Twenty Year Anniversary
Showing 1 - 25 of 737 RSS Feed

Files Date: 2007-03-01 to 2007-03-31

Posted Mar 29, 2007
Authored by Elliot Kendall

DataDomain OS versions 3.0.0 through suffer from an arbitrary command execution flaw.

tags | exploit, arbitrary
MD5 | 9c945837875c5605ea9373d740e29293
Debian Linux Security Advisory 1270-2
Posted Mar 29, 2007
Authored by Debian | Site

Debian Security Advisory 1270-2 - Several security related problems have been discovered in, the free office suite. iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.

tags | advisory, overflow, arbitrary, shell
systems | linux, debian
advisories | CVE-2007-0002, CVE-2007-0238, CVE-2007-0239
MD5 | b6ee02a59e56836dba49bc7eb9c15c96
Posted Mar 29, 2007
Authored by Tim Rees

It seems to be possible to perform various denial of service attacks on a Linux computer running TrueCrypt version 4.3 in setuid root mode, or possibly introduce evil binaries into normally trusted locations.

tags | advisory, denial of service, root
systems | linux
MD5 | db98fbeafa6162466a942f5d230e0a4d
Zero Day Initiative Advisory 07-011
Posted Mar 29, 2007
Authored by Tipping Point | Site

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. If the username is longer than 256 bytes, a pointer overwrite may occur in the function nnotes.dll.CStream::ToBase64() which is later called and can therefore result in execution of arbitrary code.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2007-1675
MD5 | 5c2e6493ad6fd7fd47212cfb14190a41
Cisco Security Advisory 20070328-voip
Posted Mar 29, 2007
Authored by Cisco Systems | Site

Cisco Security Advisory - Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

tags | advisory, denial of service, vulnerability
systems | cisco
MD5 | 1b50992d840f1049b2eaca81708c20ac
Posted Mar 29, 2007
Authored by ShadOS | Site

WhiteCat log cleaner version 1.0. WhiteCat is designed for any UNIX-like system, but tested only on Linux. Distributed under GPLv2.

tags | tool, rootkit
systems | linux, unix
MD5 | efd550ecc4b29bb2544da6a8e072ce57
iDEFENSE Security Advisory 2007-03-28.2
Posted Mar 29, 2007
Authored by iDefense Labs | Site

iDefense Security Advisory 03.28.07 - Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause denial of service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. This vulnerability has been confirmed to exist within versions 7.0.1 and the Directory Service (LDAP) component of Lotus Domino Server.

tags | advisory, remote, denial of service, overflow, arbitrary
MD5 | 8aa117e485430eecd0ea8755e3b22dc2
iDEFENSE Security Advisory 2007-03-28.t
Posted Mar 29, 2007
Authored by iDefense Labs | Site

iDefense Security Advisory 03.28.07 - Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of e-mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. iDefense has confirmed that Lotus Domino Web Access 7.0 is vulnerable. Earlier versions are suspected vulnerable.

tags | advisory, remote, web, arbitrary, javascript, xss
advisories | CVE-2006-4843
MD5 | c98de655a9e1663189d5fba0586928d6
Posted Mar 29, 2007
Authored by Jonathan So | Site

Corel Worperfect X3 version suffers from a stack overflow vulnerability. Exploit included.

tags | exploit, overflow
MD5 | 8cece6f324de927d4cdfd1da2451acc5
Ubuntu Security Notice 446-1
Posted Mar 29, 2007
Authored by Ubuntu | Site

Ubuntu Security Notice 446-1 - Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
MD5 | a957919d456df89b8db38582d69fa4e7
Posted Mar 29, 2007
Authored by nsp

Apparently, the phishing protection provided in Firefox and Opera 9.10 fails to take iframes into account.

tags | advisory
MD5 | 2897825f94a26911417c4e233687db1e
Posted Mar 29, 2007
Authored by Handrix | Site

HP JetDirect print servers suffers from a remote denial of service flaw.

tags | exploit, remote, denial of service
MD5 | 0d35f082f181f32b807931a800f07f59
Posted Mar 29, 2007
Authored by Lostmon | Site

aBitWhizzy suffers from local file traversal and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 64483de368bae49e63bad2e87378063a
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Mar 29, 2007
Authored by Andreas Steffen | Site

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support of SHA2_384 hash function for protecting IKEv1 negotiations and support of SHA2 signatures in X.509 certificates. Serious bug fix and multiple other enhancements.
tags | kernel, encryption
systems | linux
MD5 | c79461065ea2dee47adfdeb1199b942e
Posted Mar 29, 2007
Authored by Stefan Esser | Site

Month of PHP Bugs - PHP version 4.4.5 and 4.4.6 session_decode() double free proof of concept exploit.

tags | exploit, php, proof of concept
MD5 | ac64d9748ea8b560e47f968fba2f7558
Posted Mar 29, 2007
Authored by Robert Swiecki | Site

The Linux kernel suffers from a DCCP memory disclosure vulnerability. This is the second proof of concept exploit related to this vulnerability. Kernel versions 2.6.20 and above are affected.

tags | exploit, kernel, proof of concept, info disclosure
systems | linux
MD5 | 5a4c8586a8f76cfb8fd8494244694c0d
Posted Mar 29, 2007
Authored by skillTube | Site

This Metasploit module exploits a stack overflow in the NaviCopa HTTP server 2.01 (release version 6th October 2006 or earlier). It is not the same vulnerability as the one described in BID 20250.

tags | exploit, web, overflow
MD5 | 9af13150313142d7bbfee995b5be0c75
Posted Mar 29, 2007
Authored by Andrea Purificato | Site

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 1.

tags | exploit, sql injection
MD5 | 2a8a0eec2a5ea3879a641b43d8d6fbbe
Posted Mar 29, 2007
Authored by Andrea Purificato | Site

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 2.

tags | exploit, sql injection
MD5 | 3c82a6a31634f209db1f378f07bb02ac
Posted Mar 29, 2007
Authored by Kishor Datar

Yahoo mail services when accessed via Yahoo! messenger are vulnerable to information leakage and authentication bypass which is caused due to improper caching of pages by the browser.

tags | advisory
MD5 | c1be1240f8410d328795203fce4e74f5
Posted Mar 29, 2007
Authored by Robert Swiecki | Site

The Linux kernel suffers from a DCCP memory disclosure vulnerability. Proof of concept exploit included. Kernel versions 2.6.20 and above are affected.

tags | exploit, kernel, proof of concept
systems | linux
MD5 | 0a85b24758c65f57b208b459d9d1215a
Posted Mar 29, 2007
Authored by trueend5 | Site

FlexBB version 1.0.0 10005 Beta Release 1 suffers from a SQL injection vulnerability when parsing the user supplied cookie value.

tags | exploit, sql injection
MD5 | 3d55dac35b5fdff4341cec44eab21230
Posted Mar 29, 2007
Authored by UniquE-Key

Xoops blind SQL injection exploit for print.php. Currently affects all versions.

tags | exploit, php, sql injection
MD5 | 66ec680fd32bc0067496746440e31e8a
Posted Mar 29, 2007
Authored by Gyu Tae Park

SignKorea's SKCommAX ActiveX Control Module version and SKCommAX ActiveX Control Module(3280) version suffer from a buffer overflow vulnerability.

tags | advisory, overflow, activex
MD5 | 158e488e8975c281596948b634b1dbdf
Posted Mar 28, 2007
Authored by eufrato | Site

C-Arbre versions 0.6PR7 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | cbf44d2d3cdd34f17aa4dc23178a958a
Page 1 of 30

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By