what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2007-05-23

Ubuntu Security Notice 463-1
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-2438
SHA-256 | 3fb2cb00293b9433bb7a314ad1133ece46c6ffedfee76a4d5aa89f878f586f2a
Mandriva Linux Security Advisory 2007.108
Posted May 23, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2356
SHA-256 | c32d185de2531fd55fb4bb35f45a43423744d5fefac8aee1b0ed53a5b35d92e6
Ubuntu Security Notice 462-1
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.

tags | advisory, remote, web, overflow, arbitrary, local, php
systems | linux, ubuntu
advisories | CVE-2007-2519, CVE-2007-2511, CVE-2007-2510, CVE-2007-2509
SHA-256 | 4270f8e9ae4654fadf832c0bd519c5b09117a7ca233ee391480dd1eaf3de91aa
phpPgAdmin-xss.txt
Posted May 23, 2007
Authored by Michal Majchrowicz

phpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
Ubuntu Security Notice 460-2
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-2444
SHA-256 | ca0598a357569fce6ff669d7a3d77867c42650072d28dcc5457252e477124a60
gmttmusic-xss.txt
Posted May 23, 2007
Authored by CorryL

GMTT Music Distro version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1a0899d47b570e020d1cb2e46605734664563b5be76559eac2a7d188516cc3fc
HP Security Bulletin 2007-13.37
Posted May 23, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | hpux
advisories | CVE-2007-1261
SHA-256 | 27057cb2fd99d8068558967fbe04a29bf3a5da8e7670c9421cc5131fc4465279
sriweb-xss.txt
Posted May 23, 2007
Authored by fl0 fl0w | Site popesculescu.lx.ro

The SRI (Romanian Secret Service) web site suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | e06346ba4ed87594a59beb8b723f5609c1fc58ce693c886b0ebcfddcfea8348f
clonuswiki-xss.txt
Posted May 23, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

ClonusWiki version 0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 289d9544c7f43f9c4c6fa455f0685062750af0d98e316537030a2a0c7b60ad38
seccheck-0.7.5.tar.gz
Posted May 23, 2007
Authored by Zazzy Bob | Site zazzybob.com

Seccheck is a feature rich, modular, host-level security checker for Solaris 10. Easily expandable with customised modules, Seccheck produces highly detailed reports based around known and published security best-practices and guidelines. It also produces recommendations on how to fix flagged security issues.

systems | unix, solaris
SHA-256 | 9d9784d9c3be953f976d0f5821ed15d163b127f5a474f9fcc3200fe1df98c103
firehol-1.256.tar.bz2
Posted May 23, 2007
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: See changelog.
tags | tool, spoof, firewall
systems | linux
SHA-256 | 2c6e709073a7cdb9c73863b3f5bdc77d7cf526162cb4ffd1a1e89e56a7b4fb49
Cisco Security Advisory 20070522-SSL
Posted May 23, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

tags | advisory, vulnerability, protocol
systems | cisco
SHA-256 | a0746637f5138fab1d05f36d2739eaa287d102dd2b3c9adec47d675395dde8d1
Cisco Security Advisory 20070522-crypto
Posted May 23, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2006-3894
SHA-256 | 6e95cac97dd31c0672d924b0560b7cefdfee1c459633660ce49287159ace5b7f
isa-2006-013.txt
Posted May 23, 2007
Authored by Jesus Olmos Gonzalez

Microsoft IIS5 suffers from NTLM and basic authentication bypass vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 62deb75d4279d8e14703bd0f0c22f77345ca3d79b23d558d052acdb9ec13c878
sniffjoke-0.2.tar.gz
Posted May 23, 2007
Authored by s0ftpj, vecna | Site s0ftpj.org

SniffJoke implements sniffer/IDS evasion techniques. SniffJoke runs on a network connected box by selectively applying evasion techniques to sessions involving it. Evasion application is governed by user rules and implemented with a netfilter/ulogd module.

SHA-256 | fa26b5c1f7404da6b5ac31e14a7fe20607c48b583e5075bb8539ff76fdf04493
boastmachine-session.txt
Posted May 23, 2007
Authored by Vagrant | Site e-hack.org

BoastMachine version 3.0 Platinum suffers from a session hacking vulnerability.

tags | exploit
SHA-256 | b9939faf019e51e377ba9bd0a15a4a5d3e290a41e5be8ae123e3b113ca794505
jetboxcms21-xss.txt
Posted May 23, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

Jetbox CMS is susceptible to a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2007-2686
SHA-256 | 6ac317ad7caee78d4ad3a8792a585c3248aa1aa76ceadc5f4d61776064d276ea
ksign-overflow.txt
Posted May 23, 2007
Authored by KIM Kee-hong

KSign KSignSWAT versions 2.0.3.3 and below ActiveX control remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
SHA-256 | 0ee06f032736271c342e2c2a674df363a34ac8993d352428245e5eff1373bd54
btitracker-sql.txt
Posted May 23, 2007
Authored by m@ge|ozz

BtiTracker versions 1.4.1 and below remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 25d51ef96105b0b9824aabaef062ce8ee191cb87ffc869d45031c70c82767175
leadtoolsisis-dos.txt
Posted May 23, 2007
Authored by shinnai | Site shinnai.altervista.org

LeadTools ISIS Control ltisi4E.ocx version 14.5.0.44 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 398581861fbeff645070f4e5e70df84705cc34d9eabfa876d19b8c4a80cfc0e3
cubecart-sql.txt
Posted May 23, 2007
Authored by John Martinelli from ISRD.com | Site redlevel.org

CubeCart version 3.0.16 suffers from a SQL injection vulnerability.

tags | advisory, sql injection
SHA-256 | b67323882e8c104f606a9d286fda07f3a0630e85ae7c8a3881213f91648023f5
Debian Linux Security Advisory 1281-2
Posted May 23, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1281-2 - On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny).

tags | advisory, vulnerability, virus
systems | linux, debian
advisories | CVE-2007-2029
SHA-256 | 9393c77b1dcc3fe237206a87cf6b51dda9f2e8d6082900ff12269b91061ea3e4
nod32-overflow.txt
Posted May 23, 2007
Authored by Ismael Briones | Site inkatel.com

NOD32 Antivirus is susceptible to two stack overflows. Version 2.7 is affected.

tags | advisory, overflow
SHA-256 | dbb0aeff340395bc32d18c9354742594778d84825a8fabe58ba2fe7a979a814a
abcexcel-rfi.txt
Posted May 23, 2007
Authored by the_Edit0r | Site xmors-security.com

ABC Excel Parser Pro version 4.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 5d04cb3372e62e1de166becffa3be149bb55a3cbe0e812a7bb4009a56f03c0ad
saxon-rfi.txt
Posted May 23, 2007
Authored by the_Edit0r | Site xmors-security.com

SAXON, or Simple Accessible XHTML Online News version 4.6 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | e62d2baf60cef60affec670faeff47d10eb5e00cd57c4143d06b0d1c344e112b
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close