Twenty Year Anniversary
Showing 1 - 25 of 67 RSS Feed

Files Date: 2007-06-07

Gentoo Linux Security Advisory 200706-3
Posted Jun 7, 2007
Authored by Gentoo | Site

Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-2027
MD5 | 982cbc5aee208bcdc1b4c154b09bfa41
Gentoo Linux Security Advisory 200706-2
Posted Jun 7, 2007
Authored by Gentoo | Site

Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1002
MD5 | df86243b07fc06482e28abe7acfdf474
Posted Jun 7, 2007
Authored by Daniel B. Cid | Site

DenyHosts, Fail2ban, and BlockHosts are vulnerable to remote log injection attacks that can lead to arbitrary injection of IP addresses in /etc/hosts.deny.

tags | advisory, remote, arbitrary
MD5 | ec319e1024aecc80b1939fa1373da75f
Posted Jun 7, 2007

Light Blog version 4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dde70fca1294a4fa82205820b21d284e
Posted Jun 7, 2007
Authored by Adam Laurie | Site

RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).

Changes: Quick and dirty release to try and get some feedback on e-passports.
tags | tool, python, wireless
MD5 | a162ef8a44b123aeb2198de141183c7b
iDEFENSE Security Advisory 2007-06-05.1
Posted Jun 7, 2007
Authored by iDefense Labs, Pravus | Site

iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.

tags | advisory, remote, denial of service, udp, vulnerability
MD5 | 53a57d6339bb6433560202f42206587e
Posted Jun 7, 2007
Authored by fl0 fl0w

This whitepaper is a presentation of methods used to penetrate web servers with various examples and some ideas on how to fix the vulnerabilities.

tags | paper, web, vulnerability
MD5 | e2a7cdc78bd994347933511493ae6d34
Posted Jun 7, 2007
Authored by Dennis Rand | Site

The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.

tags | advisory, denial of service
systems | windows, xp
MD5 | 1e1a69cf8e1d200e9b8cae5681f23af8
Ubuntu Security Notice 469-1
Posted Jun 7, 2007
Authored by Ubuntu | Site

Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.

tags | advisory, javascript
systems | linux, ubuntu
advisories | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
MD5 | d97fb26233a62fc426b6e154e5488c4c
Posted Jun 7, 2007
Authored by Mathieu Dessus

Cacti suffers from a denial of service vulnerability when an authenticated user manipulates some parameters.

tags | advisory, denial of service
MD5 | 047b66c615530bd2f0e796931840a072
Mandriva Linux Security Advisory 2007.117
Posted Jun 7, 2007
Authored by Mandriva | Site

Mandriva Linux Security Advisory - lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2007-2030
MD5 | 5b301778c715d84384ed44f8ff4f76a7
Posted Jun 7, 2007

Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.

Changes: See changelog.
tags | kernel
systems | linux
MD5 | d87034b927b71203437cbdcb776a9df9
Beltane Web-Based Management For Samhain
Posted Jun 7, 2007

Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.

Changes: Bug fixes.
tags | tool, web, intrusion detection
systems | unix
MD5 | 44bbc7af1ffb0417b6dc2d6d5d07ee9f
Posted Jun 7, 2007
Authored by Andrea Purificato | Site

HP Tru64 remote secure shell user enumeration exploit.

tags | exploit, remote, shell
advisories | CVE-2007-2791
MD5 | dd2046211f86fcdfa49d58d86f3ec235
Posted Jun 7, 2007
Authored by Mati Aharoni | Site

IBM Tivoli Provisioning Manager PRE AUTH remote exploit that binds a shell to TCP port 4444.

tags | exploit, remote, shell, tcp
MD5 | c8e5c8e1f36544a4b2b732e9e7f2fdc6
Posted Jun 7, 2007
Authored by rgod | Site

Internet Explorer 6 / provideo Camimage class (ISSCamControl.dll version remote buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | 265b2d3b8c2d2d0e1224ed838df77ba1
Posted Jun 7, 2007
Authored by shinnai | Site

Zenturi ProgramChecker ActiveX sasatl.dll remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
MD5 | 3e8f7b7deb2487a2b4d17700b3a2ae60
Posted Jun 7, 2007
Authored by Rembrandt

Screen versions 4.0.3 and below suffer from an authentication bypass vulnerability when it is locked.

tags | exploit, bypass
MD5 | eeda083511574864504159edd54c6767
Posted Jun 7, 2007
Authored by n00b

DVD X Player version 4.1 Professional .PLF file buffer overflow exploit.

tags | exploit, overflow
MD5 | 9a5dc7b38bfb8d79c385eb9c8679a646
Posted Jun 7, 2007
Authored by gsy, kerem125

Kartli Alisveris Sistemi version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2ca9a814d95f771059b0f09ae1096603
Posted Jun 7, 2007
Authored by Slappter

Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php.

tags | exploit, remote, php, sql injection
MD5 | b565c79a93a9a4d8500305ecc31c0c04
Posted Jun 7, 2007
Authored by Silentz | Site

Comicsense version 0.2 remote SQL injection exploit that makes use of index.php.

tags | exploit, remote, php, sql injection
MD5 | 24f79e506185df3a94dfb9c6d924e859
Posted Jun 7, 2007
Authored by Silentz | Site

PBLang versions 4.67.16.a and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | d787604541a9a43116162bda7c2058c3
Mandriva Linux Security Advisory 2007.116
Posted Jun 7, 2007
Authored by Mandriva | Site

Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-2445
MD5 | 6ce6e06e41a0642ff41b2db091ad2d4a
Mandriva Linux Security Advisory 2007.114
Posted Jun 7, 2007
Authored by Mandriva | Site

Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2026, CVE-2007-2799
MD5 | 263caaec3eab0679a08a0df193a1ffc7
Page 1 of 3

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    5 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By