Exploit the possiblities
Showing 1 - 25 of 737 RSS Feed

Files Date: 2007-03-01 to 2007-03-31

Posted Mar 29, 2007
Authored by Elliot Kendall

DataDomain OS versions 3.0.0 through suffer from an arbitrary command execution flaw.

tags | exploit, arbitrary
MD5 | 9c945837875c5605ea9373d740e29293
Debian Linux Security Advisory 1270-2
Posted Mar 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1270-2 - Several security related problems have been discovered in OpenOffice.org, the free office suite. iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.

tags | advisory, overflow, arbitrary, shell
systems | linux, debian
advisories | CVE-2007-0002, CVE-2007-0238, CVE-2007-0239
MD5 | b6ee02a59e56836dba49bc7eb9c15c96
Posted Mar 29, 2007
Authored by Tim Rees

It seems to be possible to perform various denial of service attacks on a Linux computer running TrueCrypt version 4.3 in setuid root mode, or possibly introduce evil binaries into normally trusted locations.

tags | advisory, denial of service, root
systems | linux
MD5 | db98fbeafa6162466a942f5d230e0a4d
Zero Day Initiative Advisory 07-011
Posted Mar 29, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. If the username is longer than 256 bytes, a pointer overwrite may occur in the function nnotes.dll.CStream::ToBase64() which is later called and can therefore result in execution of arbitrary code.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2007-1675
MD5 | 5c2e6493ad6fd7fd47212cfb14190a41
Cisco Security Advisory 20070328-voip
Posted Mar 29, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

tags | advisory, denial of service, vulnerability
systems | cisco
MD5 | 1b50992d840f1049b2eaca81708c20ac
Posted Mar 29, 2007
Authored by ShadOS | Site hellknights.void.ru

WhiteCat log cleaner version 1.0. WhiteCat is designed for any UNIX-like system, but tested only on Linux. Distributed under GPLv2.

tags | tool, rootkit
systems | linux, unix
MD5 | efd550ecc4b29bb2544da6a8e072ce57
iDEFENSE Security Advisory 2007-03-28.2
Posted Mar 29, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 03.28.07 - Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause denial of service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. This vulnerability has been confirmed to exist within versions 7.0.1 and the Directory Service (LDAP) component of Lotus Domino Server.

tags | advisory, remote, denial of service, overflow, arbitrary
MD5 | 8aa117e485430eecd0ea8755e3b22dc2
iDEFENSE Security Advisory 2007-03-28.t
Posted Mar 29, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 03.28.07 - Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of e-mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. iDefense has confirmed that Lotus Domino Web Access 7.0 is vulnerable. Earlier versions are suspected vulnerable.

tags | advisory, remote, web, arbitrary, javascript, xss
advisories | CVE-2006-4843
MD5 | c98de655a9e1663189d5fba0586928d6
Posted Mar 29, 2007
Authored by Jonathan So | Site nop-art.net

Corel Worperfect X3 version suffers from a stack overflow vulnerability. Exploit included.

tags | exploit, overflow
MD5 | 8cece6f324de927d4cdfd1da2451acc5
Ubuntu Security Notice 446-1
Posted Mar 29, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 446-1 - Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
MD5 | a957919d456df89b8db38582d69fa4e7
Posted Mar 29, 2007
Authored by nsp

Apparently, the phishing protection provided in Firefox and Opera 9.10 fails to take iframes into account.

tags | advisory
MD5 | 2897825f94a26911417c4e233687db1e
Posted Mar 29, 2007
Authored by Handrix | Site morx.org

HP JetDirect print servers suffers from a remote denial of service flaw.

tags | exploit, remote, denial of service
MD5 | 0d35f082f181f32b807931a800f07f59
Posted Mar 29, 2007
Authored by Lostmon | Site lostmon.blogspot.com

aBitWhizzy suffers from local file traversal and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 64483de368bae49e63bad2e87378063a
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Mar 29, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support of SHA2_384 hash function for protecting IKEv1 negotiations and support of SHA2 signatures in X.509 certificates. Serious bug fix and multiple other enhancements.
tags | kernel, encryption
systems | linux
MD5 | c79461065ea2dee47adfdeb1199b942e
Posted Mar 29, 2007
Authored by Stefan Esser | Site hardened-php.net

Month of PHP Bugs - PHP version 4.4.5 and 4.4.6 session_decode() double free proof of concept exploit.

tags | exploit, php, proof of concept
MD5 | ac64d9748ea8b560e47f968fba2f7558
Posted Mar 29, 2007
Authored by Robert Swiecki | Site swiecki.net

The Linux kernel suffers from a DCCP memory disclosure vulnerability. This is the second proof of concept exploit related to this vulnerability. Kernel versions 2.6.20 and above are affected.

tags | exploit, kernel, proof of concept, info disclosure
systems | linux
MD5 | 5a4c8586a8f76cfb8fd8494244694c0d
Posted Mar 29, 2007
Authored by skillTube | Site skilltube.com

This Metasploit module exploits a stack overflow in the NaviCopa HTTP server 2.01 (release version 6th October 2006 or earlier). It is not the same vulnerability as the one described in BID 20250.

tags | exploit, web, overflow
MD5 | 9af13150313142d7bbfee995b5be0c75
Posted Mar 29, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 1.

tags | exploit, sql injection
MD5 | 2a8a0eec2a5ea3879a641b43d8d6fbbe
Posted Mar 29, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 2.

tags | exploit, sql injection
MD5 | 3c82a6a31634f209db1f378f07bb02ac
Posted Mar 29, 2007
Authored by Kishor Datar

Yahoo mail services when accessed via Yahoo! messenger are vulnerable to information leakage and authentication bypass which is caused due to improper caching of pages by the browser.

tags | advisory
MD5 | c1be1240f8410d328795203fce4e74f5
Posted Mar 29, 2007
Authored by Robert Swiecki | Site swiecki.net

The Linux kernel suffers from a DCCP memory disclosure vulnerability. Proof of concept exploit included. Kernel versions 2.6.20 and above are affected.

tags | exploit, kernel, proof of concept
systems | linux
MD5 | 0a85b24758c65f57b208b459d9d1215a
Posted Mar 29, 2007
Authored by trueend5 | Site kapda.ir

FlexBB version 1.0.0 10005 Beta Release 1 suffers from a SQL injection vulnerability when parsing the user supplied cookie value.

tags | exploit, sql injection
MD5 | 3d55dac35b5fdff4341cec44eab21230
Posted Mar 29, 2007
Authored by UniquE-Key

Xoops blind SQL injection exploit for print.php. Currently affects all versions.

tags | exploit, php, sql injection
MD5 | 66ec680fd32bc0067496746440e31e8a
Posted Mar 29, 2007
Authored by Gyu Tae Park

SignKorea's SKCommAX ActiveX Control Module version and SKCommAX ActiveX Control Module(3280) version suffer from a buffer overflow vulnerability.

tags | advisory, overflow, activex
MD5 | 158e488e8975c281596948b634b1dbdf
Posted Mar 28, 2007
Authored by eufrato | Site k-159.echo.or.id

C-Arbre versions 0.6PR7 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
MD5 | cbf44d2d3cdd34f17aa4dc23178a958a
Page 1 of 30

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By