what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2007-04-19

galix.txt
Posted Apr 19, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

Galix version 2.0 is susceptible to a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ea37257ee871870d8689cf712d58ce07955c7f84d75ad80001399a5b45f19f66
exploiting-rpc.pdf
Posted Apr 19, 2007
Authored by David Routin

Paper describing how to reuse dumped portmapper data on one machine in order to still make use of rpc services on a remote machine without portmapper being exposed.

tags | paper, remote
SHA-256 | 6d75a479fb91127cfe155527d798ba0fa54676e421f165fdc5c35388873d9eb9
Ubuntu Security Notice 453-1
Posted Apr 19, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 453-1 - Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1667
SHA-256 | d2415436c221760108a5ae8ac3c590c87efdb79bc5892488672c23b508e46581
Zero Day Initiative Advisory 07-020
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.

tags | advisory, remote, arbitrary, tcp, vulnerability
advisories | CVE-2007-1972
SHA-256 | af821d60c5943917a00431dbce91939ec5641db70437f462bbc64ff57193d46c
Zero Day Initiative Advisory 07-019
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2136
SHA-256 | c68d1abda193e0c11f283735950b98df7c0f02cde1ca790898b0e4241dba539e
Zero Day Initiative Advisory 07-018
Posted Apr 19, 2007
Authored by CIRT.DK, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, tcp
systems | windows
advisories | CVE-2007-2137
SHA-256 | 0086b2a823788d685ea92d803990861bcded3e23445dacfce850f58fe17c0922
Zero Day Initiative Advisory 07-017
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.

tags | advisory, remote
advisories | CVE-2007-2135
SHA-256 | 7695b29a5b73a990141587afaad7025ba20336a322848f36046e521d84262f61
Zero Day Initiative Advisory 07-016
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.

tags | advisory, remote, root
advisories | CVE-2007-2170
SHA-256 | a56905b28f18536776787ff58703784ae3030dd3b225c7e8a7e6187e035b3646
Zero Day Initiative Advisory 07-015
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, overflow, arbitrary, tcp, code execution
advisories | CVE-2007-2171
SHA-256 | 90a41cead20143889d6a2f43dfaa84ad08429adb0c36d1b17c84c1dfcf42c1ae
nuclearbb-sql.txt
Posted Apr 19, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

NuclearBB Alpha 1 suffers from SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | c84bf59b26a6b7865eecce90ea8165e16d1a96e7b7992d7db410b25ee4f9fd75
ods-overflow.txt
Posted Apr 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Oracle Database Server version 8i, 9i, and 10gR1 suffer from buffer overflow vulnerabilities in DBMS_SNAP_INTERNAL.

tags | advisory, overflow, vulnerability
SHA-256 | e2719905e19ea0ea42e881bdd6793b1527d1bdebb9522c082597bf21d1f8db5e
NGSSoftware-OracleCPUAPR2007.pdf
Posted Apr 19, 2007
Authored by David Litchfield | Site databasesecurity.com

Database Security Brief: The Oracle Critical Patch Update for April 2007.

tags | paper
SHA-256 | a465cc3fe3cd6f9d61436789abaa6d3353a89cf58084fac1c54a1b580479ea9a
fuzzman.tar.gz
Posted Apr 19, 2007
Authored by E. Kellinis | Site cipher.org.uk

FuzzMan is a simple man page fuzzer that is quite powerful.

tags | fuzzer
SHA-256 | b41eb2bbaca1c7754894834de2761da65eb830c1f3a61c8c0c2d0798df220f24
hackluCFP-2007.txt
Posted Apr 19, 2007
Site hack.lu

Call For Papers hack.lu 2007 - The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. The convention will be held in the Grand-Duchy of Luxembourg from October 18th through the 20th.

tags | paper, conference
SHA-256 | eaac3ea8228b8cb1eddb1409516fd47e6b6ae19b3df56ffdddf72e7c3d234a3a
execshield.tgz
Posted Apr 19, 2007
Authored by Xpl017Elz | Site inetcop.org

Whitepaper titled 'Advanced Exploitation In Exec-Shield: Fedora Core Case Study". This is an excellent paper and is in both PDF and text formats. Please check it out.

tags | exploit
systems | linux, fedora
SHA-256 | a8e5761dc6549e813b9928348cdf9f0062dfebc993c77dfa6cf7367eb33624af
oracle-tns.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

The Oracle Discoverer Servlet suffers from a flaw that allows for the TNS listener to be shutdown.

tags | advisory
SHA-256 | 6cd2e4a0b0c557d28f86cc4b2adb74c3a579002df62bea34f5fb4e09d883e8bd
oracle1016-xss.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle Secure Enterprise Search version 10.1.6 suffers from a cross site scripting flaw.

tags | exploit, xss
SHA-256 | 7aff1e9b18ed5ee3a39d4482abc354b9e1131595d41325b2d9bdfc084897e7dc
oracle-sqlinj2.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_UPGRADE_INTERNAL.

tags | advisory, sql injection
SHA-256 | 9167b0d43caa7db52dbfb7cc46a2cf827743d33ea95fb3f95418a2eb2d069b6b
oracle-sqlinj.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_AQADM_SYS.

tags | advisory, sql injection
SHA-256 | 1d36561760e55a09bc52dc5e4fef603f3873b8856b518f5b9405b4d4f1cfa6f3
oracle-bypass.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

It is possible to bypass the Oracle database logon trigger.

tags | advisory, bypass
SHA-256 | abf861aed916223bb9344c108ae7bcdecf70bbde07d488f29de921d949c8a625
nuke-bypass.txt
Posted Apr 19, 2007
Authored by Aleksandar aka sale83

NukeSentinel suffers from a flaw that allows its SQL injection protection to be bypassed thus allowing for SQL injection attacks. Details provided.

tags | exploit, sql injection, bypass
SHA-256 | a0761fb5d7d1ba3484d24a977e6059576b6267995a6e2bbd6de82ece70ac09cd
iDEFENSE Security Advisory 2007-04-17.2
Posted Apr 19, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.17.07 - Remote exploitation of a denial of service (DoS) vulnerability in McAfee Inc.'s E-Business Server could allow an attacker to crash the administration server. Prior to authentication, an attacker can crash the server by sending a malformed authentication packet. The server will read in a length from the packet header, and then attempt to read that many bytes from the buffer. By specifying a large length value and sending a small packet, the server can be caused to read off the end of mapped heap memory. This will trigger an exception that is not handled, and the server will exit. iDefense has confirmed the existence of this vulnerability in McAfee E-Business Server version 8.5.1.101 for Windows. Previous versions may also be affected.

tags | advisory, remote, denial of service
systems | windows
SHA-256 | 8bc4f01b1ed452757f795d37e2d51d7aa843a15603fc3b59cd4c8f0d3fd0709c
iDEFENSE Security Advisory 2007-04-17.1
Posted Apr 19, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.17.07 - Remote exploitation of a buffer overflow vulnerability in McAfee's VirusScan Antivirus application allows attackers to disable the On-Access scanner or potentially execute arbitrary code with SYSTEM privileges. The McAfee On-Access scanner component contains a common software flaw that leads to heap corruption when dealing with overly long file names that contain multi-byte characters. This flaw only manifests itself when the target system has East Asia language files installed and the default Unicode codepage is set to a language which contains multi-byte characters such as Chinese. iDefense has confirmed this vulnerability in McAfee VirusScan 8.0 Enterprise. Previous versions are suspected vulnerable as well.

tags | advisory, remote, overflow, arbitrary
SHA-256 | dc247c8098d41291932ea959f77c83db7d97fb574d5f30d056f350eca5dc2103
n.runs-SA-2007.007.txt
Posted Apr 19, 2007
Authored by Frank Dick | Site nruns.com

A remote exploitable format string vulnerability has been identified in the in the Sun Java Web Console. According to the Sun Security Coordination Team, Solaris 10 Operating System, Sun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console 2.2.4 and Sun Java Web Console 2.2.5 are affected.

tags | advisory, java, remote, web
systems | solaris
advisories | CVE-2007-1681
SHA-256 | e84f0182902982fef958571d637da96cc79aed6c17e01ebeaca169efc5ba049f
shoutpro-pwn.txt
Posted Apr 19, 2007
Authored by Gammarays

ShoutPro version 1.5.2 arbitrary code execution exploit that makes use of a failure to properly sanitize user input.

tags | exploit, arbitrary, code execution
SHA-256 | 39d759ec9630f4c9c37f666e411c62fe6157febd06eaa7d748a8d829b822d424
Page 1 of 3
Back123Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close