Twenty Year Anniversary
Showing 1 - 25 of 53 RSS Feed

Files Date: 2007-04-19

galix.txt
Posted Apr 19, 2007
Authored by John Martinelli | Site redlevel.org

Galix version 2.0 is susceptible to a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 19c374eba65ae3ae88d12e3f68872615
exploiting-rpc.pdf
Posted Apr 19, 2007
Authored by David Routin

Paper describing how to reuse dumped portmapper data on one machine in order to still make use of rpc services on a remote machine without portmapper being exposed.

tags | paper, remote
MD5 | 5f99244bffdda5a0293024b78fe24c9d
Ubuntu Security Notice 453-1
Posted Apr 19, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 453-1 - Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1667
MD5 | ea108fb8ea29b9e3a38f9f0a0988dd66
Zero Day Initiative Advisory 07-020
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.

tags | advisory, remote, arbitrary, tcp, vulnerability
advisories | CVE-2007-1972
MD5 | feea720a2860e085bdb160f01c3816ee
Zero Day Initiative Advisory 07-019
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2136
MD5 | 7dcfd0677f70a6f1389e9e58d34ba113
Zero Day Initiative Advisory 07-018
Posted Apr 19, 2007
Authored by CIRT.DK, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, tcp
systems | windows
advisories | CVE-2007-2137
MD5 | 0e5cfa7de74e7b7129b6f1cf094e201e
Zero Day Initiative Advisory 07-017
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.

tags | advisory, remote
advisories | CVE-2007-2135
MD5 | be349cccba1bb4fa66f12b2b285cc0b8
Zero Day Initiative Advisory 07-016
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.

tags | advisory, remote, root
advisories | CVE-2007-2170
MD5 | 197d6c1d20d50bda33ff6a94e5ea6f58
Zero Day Initiative Advisory 07-015
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, overflow, arbitrary, tcp, code execution
advisories | CVE-2007-2171
MD5 | 4e3ce67379b834263e2437fa61773ffb
nuclearbb-sql.txt
Posted Apr 19, 2007
Authored by John Martinelli | Site redlevel.org

NuclearBB Alpha 1 suffers from SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
MD5 | 70353d5dbd7f94671daf35298f8df104
ods-overflow.txt
Posted Apr 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Oracle Database Server version 8i, 9i, and 10gR1 suffer from buffer overflow vulnerabilities in DBMS_SNAP_INTERNAL.

tags | advisory, overflow, vulnerability
MD5 | f135f4a0c24a28e808cc3d0d4ad7c9fc
NGSSoftware-OracleCPUAPR2007.pdf
Posted Apr 19, 2007
Authored by David Litchfield | Site databasesecurity.com

Database Security Brief: The Oracle Critical Patch Update for April 2007.

tags | paper
MD5 | f22e5f3f5b28ed56e2ff7f780db7f44c
fuzzman.tar.gz
Posted Apr 19, 2007
Authored by E. Kellinis | Site cipher.org.uk

FuzzMan is a simple man page fuzzer that is quite powerful.

tags | fuzzer
MD5 | 7c0c1892733e4a5f621522f10442b93f
hackluCFP-2007.txt
Posted Apr 19, 2007
Site hack.lu

Call For Papers hack.lu 2007 - The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. The convention will be held in the Grand-Duchy of Luxembourg from October 18th through the 20th.

tags | paper, conference
MD5 | 60e591d7cd9fe23f2e819fc8cf1a0bfa
execshield.tgz
Posted Apr 19, 2007
Authored by Xpl017Elz | Site inetcop.org

Whitepaper titled 'Advanced Exploitation In Exec-Shield: Fedora Core Case Study". This is an excellent paper and is in both PDF and text formats. Please check it out.

tags | exploit
systems | linux, fedora
MD5 | 73c2ca5aeeb6801b9799fe7003203043
oracle-tns.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

The Oracle Discoverer Servlet suffers from a flaw that allows for the TNS listener to be shutdown.

tags | advisory
MD5 | 139953228fdc6b809e7be457825c83db
oracle1016-xss.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle Secure Enterprise Search version 10.1.6 suffers from a cross site scripting flaw.

tags | exploit, xss
MD5 | 77c1ee2611b686caf0fa1c71b7e5ec7c
oracle-sqlinj2.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_UPGRADE_INTERNAL.

tags | advisory, sql injection
MD5 | 51bc74ce0b8c40bf62219e2aba7ad9c0
oracle-sqlinj.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_AQADM_SYS.

tags | advisory, sql injection
MD5 | cfe3302cf32f35303852be4d404d2204
oracle-bypass.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

It is possible to bypass the Oracle database logon trigger.

tags | advisory, bypass
MD5 | ba879f41e61c4de0182c8befb8d32e77
nuke-bypass.txt
Posted Apr 19, 2007
Authored by Aleksandar aka sale83

NukeSentinel suffers from a flaw that allows its SQL injection protection to be bypassed thus allowing for SQL injection attacks. Details provided.

tags | exploit, sql injection, bypass
MD5 | dfa2ef4445fc406a4955108d203532e1
iDEFENSE Security Advisory 2007-04-17.2
Posted Apr 19, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.17.07 - Remote exploitation of a denial of service (DoS) vulnerability in McAfee Inc.'s E-Business Server could allow an attacker to crash the administration server. Prior to authentication, an attacker can crash the server by sending a malformed authentication packet. The server will read in a length from the packet header, and then attempt to read that many bytes from the buffer. By specifying a large length value and sending a small packet, the server can be caused to read off the end of mapped heap memory. This will trigger an exception that is not handled, and the server will exit. iDefense has confirmed the existence of this vulnerability in McAfee E-Business Server version 8.5.1.101 for Windows. Previous versions may also be affected.

tags | advisory, remote, denial of service
systems | windows
MD5 | cba7c6f6d0ff05eb5392429c569cd019
iDEFENSE Security Advisory 2007-04-17.1
Posted Apr 19, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.17.07 - Remote exploitation of a buffer overflow vulnerability in McAfee's VirusScan Antivirus application allows attackers to disable the On-Access scanner or potentially execute arbitrary code with SYSTEM privileges. The McAfee On-Access scanner component contains a common software flaw that leads to heap corruption when dealing with overly long file names that contain multi-byte characters. This flaw only manifests itself when the target system has East Asia language files installed and the default Unicode codepage is set to a language which contains multi-byte characters such as Chinese. iDefense has confirmed this vulnerability in McAfee VirusScan 8.0 Enterprise. Previous versions are suspected vulnerable as well.

tags | advisory, remote, overflow, arbitrary
MD5 | 3d715bcec5a7afe04fbae672439ff82c
n.runs-SA-2007.007.txt
Posted Apr 19, 2007
Authored by Frank Dick | Site nruns.com

A remote exploitable format string vulnerability has been identified in the in the Sun Java Web Console. According to the Sun Security Coordination Team, Solaris 10 Operating System, Sun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console 2.2.4 and Sun Java Web Console 2.2.5 are affected.

tags | advisory, java, remote, web
systems | solaris
advisories | CVE-2007-1681
MD5 | f683ae2fcf22380124bf98ce1d61b2a3
shoutpro-pwn.txt
Posted Apr 19, 2007
Authored by Gammarays

ShoutPro version 1.5.2 arbitrary code execution exploit that makes use of a failure to properly sanitize user input.

tags | exploit, arbitrary, code execution
MD5 | ca2c517c10c8fd409cf799a13d079f52
Page 1 of 3
Back123Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close