a15379fe15dd5356e711779256fd3a45ac192d249d6911eb50
Debian Linux Security Advisory 1266-1
Posted Mar 14, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1266-1 - Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option.

tags | advisory
systems | linux, debian
advisories | CVE-2007-1263
SHA-256 | ff2d443868ea9134e4a2821505f07b5d67eda9514390877c76d2ba1676c1cae7
Core Security Technologies Advisory 2007.0219
Posted Mar 14, 2007
Authored by Core Security Technologies, Gerardo Richarte, Alfredo Ortega, Mario Vilas | Site coresecurity.com

Core Security Technologies Advisory - The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in remote execution of arbitrary code at the kernel level on the vulnerable systems and/or a remote denial of service condition. Affected systems include OpenBSD 4.1 prior to Feb. 26th, 2006, OpenBSD 4.0 Current, OpenBSD 4.0 Stable, OpenBSD 3.9, OpenBSD 3.8, OpenBSD 3.6, and OpenBSD 3.1. Proof of concept exploit included.

tags | exploit, remote, denial of service, arbitrary, kernel, proof of concept
systems | openbsd
advisories | CVE-2007-1365
SHA-256 | 2d5d5651f3ce213312cb165a62fc0f511f0b8d1488dfffa7ab49170738c88652
Mandriva Linux Security Advisory 2007.062
Posted Mar 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The DS_VideoDecoder_Open function in DirectShow/DS_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-1387
SHA-256 | 1e8a5159b7b6dc0e60918f6aeec48b171e46c9c0258efc535f3006a7322f8b70
Mandriva Linux Security Advisory 2007.061
Posted Mar 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The DS_VideoDecoder_Open function in loader/dshow/DS_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-1387
SHA-256 | d4bfbc41eaadf6b63510af26525e0790c70f14f6c2cec2b97f949be8444a84e3
vbulletin-sql.txt
Posted Mar 14, 2007
Authored by meto5757, disfigure

vBulletin suffers from a SQL injection flaw via the admin panel.

tags | exploit, sql injection
SHA-256 | 9eea6446e09ce83853ef2c35536050ef5ad00514168d8c05773ecb401afb3017
jgbbs-sql.txt
Posted Mar 14, 2007
Authored by UniquE-Key

JGBBS version 3.0beta1 Search.ASP "Author" SQL injection exploit.

tags | exploit, sql injection, asp
SHA-256 | ef12d3a54cf1939a89568e3d4077cf686bf8b5d4ec1d2e4a47529c12f0332117
Echo Security Advisory 2007.74
Posted Mar 14, 2007
Authored by Echo Security, Dedi Dwianto | Site advisories.echo.or.id

WebCreator versions 0.2.6-rc3 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 01a11c5ebb2dd9ff9c829e9ace85beb06551738ea987600e13706cb6e3c11bc4
Echo Security Advisory 2007.72
Posted Mar 14, 2007
Authored by Echo Security, Dedi Dwianto | Site advisories.echo.or.id

CARE2X version 1.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | dcbab91314fae67b2b54053c172f8cad0edccd2c569e1366f2ecc56811f84f49
Echo Security Advisory 2007.71
Posted Mar 14, 2007
Authored by Echo Security, Dedi Dwianto | Site advisories.echo.or.id

Activist Mobilization Platform (AMP) version 3.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 4d8878d5ecb80e4b8e712ee645c554711608d4d6fc841edda152cc838a540893
adv73-K-159-2007.txt
Posted Mar 14, 2007
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

MySQL Commander versions 2.7 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 2c005448d430cf3d2f2227a94fe25ccb45250ddd028a4a97032f724535ab0b91
unrarlib-overflow.txt
Posted Mar 14, 2007
Authored by starcadi

Unrarlib version 0.4.0 suffers from a local buffer overflow condition.

tags | advisory, overflow, local
SHA-256 | fc255cada5b77ad9e310d6d4c1be3cc1721d8ec3c4e5e48503c784b792978d1f
Ubuntu Security Notice 432-2
Posted Mar 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 432-2 - USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1263
SHA-256 | efd10c3a5bbef4bde937cd14206a894698209116719ed31936c3fa38bf151dd0
wdc-lfi.txt
Posted Mar 14, 2007
Authored by BorN To K!LL

Weekly Drawing Contest version 0.0.1 suffers from a local file disclosure vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 269ced39d845301f13578c23834077900786be9da878c99474d4f2ff9514dc90
aonat-xss.txt
Posted Mar 14, 2007
Authored by Florian Stinglmayr

aon.at suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 492fab1a571778c56ef5fb655f77801ab1fc2926b5c1fd0a0d589ab5b0768d9f
adv69-K-159-2007.txt
Posted Mar 14, 2007
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

OES (Open Educational System) version 0.1beta suffers from a remote file inclusion vulnerability.

tags | advisory, remote, file inclusion
SHA-256 | bfd2bc4baa12d1af0cd999b89fce073dd8a0025c8d50b75d3ccc6bdfe0f5a915
alucard-0.1.tar.bz2
Posted Mar 14, 2007
Authored by Matthew Ranostay

Alucard is a UPnP port redirection application that allows a user to open ports on a UPnP enabled router.

tags | tool, peer2peer
SHA-256 | db1cd922af6c709865fe067e85ed486bd7a5eda8c9dd3a8a6254ddc8932478d1
Ubuntu Security Notice 436-1
Posted Mar 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 436-1 - Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, juniper, ubuntu
advisories | CVE-2007-1384, CVE-2007-1385
SHA-256 | c6a9911f676c52c44f13fff3ea2c268d124e8d46002028af110bf993cb7c6a6a
Ubuntu Security Notice 435-1
Posted Mar 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 435-1 - Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1387
SHA-256 | 9d8bbefeb03f250ad5e440fa93720bd6f44dd1ba21a5563df2eabea84f83f2b5
eplus-xss.txt
Posted Mar 14, 2007
Authored by Hanno Boeck | Site hboeck.de

www.eplus.de suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, xss, file inclusion
SHA-256 | 4d4a8f8cd67095cc202653d66fab907b691872b1732c773d7324c7152a00ad1e
deepsec2007-cfp.txt
Posted Mar 14, 2007
Site deepsec.net

Call for papers for the first annual European DeepSec In-Depth security conference.

tags | paper, conference
SHA-256 | 94830d3a48579718254c9ce907a0bb42ab663c154bebc4d9cc5b33c595916b5a
blackberry-dos.txt
Posted Mar 14, 2007
Authored by Michael Kemp | Site clappymonkey.com

A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld version 4.2.0.51.

tags | advisory, denial of service
SHA-256 | eebfd477932c88afd67e2c6ffb83fcbaf17f3eb7fd4b2ae480ab2bc44d5a136f
assetman24-lfi.txt
Posted Mar 14, 2007
Authored by BorN To K!LL

AssetMan version 2.4a suffers from a local file disclosure vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f2a07fb1df34883ee420f8d322a070601290f3f745309e258eadf13f8a6d319d
fantastico-lfi.txt
Posted Mar 14, 2007
Authored by cyb3rt, 020

Fantastico in all versions of CPanel 10.x suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | df4ab17b9ae28afb557d490c52bb6c0a497fcb9719cc88e153ff566a02915a2e
clipshare-rfi.txt
Posted Mar 14, 2007
Authored by Hasadya Raed

A remote file inclusion vulnerability exists in ClipShare version 1.5.3.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 26246b35134755a318d48e585c6fd6cdc8f42416574a8e17eb866debc24c7734
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close