what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 67 RSS Feed

Files Date: 2007-06-07

Gentoo Linux Security Advisory 200706-3
Posted Jun 7, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-2027
SHA-256 | 8d7e63c6ab6f0de085de5c4192022d277d750df211de20f98ce2f25dfddd2f7e
Gentoo Linux Security Advisory 200706-2
Posted Jun 7, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1002
SHA-256 | 71360f7d5a83f20506cb31ba8e95914f7f36eb539553e2c72ca0778680ff566f
denyfailblock-inject.txt
Posted Jun 7, 2007
Authored by Daniel B. Cid | Site ossec.net

DenyHosts, Fail2ban, and BlockHosts are vulnerable to remote log injection attacks that can lead to arbitrary injection of IP addresses in /etc/hosts.deny.

tags | advisory, remote, arbitrary
SHA-256 | 8bda772b2de34916e706de270c5be22d04dc763b90b83e944118ee2f55ecc07e
lightblog-xss.txt
Posted Jun 7, 2007
Site serapis.net

Light Blog version 4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0f4ad51426b878029cf3cf08020f11932c9fe929c32258b7b1c0f83bfcbaf735
RFIDIOt-0.1n.tgz
Posted Jun 7, 2007
Authored by Adam Laurie | Site rfidiot.org

RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).

Changes: Quick and dirty release to try and get some feedback on e-passports.
tags | tool, python, wireless
SHA-256 | 4b499055c970530937adabe851561a4416f87e34b7dce2603d9a670081022ec6
iDEFENSE Security Advisory 2007-06-05.1
Posted Jun 7, 2007
Authored by iDefense Labs, Pravus | Site idefense.com

iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.

tags | advisory, remote, denial of service, udp, vulnerability
SHA-256 | b66143fb85b4ecc4a638b1b0c2312cb75c9821753c09e18d841ae956fee69f82
methodology.pdf
Posted Jun 7, 2007
Authored by fl0 fl0w

This whitepaper is a presentation of methods used to penetrate web servers with various examples and some ideas on how to fix the vulnerabilities.

tags | paper, web, vulnerability
SHA-256 | ef69300e90e6306ca50fb24a0a83ab5e9f9ba12ac5c9957dbcffae9e0f7575bc
GdiPlus.pdf
Posted Jun 7, 2007
Authored by Dennis Rand | Site csis.dk

The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.

tags | advisory, denial of service
systems | windows
SHA-256 | 7980b62bbb2093953a906e97875be655482e9335939734e9bd72a508ae4ef66e
Ubuntu Security Notice 469-1
Posted Jun 7, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.

tags | advisory, javascript
systems | linux, ubuntu
advisories | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
SHA-256 | 6a5b07673c9e18ef70ac98fb87c93a90eab38f92f0d5ba20debaed79ea4449ca
cacti-dos.txt
Posted Jun 7, 2007
Authored by Mathieu Dessus

Cacti suffers from a denial of service vulnerability when an authenticated user manipulates some parameters.

tags | advisory, denial of service
SHA-256 | 440e27ea43b2248169ef4a5a77bf56e93b2cb09dfb579ee25aa362b1faf3c7cf
Mandriva Linux Security Advisory 2007.117
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2007-2030
SHA-256 | 8233710d362155b2373263e89415fc48a34feb82e6aa5230f4f058d91e7f3699
rsbac-common-1.3.4.tar.bz2
Posted Jun 7, 2007
Site rsbac.org

Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.

Changes: See changelog.
tags | kernel
systems | linux
SHA-256 | 9b8196a0f22153c7a1013cdf750477fa3763792e4d21045d0f68564dabf789cf
Beltane Web-Based Management For Samhain
Posted Jun 7, 2007
Site la-samhna.de

Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.

Changes: Bug fixes.
tags | tool, web, intrusion detection
systems | unix
SHA-256 | 47efe5d658ac943387fc635d10ed36b5d34a9d35abda43806256b427ca4bdaa1
hptru64-enum.txt
Posted Jun 7, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

HP Tru64 remote secure shell user enumeration exploit.

tags | exploit, remote, shell
advisories | CVE-2007-2791
SHA-256 | 08abc2bc8e46245c8a000cd064c55c818fc2dd3ec65867d82d5156554ce8a7d2
ibmtivoli-preauth.txt
Posted Jun 7, 2007
Authored by Mati Aharoni | Site offensive-security.com

IBM Tivoli Provisioning Manager PRE AUTH remote exploit that binds a shell to TCP port 4444.

tags | exploit, remote, shell, tcp
SHA-256 | 274b58c71804e51a1b53bb25dfe6e426f2dad792e863c34a4944ce547967aa3a
provideo-overwrite.txt
Posted Jun 7, 2007
Authored by rgod | Site retrogod.altervista.org

Internet Explorer 6 / provideo Camimage class (ISSCamControl.dll version 1.0.1.5) remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | 3aab16ecb5367ff36e1d1932841b62652beb912e7e48c1e65e46180075fbf37d
zenturi-overflow.txt
Posted Jun 7, 2007
Authored by shinnai | Site shinnai.altervista.org

Zenturi ProgramChecker ActiveX sasatl.dll remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
SHA-256 | 97a5b5c12e08ca387c7dd60f60fa00fd6d9b6f46289d6bc720ef1ef70cd7ef63
screen-unlock.txt
Posted Jun 7, 2007
Authored by Rembrandt

Screen versions 4.0.3 and below suffer from an authentication bypass vulnerability when it is locked.

tags | exploit, bypass
SHA-256 | b967318756ba3a99cd10614a3f1df67c080af7881ed47503fbff5decaf6edf5a
dvdxplayer-overflow.txt
Posted Jun 7, 2007
Authored by n00b

DVD X Player version 4.1 Professional .PLF file buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 78eb0dd0da83d8445be445af9b4b383c5c9621fc8177717c9ea0863ad505a8ae
kas-sql.txt
Posted Jun 7, 2007
Authored by gsy, kerem125

Kartli Alisveris Sistemi version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b187b77e1f0354623d283147f19244b2ffffdb3e270d322c7fbf299268944a99
wp22xmlrpc-sql.txt
Posted Jun 7, 2007
Authored by Slappter

Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php.

tags | exploit, remote, php, sql injection
SHA-256 | 3e6963c3b5b7d011738fd48340c04cfcb6dac32b59ece096d209e950b7e598e8
comicsense02-sql.txt
Posted Jun 7, 2007
Authored by Silentz | Site w4ck1ng.com

Comicsense version 0.2 remote SQL injection exploit that makes use of index.php.

tags | exploit, remote, php, sql injection
SHA-256 | 1000c185bd868962ceeb0527ca535dd206f0f2f937059c498102bac6c17d3390
pblang-exec.txt
Posted Jun 7, 2007
Authored by Silentz | Site w4ck1ng.com

PBLang versions 4.67.16.a and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | ddea26ba775c98a928c93d671becbd34a279d12fb8fa4f8c9f3bf1cdda74fe0a
Mandriva Linux Security Advisory 2007.116
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-2445
SHA-256 | 017e9fa350056fb86d18ca033b7d565a504ce7aadef5c8c7be4eb2fa8f4139dc
Mandriva Linux Security Advisory 2007.114
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2026, CVE-2007-2799
SHA-256 | cae4022bb7ea6910fc77cadf0b9d709a67740bfc9477488f415d84f5f6312cdd
Page 1 of 3
Back123Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close