exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2007-04-10

php521-overflow.txt
Posted Apr 10, 2007
Authored by Ivan Fratric

There is an integer overflow in PHP versions 5.2.1 and below in ext/gd/libgd/wbmp.c in the function readwbmp.

tags | advisory, overflow, php
SHA-256 | aa74b34ae08f9f37b439284153a51e2cc96cf731a3e5258a9d508e00d2e5d7c6
Ubuntu Security Notice 450-1
Posted Apr 10, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 450-1 - A flaw was discovered in the IPSec key exchange server "racoon". Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-1841
SHA-256 | 82168eaf14ea6e9ed2dcfa4ad526db6a8096bf587c21abe4c3dd879e29126809
iDEFENSE Security Advisory 2007-04-09.1
Posted Apr 10, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.09.07 - Remote exploitation of a path-traversal vulnerability in AOL's AIM and ICQ could allow a remote attacker to place arbitrary files on the victim's machine during a file transfer operation. AIM and ICQ allow users to share and transfer files via a custom protocol. During file transfers, the sender is allowed to specify the display name of the file, and the filename used for the transfer. The recipient can only specify the folder in which to save the file. Due to an input validation flaw, the clients do not properly strip "../" traversal characters from the filename the attacker supplies. By specially encoding the path attackers can force the file to be saved to a directory of their choosing when the victim accepts the file transfer. iDefense has confirmed this vulnerability in ICQ version 5.1. Previous versions are suspected vulnerable. Additionally, AOL reported that AIM version 5.9 and prior are vulnerable.

tags | advisory, remote, arbitrary, protocol
SHA-256 | b77678f991015e9042ee8fdf0028477c14990bee80af6a2365dbcc3ee31f9200
nipper-0.9.1.tgz
Posted Apr 10, 2007
Authored by Ian Ventura-Whiting | Site sourceforge.net

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.

systems | cisco, juniper
SHA-256 | 84d172e64a4af1c6d664513642c8f3369d04c1b3c807ecc1f9cde8eb702a2927
hot-lfi.txt
Posted Apr 10, 2007
Authored by Liz0ziM | Site expw0rm.com

The MyBB Hot Editor plugin version 4.0 suffers from a local file inclusion vulnerability in the "sec" variable in keyboard.php.

tags | exploit, local, php, file inclusion
SHA-256 | e14c76898d21a2bb7836c82a1533fd84e33cbe089dfd3e60c8d2c67e653360c8
mybb-traverse.html
Posted Apr 10, 2007
Authored by Liz0ziM | Site expw0rm.com

The MyBB Hot Editor plugin version 4.0 suffers from a local file inclusion vulnerability in the "first" variable in keyboard.php.

tags | exploit, local, php, file inclusion
SHA-256 | 4acfe1429e3c6665582ad8a653da47543cf23e72c2de86b14572ade8f99554bd
srs10-rfi.txt
Posted Apr 10, 2007
Site hackberry.ath.cx

Song Request System version 1.0b suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ef1fe578799163f7631651fecb1ffdfd42e97de21eab2f1e46aa8f560c3470bf
pam_usb-0.4.0.tar.gz
Posted Apr 10, 2007
Authored by Andrea Luzzardi | Site sig11.org

pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.

Changes: Completely redesigned amongst other changes.
systems | linux
SHA-256 | 6166aa915c0504e6d982748c3fc2413659ab5fa30d8a106de6127abfd17cd107
Scapy Packet Manipulation Tool 1.1.1
Posted Apr 10, 2007
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: Various bug fixes and enhancements.
tags | tool, scanner, python
systems | unix
SHA-256 | 2a11ba05f34b2978af3add623a641e0340d39322b4ca2bd26baae743c78de956
bluediving-0.7.tgz
Posted Apr 10, 2007
Authored by Bastian Ballmann | Site sourceforge.net

Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.

Changes: Better log output and sdp scanning, updated vendor detection, various bug fixes, new menus, new tools, and new exploits.
tags | tool, spoof, rootkit
systems | unix
SHA-256 | 3602cd07ed6f9668ae0c219a6b224e4047ac9d89499a526eea2932f07ae8d004
msani-cursor.txt
Posted Apr 10, 2007
Authored by Breno Silva

.ANI exploit for Microsoft Windows XP SP2 Portuguese version. Binds a shell on TCP port 13579.

tags | exploit, shell, tcp
systems | windows
SHA-256 | 34abaf74826ed2f1e14ad544edf4c754f015c5776a06324d7cce9379f5f20ae6
irfanview399-ani.txt
Posted Apr 10, 2007
Authored by Breno Silva

IrfanView version 3.99 .ANI file local buffer overflow exploit. Comes with multiple targets and binds a shell to TCP port 4444.

tags | exploit, overflow, shell, local, tcp
SHA-256 | 933ce989fe1ceb743c833f979dcbca872ed0f1e5b8806a536e1d47d5d1bb8b3c
pathoscms-rfi.txt
Posted Apr 10, 2007
Authored by kezzap66345

Pathos CMS versions 0.92-2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 773d13e14786e85b5b912be4827003981d6185257065d9b2c814c317d8db11b9
battlenet-sql.txt
Posted Apr 10, 2007
Authored by h a c k e r _ X

Battle.net Clan Script for PHP version 1.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | b4ae7854f5c318f0510b1c94c05a05bf5952ee0f40a327b23adea6d10fdeb432
php121-lfi.txt
Posted Apr 10, 2007
Authored by Dj7xpl

PHP121 Instant Messenger version 2.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ec27accc2ef9b25f3a64e9dfd4a484a34ba0918af51bb9eb925cae2e924260c1
pcp-lfi.txt
Posted Apr 10, 2007
Authored by Dj7xpl

PcP-Guestbook version 3.0 suffers from local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 2021a8f2622770d9bf958afda022a8d033599ec065fc8a6a0443166de9e386db
shellcode.pdf
Posted Apr 10, 2007
Authored by Nexus | Site playhack.net

Whitepaper: Linux Shellcoding Reference.

tags | paper, shellcode
systems | linux
SHA-256 | 66b56a2a402353559920e7cc92cbdf62a89aef2b05132f52f60437a01a69c71b
0day.tar.gz
Posted Apr 10, 2007
Authored by Mati Aharoni | Site offensive-security.com

Muts' python fuzzer found several format bugs in Microsoft Word 2007. file789-1.doc causes an unspecified overflow in Word 2007. file798-1.doc causes a CPU exhaustion denial of service in Word 2007. file614-1.doc causes a CPU exhaustion denial of service and ends with a ding in Word 2007. evil.hlp demonstrates a heap overflow in Windows HLP files.

tags | exploit, denial of service, overflow, python, fuzzer
systems | windows
SHA-256 | 0bf99d28ae1aa96a0bc1342073df4220be09213fe84ae13ec1e089bbb109bd1e
deskpro201-xss.txt
Posted Apr 10, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

DeskPRO version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0d9a153aa8c83d4b4c69aeac2de1cbc273526c31388dcacdff9b84e15ad7aa67
lore-rfi.txt
Posted Apr 10, 2007
Authored by Hasadya Raed

Lore version 1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 2f90950a7d99facf6892458948b111b32b01dab9891fe802a43e55650c36f021
scorpbook10-rfi.txt
Posted Apr 10, 2007
Authored by KaRTaL

Scorp Book versions 1.0 and below remote file inclusion exploit for versions 1.0 and below.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 6ea802ca1d136dd5b0f8fb7fca2096089c0160c29ea7b995ddbb7d29c8ad295d
gaylvain-rfi.txt
Posted Apr 10, 2007
Authored by the_Edit0r | Site xmors-security.com

Gaylvain35 Portail Web suffers from a remote file inclusion vulnerability.

tags | exploit, remote, web, code execution, file inclusion
SHA-256 | 91c6e3c232486c82c9a37257427dd0aad49e7e8816554f4dc7921b212e3e122d
xodagal-exec.txt
Posted Apr 10, 2007
Authored by the_Edit0r | Site xmors-security.com

It appears that xodagallery may be susceptible to a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 43fbc6f11610c729c9f765d88ff1310fc214b65065e046cde66b29bb071c69c2
ubb-sql.txt
Posted Apr 10, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

UBB.threads versions 6.1.1 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | f1cb69d6ae3577ea459edaf39c3a92a47b4a87d42d7c887046e69cab85274b52
quizshock-xss.txt
Posted Apr 10, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

QuizShock version 1.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 92cc8b2d2047c1927af9717520a62a8670169bb54ed5f15da80c86e02eacb5ad
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close