what you don't know can hurt you
Showing 1 - 25 of 98 RSS Feed

Files Date: 2007-04-05

Secunia Security Advisory 24758
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in XFree86, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
MD5 | 68a3911655019af92e0f85610db91aef
Secunia Security Advisory 24689
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - DarkFig has reported a vulnerability in MyBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.

tags | advisory, sql injection
MD5 | 710fc3f72fedab1b6d9eaf0f3c83dc8f
Secunia Security Advisory 24708
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for zziplib. This fixes a vulnerability, which can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.

tags | advisory
systems | linux, gentoo
MD5 | 92af197a29f31244194ae477509e2038
Secunia Security Advisory 24716
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for openpbs. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to potentially compromise a vulnerable system.

tags | advisory, local, vulnerability
systems | linux, gentoo
MD5 | d4fd388f9f90394e1d2f3990f166b97a
Secunia Security Advisory 24761
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ajann has discovered a vulnerability in the PopnupBlog module for Xoops, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | b253a06773075a02cea5ad3c3894cddc
Secunia Security Advisory 24771
Posted Apr 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, redhat
MD5 | 579a1dd232700485fe4a3f1c9de53c2f
iDEFENSE Security Advisory 2007-04-03.6
Posted Apr 5, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of a heap overflow vulnerability in Kaspersky Lab's Internet Security Suite klif.sys could allow an attacker to execute arbitrary code within kernel context. iDefense confirmed this vulnerability in Kaspersky Internet Security 6.0.1.411 for Windows. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, kernel, local
systems | windows
MD5 | 0994d9a726b1e80edff9e0fca9b3fc29
iDEFENSE Security Advisory 2007-04-04.1
Posted Apr 5, 2007
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 04.04.07 - Remote exploitation of a information disclosure vulnerability in Kaspersky AntiVirus 6 could allow malicious websites to steal files off of a user's machine. iDefense has confirmed the existence of this vulnerability in version 6.0 of Kaspersky Antivirus.

tags | advisory, remote, info disclosure
MD5 | 25f95ec76b493a33ea7cd029093124fc
Debian Linux Security Advisory 1277-1
Posted Apr 5, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1277-1 - Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-0654, CVE-2007-0653
MD5 | f60f4cd95776dca6a9a414c79f56497a
Mandriva Linux Security Advisory 2007.081
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-1351
MD5 | 5620120632d5fa54b877ee1ab05c378f
Mandriva Linux Security Advisory 2007.080
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.

tags | advisory, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
MD5 | 2775d1c7d38b12d00a747a06eff5bac1
Mandriva Linux Security Advisory 2007.079
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
MD5 | c0ef81e3cf770b6f9cac79ac2e3d346d
Mandriva Linux Security Advisory 2007.078
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Quite a few kernel related vulnerabilities have been fixed for the Linux 2.6 series.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2006-6056, CVE-2007-0005, CVE-2007-0772, CVE-2007-0958, CVE-2007-1000, CVE-2007-1217, CVE-2007-1388, CVE-2007-1592
MD5 | 3afceaa1b967983bc076986ed7c5b2d9
Mandriva Linux Security Advisory 2007.077
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
MD5 | 1a9263cf88baf98da32dc273dc1ec498
gazi-sql.txt
Posted Apr 5, 2007
Authored by CoNqUeRoR

Gazi Okul Sitesi 2007 suffers from a SQL injection vulnerability in fotokategori.asp.

tags | exploit, sql injection, asp
MD5 | cb1648fc7cde9040570423cfcd601da1
VMware Security Advisory 2007-0003
Posted Apr 5, 2007
Authored by VMware | Site vmware.com

VMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.

tags | advisory
advisories | CVE-2005-3011, CVE-2006-4810, CVE-2007-1270, CVE-2007-1271, CVE-2005-2096, CVE-2005-1849, CVE-2003-0107, CVE-2005-1704
MD5 | a842da3a834970c456a3b1b57d167b73
proxyfuzz.py.txt
Posted Apr 5, 2007
Authored by Rodrigo Marcos | Site theartoffuzzing.com

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

tags | udp, tcp, protocol, python, fuzzer
MD5 | 16335167eec8447d244ca48ab1ae1b2a
phpexplorator-rfi.txt
Posted Apr 5, 2007
Authored by Hasadya Raed

phpexplorator version 2.0 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 0f9cabc4e7547ac96fd8bd1d92bdfe7a
major_rls38.txt
Posted Apr 5, 2007
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

eXV2 CMS versions 2.0.4.3 and below suffer from cross site scripting and session fixation vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | d21f2b2c8336489c95b528c7129a1d48
aol-activex.txt
Posted Apr 5, 2007
Authored by Krad Chad, leetpete

This Metasploit module exploits a flaw in the AOL Sb.SuperBuddy ActiveX control.

tags | exploit, activex
advisories | CVE-2006-5820
MD5 | 02db186f1a1e4d7c58e84c27da8b6c6e
hpmercury-overflow.txt
Posted Apr 5, 2007
Authored by ri0t

HP Mercury Quality Center Spider90.ocx ProgColor proof of concept overflow exploit.

tags | exploit, overflow, proof of concept
MD5 | 497bc99722608ec01e022441eb714fe7
devcode2.txt
Posted Apr 5, 2007
Authored by devcode

Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability. (Hardware DEP).

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1765
MD5 | 3ef5d0babe738f2a27c7e91cf240639e
04042007-raptor_truecrypt.tgz
Posted Apr 5, 2007
Authored by Marco Ivaldi

Local privilege escalation exploit for TrueCrypt versions 4.3 and below.

tags | exploit, local
advisories | CVE-2007-1738
MD5 | cd1e1044ff594f332e39690fe831cb33
xoops-rha-sql.txt
Posted Apr 5, 2007
Authored by ajann

Xoops module Rha7 Downloads versions 1.0 remote SQL injection exploit that makes use of visit.php.

tags | exploit, remote, php, sql injection
MD5 | 4da51d0e739db4b41ef39349fca35fa1
xoops-snippets-sql.txt
Posted Apr 5, 2007
Authored by ajann

Xoops module WF-Snippets versions 1.02 and below blind SQL injection exploit.

tags | exploit, sql injection
MD5 | 35f6c46e881300b297c23cbff3ebccc9
Page 1 of 4
Back1234Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close