Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

Files Date: 2007-05-22

Ubuntu Security Notice 459-2
Posted May 22, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 459-2 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
MD5 | 5a5561e11d3d5e9f5e0cb037942152a6
Debian Linux Security Advisory 1291-3
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1291-3 - The security update for CVE-2007-2444 introduced a regression in the handling of the "force group" share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression.

tags | advisory, local
systems | linux, unix, debian
advisories | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447
MD5 | 1ff6e301b3553e7c9b79d510fead0938
Debian Linux Security Advisory 1296-1
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.

tags | advisory, arbitrary, php
systems | linux, debian
advisories | CVE-2007-2509
MD5 | 6faea7ecb565932576eade47cf49581d
jetbox-sql.txt
Posted May 22, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

Jetbox CMS version 2.1 suffers from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-2685
MD5 | 8a1b8113f287aa8c316b8286af64f1d3
ti89_gaara.asm.txt
Posted May 22, 2007
Authored by Piotr Bania | Site piotrbania.com

Gaara is world's first resident entry-point-obscuring virus for ti89 Titanium calculators. Written fully in Motorola 68K assembly. For educational purposes only.

tags | virus
MD5 | 107cc4ce090ac29830113f6be8fc6f4a
iptrack-sql.txt
Posted May 22, 2007

The IP-Tracking Mod for PHPBB 2.0.x suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 2fbcf5e6707cd368c49ced840348ada2
Gentoo Linux Security Advisory 200705-18
Posted May 22, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-18 - James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Versions less than 1.3.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-0244
MD5 | 0bb00711429a7d6db4d09bc39f6be8e0
Mandriva Linux Security Advisory 2007.107
Posted May 22, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-1558
MD5 | acb80c6bbe7ca3a3bb483aa81ec8bdbe
Mandriva Linux Security Advisory 2007.106
Posted May 22, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.

tags | advisory, arbitrary, javascript, xss
systems | linux, mandriva
advisories | CVE-2007-1262, CVE-2007-2589
MD5 | f57964ac9c10eaa501973270fec9ce02
hlstarts-xss2.txt
Posted May 22, 2007
Authored by John Martinelli | Site redlevel.org

HLstats version 1.35 suffers from a cross site scripting vulnerability. Second version.

tags | exploit, xss
MD5 | 7defb49f5dfe8952c9d4bba3c4867658
hlstats-xss.txt
Posted May 22, 2007
Authored by John Martinelli | Site redlevel.org

HLstats version 1.35 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8f004e91cba7d2be839fc40f11978f5e
CVE-2007-1355.txt
Posted May 22, 2007
Authored by Mark Thomas

The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities. Versions affected include Tomcat 4.0.0 to 4.0.6, Tomcat 4.1.0 to 4.1.36, Tomcat 5.0.0 to 5.0.30, Tomcat 5.5.0 to 5.5.23, and Tomcat 6.0.0 to 6.0.10.

tags | exploit, web, vulnerability, xss
advisories | CVE-2007-1355
MD5 | 70a1d941130707c09a2c11a78f294760
Debian Linux Security Advisory 1295-1
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-2509, CVE-2007-2510
MD5 | 8571f744590f17fca69a2b36a006a226
firehol-1.255.tar.bz2
Posted May 22, 2007
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: See changelog.
tags | tool, spoof, firewall
systems | linux
MD5 | 80dfda807bcffadb49f5363a07369b42
honeytrap-0.7.0.tar.gz
Posted May 22, 2007
Authored by Tillmann Werner | Site honeytrap.sourceforge.net

Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.

Changes: Plugins can be prioritized. x86 CPU emulation module for generic shellcode analysis. Various other additions and improvements.
tags | tcp, system logging
systems | unix
MD5 | d2e765e15a4959d0155ba9b83f2fef7a
leadtools-overwrite.txt
Posted May 22, 2007
Authored by shinnai | Site shinnai.altervista.org

LeadTools Raster variant remote file overwrite exploit.

tags | exploit, remote
MD5 | 7d4307eed8676b85266ee2530af02a26
olbookmarks-sql.txt
Posted May 22, 2007
Authored by Cyber-Security | Site cyber-security.org

Ol Bookmarks Manager version 0.7.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0de24585c9991b2233ed8f4b8adfb747
tutorialcms-bypass.txt
Posted May 22, 2007
Authored by Silentz | Site w4ck1ng.com

TutorialCMS versions 1.01 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 31a5727f74bb9c1669335899d4ec300d
olbookmarks-rfi.txt
Posted May 22, 2007
Authored by ThE TiGeR

Ol Bookmarks Manager version 0.7.4 suffers from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 53a3195924b6ac5b5212326eab014d70
wp213-ajax.txt
Posted May 22, 2007
Authored by Janek Vind aka waraxe | Site waraxe.us

Wordpress version 2.1.3 suffers from a blind SQL injection vulnerability in admin-ajax.php.

tags | exploit, php, sql injection
MD5 | 47caf61b09da8f59d36df1644408eec8
iis-dos.txt
Posted May 22, 2007
Authored by Kingcope

Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 9ef1fdbcdc6d76769481a583c7b474e9
csrf-surf.txt
Posted May 22, 2007
Authored by Nexus | Site playhack.net

Whitepaper titled Cross Site Request Forgery: The Sea Surf.

tags | paper, web, csrf
MD5 | 99a0c9a3aca3b0802f0430557cef7dfa
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    64 Files
  • 24
    May 24th
    55 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close