Exploit the possiblities
Showing 1 - 25 of 67 RSS Feed

Files Date: 2007-06-07

Gentoo Linux Security Advisory 200706-3
Posted Jun 7, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-2027
MD5 | 982cbc5aee208bcdc1b4c154b09bfa41
Gentoo Linux Security Advisory 200706-2
Posted Jun 7, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1002
MD5 | df86243b07fc06482e28abe7acfdf474
denyfailblock-inject.txt
Posted Jun 7, 2007
Authored by Daniel B. Cid | Site ossec.net

DenyHosts, Fail2ban, and BlockHosts are vulnerable to remote log injection attacks that can lead to arbitrary injection of IP addresses in /etc/hosts.deny.

tags | advisory, remote, arbitrary
MD5 | ec319e1024aecc80b1939fa1373da75f
lightblog-xss.txt
Posted Jun 7, 2007
Site serapis.net

Light Blog version 4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dde70fca1294a4fa82205820b21d284e
RFIDIOt-0.1n.tgz
Posted Jun 7, 2007
Authored by Adam Laurie | Site rfidiot.org

RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).

Changes: Quick and dirty release to try and get some feedback on e-passports.
tags | tool, python, wireless
MD5 | a162ef8a44b123aeb2198de141183c7b
iDEFENSE Security Advisory 2007-06-05.1
Posted Jun 7, 2007
Authored by iDefense Labs, Pravus | Site idefense.com

iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.

tags | advisory, remote, denial of service, udp, vulnerability
MD5 | 53a57d6339bb6433560202f42206587e
methodology.pdf
Posted Jun 7, 2007
Authored by fl0 fl0w

This whitepaper is a presentation of methods used to penetrate web servers with various examples and some ideas on how to fix the vulnerabilities.

tags | paper, web, vulnerability
MD5 | e2a7cdc78bd994347933511493ae6d34
GdiPlus.pdf
Posted Jun 7, 2007
Authored by Dennis Rand | Site csis.dk

The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.

tags | advisory, denial of service
systems | windows, xp
MD5 | 1e1a69cf8e1d200e9b8cae5681f23af8
Ubuntu Security Notice 469-1
Posted Jun 7, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.

tags | advisory, javascript
systems | linux, ubuntu
advisories | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
MD5 | d97fb26233a62fc426b6e154e5488c4c
cacti-dos.txt
Posted Jun 7, 2007
Authored by Mathieu Dessus

Cacti suffers from a denial of service vulnerability when an authenticated user manipulates some parameters.

tags | advisory, denial of service
MD5 | 047b66c615530bd2f0e796931840a072
Mandriva Linux Security Advisory 2007.117
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2007-2030
MD5 | 5b301778c715d84384ed44f8ff4f76a7
rsbac-common-1.3.4.tar.bz2
Posted Jun 7, 2007
Site rsbac.org

Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.

Changes: See changelog.
tags | kernel
systems | linux
MD5 | d87034b927b71203437cbdcb776a9df9
Beltane Web-Based Management For Samhain
Posted Jun 7, 2007
Site la-samhna.de

Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.

Changes: Bug fixes.
tags | tool, web, intrusion detection
systems | unix
MD5 | 44bbc7af1ffb0417b6dc2d6d5d07ee9f
hptru64-enum.txt
Posted Jun 7, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

HP Tru64 remote secure shell user enumeration exploit.

tags | exploit, remote, shell
advisories | CVE-2007-2791
MD5 | dd2046211f86fcdfa49d58d86f3ec235
ibmtivoli-preauth.txt
Posted Jun 7, 2007
Authored by Mati Aharoni | Site offensive-security.com

IBM Tivoli Provisioning Manager PRE AUTH remote exploit that binds a shell to TCP port 4444.

tags | exploit, remote, shell, tcp
MD5 | c8e5c8e1f36544a4b2b732e9e7f2fdc6
provideo-overwrite.txt
Posted Jun 7, 2007
Authored by rgod | Site retrogod.altervista.org

Internet Explorer 6 / provideo Camimage class (ISSCamControl.dll version 1.0.1.5) remote buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | 265b2d3b8c2d2d0e1224ed838df77ba1
zenturi-overflow.txt
Posted Jun 7, 2007
Authored by shinnai | Site shinnai.altervista.org

Zenturi ProgramChecker ActiveX sasatl.dll remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
MD5 | 3e8f7b7deb2487a2b4d17700b3a2ae60
screen-unlock.txt
Posted Jun 7, 2007
Authored by Rembrandt

Screen versions 4.0.3 and below suffer from an authentication bypass vulnerability when it is locked.

tags | exploit, bypass
MD5 | eeda083511574864504159edd54c6767
dvdxplayer-overflow.txt
Posted Jun 7, 2007
Authored by n00b

DVD X Player version 4.1 Professional .PLF file buffer overflow exploit.

tags | exploit, overflow
MD5 | 9a5dc7b38bfb8d79c385eb9c8679a646
kas-sql.txt
Posted Jun 7, 2007
Authored by gsy, kerem125

Kartli Alisveris Sistemi version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2ca9a814d95f771059b0f09ae1096603
wp22xmlrpc-sql.txt
Posted Jun 7, 2007
Authored by Slappter

Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php.

tags | exploit, remote, php, sql injection
MD5 | b565c79a93a9a4d8500305ecc31c0c04
comicsense02-sql.txt
Posted Jun 7, 2007
Authored by Silentz | Site w4ck1ng.com

Comicsense version 0.2 remote SQL injection exploit that makes use of index.php.

tags | exploit, remote, php, sql injection
MD5 | 24f79e506185df3a94dfb9c6d924e859
pblang-exec.txt
Posted Jun 7, 2007
Authored by Silentz | Site w4ck1ng.com

PBLang versions 4.67.16.a and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | d787604541a9a43116162bda7c2058c3
Mandriva Linux Security Advisory 2007.116
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-2445
MD5 | 6ce6e06e41a0642ff41b2db091ad2d4a
Mandriva Linux Security Advisory 2007.114
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2026, CVE-2007-2799
MD5 | 263caaec3eab0679a08a0df193a1ffc7
Page 1 of 3
Back123Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close