what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2007-05-22

Ubuntu Security Notice 459-2
Posted May 22, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 459-2 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | fdbde42f7a87ed00c9a7162d6d99db3cda5ce0ecf4f4196540d9321c0c624dcf
Debian Linux Security Advisory 1291-3
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1291-3 - The security update for CVE-2007-2444 introduced a regression in the handling of the "force group" share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression.

tags | advisory, local
systems | linux, unix, debian
advisories | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447
SHA-256 | 50bf3c3fe92af9a400e90d59ec1d9b9b6598883bf6761140638087496f609883
Debian Linux Security Advisory 1296-1
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.

tags | advisory, arbitrary, php
systems | linux, debian
advisories | CVE-2007-2509
SHA-256 | d3c6df087bbead582c60dfc8e0548646c6d296403aeda1230fa3321797dc4092
jetbox-sql.txt
Posted May 22, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

Jetbox CMS version 2.1 suffers from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-2685
SHA-256 | 6c4c41af2c2a3c2ae8e9c89231ec9061ae4911180c1675834198dea0735e9b0d
ti89_gaara.asm.txt
Posted May 22, 2007
Authored by Piotr Bania | Site piotrbania.com

Gaara is world's first resident entry-point-obscuring virus for ti89 Titanium calculators. Written fully in Motorola 68K assembly. For educational purposes only.

tags | virus
SHA-256 | aa998ae04814d1ea2b39e6c48d02662c8a362c312cc066a3221330cfb51f3e3f
iptrack-sql.txt
Posted May 22, 2007

The IP-Tracking Mod for PHPBB 2.0.x suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | f15e991cf6d4cae0d5e4c9fe277c8032e88a0defd5befd581c2eaa8c84748b17
Gentoo Linux Security Advisory 200705-18
Posted May 22, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-18 - James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Versions less than 1.3.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-0244
SHA-256 | 2ed93083217e3d94c48bccba67423b048b1320a63c9136ea4c3832fd36d88879
Mandriva Linux Security Advisory 2007.107
Posted May 22, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-1558
SHA-256 | 88a8d83ba018f4e2a3d230e9063e4af99d477841cd6d098e3d92212910df8dcd
Mandriva Linux Security Advisory 2007.106
Posted May 22, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.

tags | advisory, arbitrary, javascript, xss
systems | linux, mandriva
advisories | CVE-2007-1262, CVE-2007-2589
SHA-256 | f2c75350c3a0b0e1036e3a6b8df93ac53a3624a18b3fe31ea42d6b949b44dbc3
hlstarts-xss2.txt
Posted May 22, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

HLstats version 1.35 suffers from a cross site scripting vulnerability. Second version.

tags | exploit, xss
SHA-256 | 2e33e129c421a01bd2c831dae1c20c685eedcbb77a71062a204fa1d74e4be9e7
hlstats-xss.txt
Posted May 22, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

HLstats version 1.35 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f003331dc20cb468a0a744d3e6e8f268171785452b05ea1c7583b53cd7b2a256
CVE-2007-1355.txt
Posted May 22, 2007
Authored by Mark Thomas

The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities. Versions affected include Tomcat 4.0.0 to 4.0.6, Tomcat 4.1.0 to 4.1.36, Tomcat 5.0.0 to 5.0.30, Tomcat 5.5.0 to 5.5.23, and Tomcat 6.0.0 to 6.0.10.

tags | exploit, web, vulnerability, xss
advisories | CVE-2007-1355
SHA-256 | 968c88845b898089e8b8029963655b7859cb75e7641ac130b217cc79a098793a
Debian Linux Security Advisory 1295-1
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-2509, CVE-2007-2510
SHA-256 | 720391f44dba45c14430fe4f2f1c12503278e087480a630e641c643a5b18c89c
firehol-1.255.tar.bz2
Posted May 22, 2007
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: See changelog.
tags | tool, spoof, firewall
systems | linux
SHA-256 | 9bf6cfa2765f05571a2301f0e9cef9e1c13cab4281f2ed0396e6cbf0d374b83d
honeytrap-0.7.0.tar.gz
Posted May 22, 2007
Authored by Tillmann Werner | Site honeytrap.sourceforge.net

Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.

Changes: Plugins can be prioritized. x86 CPU emulation module for generic shellcode analysis. Various other additions and improvements.
tags | tcp, system logging
systems | unix
SHA-256 | 30c5a5de71a068c6cd236063b57173bb15fa8e0408ee74e0eb080ccf00a41cdc
leadtools-overwrite.txt
Posted May 22, 2007
Authored by shinnai | Site shinnai.altervista.org

LeadTools Raster variant remote file overwrite exploit.

tags | exploit, remote
SHA-256 | 19ddae12e8d896f3cad71594b0c414bb26ca7413039dac580f3a6d50f71bc328
olbookmarks-sql.txt
Posted May 22, 2007
Authored by Cyber-Security | Site cyber-security.org

Ol Bookmarks Manager version 0.7.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c3c538bab37e275b2bf73188916fa35f71b99a7bc75dd5472e50cde460ca2e63
tutorialcms-bypass.txt
Posted May 22, 2007
Authored by Silentz | Site w4ck1ng.com

TutorialCMS versions 1.01 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | a07951fc5266415f66cf3c33cea26d50d130ac95fb053f6081b110e3670cc2b3
olbookmarks-rfi.txt
Posted May 22, 2007
Authored by ThE TiGeR

Ol Bookmarks Manager version 0.7.4 suffers from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | c2e02bba9562b20fc0f2c4746e45893102054dee2bb9c77292c7f5df0082a2de
wp213-ajax.txt
Posted May 22, 2007
Authored by Janek Vind aka waraxe | Site waraxe.us

Wordpress version 2.1.3 suffers from a blind SQL injection vulnerability in admin-ajax.php.

tags | exploit, php, sql injection
SHA-256 | 10c405189b522f3fdc50b8f1ca2a00587c6d7ee520495bc6b430efd405303e66
iis-dos.txt
Posted May 22, 2007
Authored by Kingcope

Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | befbaf311c1be1ef98f6433ed95ff3daee31ee10c817e56192b648bb3118e662
csrf-surf.txt
Posted May 22, 2007
Authored by Nexus | Site playhack.net

Whitepaper titled Cross Site Request Forgery: The Sea Surf.

tags | paper, web, csrf
SHA-256 | 5f2993a62fbb64d5422e96ba9b08bcc4be5bff77401acc7bef23bc85e71da389
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close