exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 98 RSS Feed

Files Date: 2007-04-05

Secunia Security Advisory 24758
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in XFree86, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
SHA-256 | 0e04db08c0a14bbd2fd8bbe4a1751083d93b6f553196b362a1cabc80a646e9fe
Secunia Security Advisory 24689
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - DarkFig has reported a vulnerability in MyBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.

tags | advisory, sql injection
SHA-256 | 2e9224232020aa08ac2e4f48dada4c13b25b81f022f615d133f53bed40709821
Secunia Security Advisory 24708
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for zziplib. This fixes a vulnerability, which can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.

tags | advisory
systems | linux, gentoo
SHA-256 | d4587804a6d6dc5a9b3387965c31dc6e5e6c14d222bff89b37a446dbc1402079
Secunia Security Advisory 24716
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for openpbs. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to potentially compromise a vulnerable system.

tags | advisory, local, vulnerability
systems | linux, gentoo
SHA-256 | 0c60d94e2ed85b037cbe0983ead2e730a4d5805914947da5e97ca1902d6c4af9
Secunia Security Advisory 24761
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ajann has discovered a vulnerability in the PopnupBlog module for Xoops, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 88f7ea262ef1460a28d4c37cf51188e71e938a47d548b1e1fea03fb67571cc9d
Secunia Security Advisory 24771
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, redhat
SHA-256 | 2cbfc31d6cd4d31f467ee980046d973aeb5030c9e6fc9b8db03401e978495f38
iDEFENSE Security Advisory 2007-04-03.6
Posted Apr 5, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of a heap overflow vulnerability in Kaspersky Lab's Internet Security Suite klif.sys could allow an attacker to execute arbitrary code within kernel context. iDefense confirmed this vulnerability in Kaspersky Internet Security 6.0.1.411 for Windows. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, kernel, local
systems | windows
SHA-256 | cb86f97a8e68118b170d67d5ac9573954988b96454ce53ff0d0a58556693ced9
iDEFENSE Security Advisory 2007-04-04.1
Posted Apr 5, 2007
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 04.04.07 - Remote exploitation of a information disclosure vulnerability in Kaspersky AntiVirus 6 could allow malicious websites to steal files off of a user's machine. iDefense has confirmed the existence of this vulnerability in version 6.0 of Kaspersky Antivirus.

tags | advisory, remote, info disclosure
SHA-256 | b90f0bdcb2ad661747c567945e87febf3ab55b1c4b1b2989b69aa84c70bc6761
Debian Linux Security Advisory 1277-1
Posted Apr 5, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1277-1 - Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-0654, CVE-2007-0653
SHA-256 | 4c05c6e7a8aa1280d48fe3b1e5be826084e650e4e4b2fd7155f6f14d29692a7d
Mandriva Linux Security Advisory 2007.081
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-1351
SHA-256 | d4da0504bcad1dad21f7e27ad6722ecbd0d461fba5c492fe3ced6afa5497909a
Mandriva Linux Security Advisory 2007.080
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.

tags | advisory, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 330fcb42f22893aed5d9dc72a5e4c07dd0445ff1c5c94024359d87760efc0e63
Mandriva Linux Security Advisory 2007.079
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
SHA-256 | c68398453cdd0da008a82f8abe40ea08649a33cada1190cb14fbbabea9298e8f
Mandriva Linux Security Advisory 2007.078
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Quite a few kernel related vulnerabilities have been fixed for the Linux 2.6 series.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2006-6056, CVE-2007-0005, CVE-2007-0772, CVE-2007-0958, CVE-2007-1000, CVE-2007-1217, CVE-2007-1388, CVE-2007-1592
SHA-256 | 10c5929aed3baa55da532114a82a81496e27e687951bb570f70098fe552e0d18
Mandriva Linux Security Advisory 2007.077
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5
gazi-sql.txt
Posted Apr 5, 2007
Authored by CoNqUeRoR

Gazi Okul Sitesi 2007 suffers from a SQL injection vulnerability in fotokategori.asp.

tags | exploit, sql injection, asp
SHA-256 | 907f6dc3bd50ed9678e5289f18c58f5cdaa08b54cee570a2743ca46f597f62ea
VMware Security Advisory 2007-0003
Posted Apr 5, 2007
Authored by VMware | Site vmware.com

VMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.

tags | advisory
advisories | CVE-2005-3011, CVE-2006-4810, CVE-2007-1270, CVE-2007-1271, CVE-2005-2096, CVE-2005-1849, CVE-2003-0107, CVE-2005-1704
SHA-256 | 00501d3613c989dc8596886834f4aebb712f92e614164602fc56e3fbe61fd121
proxyfuzz.py.txt
Posted Apr 5, 2007
Authored by Rodrigo Marcos | Site theartoffuzzing.com

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

tags | udp, tcp, protocol, python, fuzzer
SHA-256 | 83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
phpexplorator-rfi.txt
Posted Apr 5, 2007
Authored by Hasadya Raed

phpexplorator version 2.0 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | ad0fbf74df31f973d0a1e0124f05bf1dc3582a5b09a97c0793b045d4036f3044
major_rls38.txt
Posted Apr 5, 2007
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

eXV2 CMS versions 2.0.4.3 and below suffer from cross site scripting and session fixation vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | d5233fec8ea149595a12f4f06501a776db911ec3e1cfae898a9ef16f9afa3979
aol-activex.txt
Posted Apr 5, 2007
Authored by Krad Chad, leetpete

This Metasploit module exploits a flaw in the AOL Sb.SuperBuddy ActiveX control.

tags | exploit, activex
advisories | CVE-2006-5820
SHA-256 | c4f84c19a69aaa614387d7a5b6263bdeda1ac6eaacdca63ebc8674c8c9bd1256
hpmercury-overflow.txt
Posted Apr 5, 2007
Authored by ri0t

HP Mercury Quality Center Spider90.ocx ProgColor proof of concept overflow exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 865b573d40da03154b5d83cd106f8dae02b210ab5a3d1cd3a079862c24bd722c
devcode2.txt
Posted Apr 5, 2007
Authored by devcode

Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability. (Hardware DEP).

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1765
SHA-256 | 712fe1c2ff48b375d86ed79e79a516acf08a26ac10ba886752f4ca552ec005a2
04042007-raptor_truecrypt.tgz
Posted Apr 5, 2007
Authored by Marco Ivaldi

Local privilege escalation exploit for TrueCrypt versions 4.3 and below.

tags | exploit, local
advisories | CVE-2007-1738
SHA-256 | 67d7762db7996956fbb9268d558f5abb58d3b7b54ffe452695dfc85de1061d5d
xoops-rha-sql.txt
Posted Apr 5, 2007
Authored by ajann

Xoops module Rha7 Downloads versions 1.0 remote SQL injection exploit that makes use of visit.php.

tags | exploit, remote, php, sql injection
SHA-256 | 8a4657d159e4814be5f9df63a366c1fae34a527745d1fd24d91e05bd884b7386
xoops-snippets-sql.txt
Posted Apr 5, 2007
Authored by ajann

Xoops module WF-Snippets versions 1.02 and below blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 03d6b881358a18c992b157ad04bfbe32eaae1b46ce5cffc957ad9f95846d5fc6
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close