the original cloud security
Showing 1 - 25 of 36 RSS Feed

Files Date: 2007-06-11

NDSA20070524.txt
Posted Jun 11, 2007
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20070524) - The JFFNMS application has high risk issues with its authentication mechanism. These can lead to SQL injection allowing authentication bypass and Javascript injection. There is also a potential backdoor although this is unlikely to be exploitable. The JFFNMS application has default PHP scripts which can lead to information disclosure as an unauthenticated user.

tags | advisory, php, javascript, sql injection, info disclosure
MD5 | 8ba0bfa90bad93ca9fdbd752844bbe86
Debian Linux Security Advisory 1302-1
Posted Jun 11, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-2754
MD5 | 5907cad571cca0c3ac6d607a3b51841a
Debian Linux Security Advisory 1303-1
Posted Jun 11, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1303-1 - Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-1870, CVE-2007-1869
MD5 | 53b93cc320f665f7b4307e46d491a35a
lrcf-inject.txt
Posted Jun 11, 2007
Authored by CorryL

Link Request Contact Form version 3.4 suffers from a remote code injection vulnerability. Full exploit provided.

tags | exploit, remote
MD5 | 109fdc0217d88005d5c86a79e1255b47
shop-xss.txt
Posted Jun 11, 2007
Authored by suckure

www.shopathometv.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 478b6f904a2a22a42dd378b10d16b14f
Debian Linux Security Advisory 1301-1
Posted Jun 11, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1301-1 - A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-2356
MD5 | ebc4ab67fa5872eea14ee1c03518dc1e
mybloggie-rfi.txt
Posted Jun 11, 2007
Authored by Yaser | Site ayyildiz.org

myBloggie version 2.1.5 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | bf8b1e608842a7fb009c4234df746553
vsupportits-sql.txt
Posted Jun 11, 2007
Authored by rUnViRuS | Site sec-area.com

vSupport Integrated Ticket System version 3.x suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 7c1c602e4261cd531100dca659708a99
uidbind-lsm-0.4.tar.gz
Posted Jun 11, 2007
Authored by Roberto De Ioris

UidBind is a simple LSM module that restricts calls to the bind() function to the UID/GID defined in a configfs tree.

systems | linux
MD5 | 3ae33ce83ffb6cef9cc02a5a37521013
plash_1.18.orig.tar.gz
Posted Jun 11, 2007
Authored by Mark Seaborn | Site plash.beasts.org

Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.

Changes: Various updates and fixes.
tags | tool, kernel
systems | linux, unix
MD5 | eaaade57552c35f72471ecab9c6e7bd1
spybye-0.3.tar.gz
Posted Jun 11, 2007
Authored by Neils Provos | Site spybye.org

SpyBye is a tool to help web masters determine if their web pages are hosting browser exploits that can infect visiting users with malware. It functions as an HTTP proxy server and intercepts all browser requests. A few simple rules are used to determine if embedded links on your web page are harmless, unknown, or maybe even dangerous.

tags | web
MD5 | 1cc6b8c5ef244e38fd05d02b02f55d5d
nuface-1.2.3.tar.gz
Posted Jun 11, 2007
Authored by Vincent Deffontaines | Site inl.fr

Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.

Changes: Backported the functional test infrastructure from trunk. Fixed some bugs in Makefile. Fixed a bug in netfilter mark management when layer7 filter and authenticated firewall are both enabled.
tags | tool, web, firewall, protocol
systems | unix
MD5 | d4d2a9a8e63027a19b5c0402bec8509f
bluediving-0.8.tgz
Posted Jun 11, 2007
Authored by Bastian Ballmann | Site sourceforge.net

Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.

Changes: Get device class and type. Automatically launch carwhisperer on headsets and carkits. Various other improvements.
tags | tool, spoof, rootkit
systems | unix
MD5 | 3e5de6ffd1e7b43bc7dc20767527f40e
Ubuntu Security Notice 470-1
Posted Jun 11, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 470-1 - Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2007-1353, CVE-2007-2451, CVE-2007-2453
MD5 | aa14eca65f912b2d5e65561a17a896a3
Mandriva Linux Security Advisory 2007.118
Posted Jun 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2645
MD5 | 9946e9eb91dac34f27fc702ecae84120
EEYE-Yahoo.txt
Posted Jun 11, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.

tags | advisory, vulnerability
MD5 | 8e62e5ea987627c89d6cf20460ac4e00
iDEFENSE Security Advisory 2007-06-07.1
Posted Jun 11, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.07.07 - Local exploitation of an information disclosure vulnerability within the Linux Kernel allows attackers to obtain sensitive information from kernel memory. This vulnerability specifically exists in the "cpuset_tasks_read" function. This function is responsible for supplying user-land processes with data when they read from the /dev/cpuset/tasks file. iDefense has confirmed the existence of this vulnerability in version 2.6.20 of the Linux Kernel as installed with Fedora CORE 6. It is suspected that previous versions, at least until 2.6.12, are also vulnerable.

tags | advisory, kernel, local, info disclosure
systems | linux, fedora
advisories | CVE-2007-2875
MD5 | a7fd3925366c58795f3b1f852d06c23d
packeteer-dos.txt
Posted Jun 11, 2007
Authored by nnposter

Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected.

tags | advisory, web, denial of service
MD5 | d959912d66f443d12c70425d94c41972
zenturi-navig.txt
Posted Jun 11, 2007
Authored by shinnai | Site shinnai.altervista.org

Zenturi ProgramChecker ActiveX NavigateUrl() insecure method exploit.

tags | exploit, activex
MD5 | a658f621f40ff4a0a5dfb55e87eca499
zenturi-activex.txt
Posted Jun 11, 2007
Authored by shinnai | Site shinnai.altervista.org

Zenturi ProgramChecker ActiveX multiple insecure methods exploit.

tags | exploit, activex
MD5 | 9530728179fc54cd80a068f4e1b985b0
mswin-anim.txt
Posted Jun 11, 2007
Authored by Ramon de C Valle | Site risesecurity.org

Microsoft Windows animated cursor stack overflow exploit with reverse shellcode.

tags | exploit, overflow, shellcode
systems | windows
MD5 | 6052eb221c6b2c346813e542f18279ae
movieplay-overflow.txt
Posted Jun 11, 2007
Authored by n00b

MoviePlay version 4.76 .lst file local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | d8719ed5ec4321f73d0593bcf17dc3f1
geometrix-sql.txt
Posted Jun 11, 2007
Authored by CyberGhost | Site aspspider.org

GeometriX Download Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8fec2e471e41fff9bd204ac768f59639
prec-rfi.txt
Posted Jun 11, 2007
Authored by not sec group | Site notsec.com

PHP Real Estate Classifieds remote file inclusion exploit.

tags | exploit, remote, php, code execution, file inclusion
MD5 | effb3408879ceb323a75835846843b95
evisioncms-exec.txt
Posted Jun 11, 2007
Authored by Silentz | Site w4ck1ng.com

e-Vision CMS versions 2.02 and below SQL injection and remote code execution exploit.

tags | exploit, remote, code execution, sql injection
MD5 | 359a104b798ea4575dd388ba624b4410
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close