what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2007-06-29

family_jewels_full.pdf
Posted Jun 29, 2007
Site cia.gov

The CIA released this document, called the "Family Jewels", that holds a compilation of internals reports on operations that were not within the agency's charter. The file details assassination plots against Fidel Castro, use of LSD on citizens, and spying on anti-war protesters. These reports cover the 1950s, 1960s and 1970s.

tags | paper
SHA-256 | cb1ab153f967ae68c264b86f354f8917c7cd08d59eb32631494a6e5cb936fd28
advisory-2007-06-29.txt
Posted Jun 29, 2007
Authored by Susam Pal | Site susam.in

Google suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.

tags | advisory, bypass
SHA-256 | 4f025da75376d5304616a5f06e5e0cbc824d41e86de0ab0e7ddad020d50ade61
Debian Linux Security Advisory 1324-1
Posted Jun 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1324-1 - Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter.

tags | advisory, remote, arbitrary, ruby
systems | linux, debian
advisories | CVE-2007-2836
SHA-256 | f17582b8f0d537ca8da6bb3338895c86ea22179b5ead8e9f84ba02c3e6ac005f
Debian Linux Security Advisory 1323-1
Posted Jun 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1323-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
SHA-256 | 59002f1f82964dfb79caa492994de6039dfa2f2cf4ccefbb3b58bbd0d0ec3c72
HP Security Bulletin 2007-14.29
Posted Jun 29, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS).

tags | advisory, remote, web, denial of service, arbitrary, php, vulnerability
systems | unix
advisories | CVE-2006-4625, CVE-2007-0988, CVE-2007-1286, CVE-2007-1380, CVE-2007-1700, CVE-2007-1701, CVE-2007-1710, CVE-2007-1835, CVE-2007-1884, CVE-2007-1885, CVE-2007-1886
SHA-256 | 6861c14a60cdcb3be9fbb86db51d051e29d27ca23a675ae1dc2fed91cb81e34d
secunia-kvirc.txt
Posted Jun 29, 2007
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KVIrc, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "parseIrcUrl()" function in src/kvirc/kernel/kvi_ircurl.cpp not properly sanitizing parts of the URI when building the command for KVIrc's internal script system. KVIrc version 3.2.0 is affected.

tags | advisory, kernel
advisories | CVE-2007-2951
SHA-256 | 187e48b0153904c34ee74cfe316558697a18e2cf35a81db6048183a191cc5df2
secunia-symantecsmtp.txt
Posted Jun 29, 2007
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered boundary errors in the detection of executable packers in libdayzero.dll as loaded by the Filter Hub (filter-hub.exe) of Symantec Mail Security for SMTP. The errors can be exploited to cause unhandled memory access violations causing the filter hub service to crash. Symantec Mail Security for SMTP 5.0 patch 176 is affected. Other versions may also be affected.

tags | advisory
advisories | CVE-2007-1792
SHA-256 | 90518111806f2fd675c8d4fe74bd1e3483c420d80025c3a9a438ba4f7aad0ce5
pcsoft-overflow.txt
Posted Jun 29, 2007
Authored by Jerome Athias | Site JA-PSI.fr

The .wdp project file handling in PCSoft WinDEV suffers from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 9d2bdf9add4eb15757bc1637472308670613d3fab5d8e657520e87cc0a59fc48
fslint-2.22.tar.gz
Posted Jun 29, 2007
Authored by pixelbeat | Site pixelbeat.org

FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.

Changes: Added Spanish and Danish translations. Various improvements and fixes.
tags | tool
systems | unix
SHA-256 | 742fba3e7c74d066cfe705f27eb9c0921d582d9cb64513fdcc0cb76e921bc299
amx-activex.txt
Posted Jun 29, 2007
Authored by rgod | Site retrogod.altervista.org

AMX Corp. VNC ActiveX control remote buffer overflow exploit that takes advantage of AmxVnc.dll version 1.0.13.0.

tags | exploit, remote, overflow, activex
SHA-256 | 3e4b4e7e49614651ed8f8e25252d24cf8f65c7c0d33be9a44650128ae52249ce
webchat-sql.txt
Posted Jun 29, 2007
Authored by IHTeam

WebChat version 0.78 suffers from a remote SQL injection vulnerability in login.php.

tags | exploit, remote, php, sql injection
SHA-256 | f9c0c2ae4469d42a69bf90751a7d343a58078a269d724bc6090f07149ced2a7c
glsh-lfi.txt
Posted Jun 29, 2007
Authored by Katatafish

GL-SH Deaf Forum versions 6.4.4 and below suffer from local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | ce7da4504462593985b0ed7a743e1e0699af70e3481fa8c1424155e9db9ef2fc
b1gbb-sql.txt
Posted Jun 29, 2007
Authored by GolD_M | Site tryag.cc

b1gbb version 2.24.0 suffers from SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 4b45467a1c35d6e0869e86f4c71491f23b0b2e6233da19f123d739e90210b687
eticket-xss.txt
Posted Jun 29, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

eTicket version 1.5.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2007-2801
SHA-256 | 3176f8061bb7ca7776fadc5667c4926d7b1c4fcf71a547e81112eacaed92f82a
Debian Linux Security Advisory 1322-1
Posted Jun 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1322-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2007-3390, CVE-2007-3392, CVE-2007-3393
SHA-256 | ac8689f188bfac13ad323bb2cdbc50dcc7416383ec5bc0b4245e975c839e1d32
icf-xss.txt
Posted Jun 29, 2007
Authored by Cyrill Brunschwiler | Site csnc.ch

The Internet Communication Framework from SAP suffers from a cross site scripting vulnerability. SAP Basis component versions 640 SP19 and below and SAP Basis component versions 700 SP11 and below are vulnerable.

tags | advisory, xss
SHA-256 | 1b605b5b20b630727467eabf77385294491c0445024b3d42c4af1c0051e13cd0
contiftp-dos.txt
Posted Jun 29, 2007
Authored by 35c666

Conti FTP server version 1.0 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | ddff10bf2fa8147ea039c700a80ab1c5fe40007191288a4cce22deb9d0136dc7
checkpoint-csrf.txt
Posted Jun 29, 2007
Authored by Jussi Vuokko, Henri Lindberg | Site louhi.fi

Checkpoint VPN-1 UTM Edge suffers from a cross site request forgery vulnerability. Proof of concept included.

tags | exploit, proof of concept, csrf
SHA-256 | a3f09b1de8fc13110d56e12718c75492ea421af6481e32ffefd5cc94a58fc4bb
php523447-bypass.txt
Posted Jun 29, 2007
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHP versions 5.2.3 and below and 4.4.7 and below suffer from a safemode and open_basedir bypass vulnerability.

tags | advisory, php, bypass
advisories | CVE-2007-3378
SHA-256 | f47f5676eb24d32466cc30ca9626a14dc5ca7ff212f835ad4a4373299f35b5a1
Ubuntu Security Notice 478-1
Posted Jun 29, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 478-1 - Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-4168
SHA-256 | b743d41bc125e30e6d81088f373eb1a64c75a1b7e57fa959a67a6e595852bedf
Ubuntu Security Notice 477-1
Posted Jun 29, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 477-1 - Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
SHA-256 | a591496553000b28a37044bc3cf9fd441d414c58b1c93947c17cb964670cd2d1
Mandriva Linux Security Advisory 2007.136
Posted Jun 29, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in Evolution/evolution-data-server was found in how Evolution would process certain IMAP server messages. If a user were tricked into connecting to a malicious IMAP server, it was possible that arbitrary code could be executed with the privileges of the user using Evolution.

tags | advisory, arbitrary, imap
systems | linux, mandriva
advisories | CVE-2007-3257
SHA-256 | 157c59795abdb005555049836fc510295f4331a863c835c195aa1d976fb6f7f5
Gentoo Linux Security Advisory 200706-9
Posted Jun 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-09 - iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Versions less than 0.6.16 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2006-4168
SHA-256 | 2e6c0523c87966884d2f266f637a9e2d7c03774b61e5161b833fea5a62b27710
Technical Cyber Security Alert 2007-177A
Posted Jun 29, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-177A - The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

tags | advisory, remote, denial of service, arbitrary, vulnerability
SHA-256 | 06a8a4f9041ae2900d3fdaa3eec549d6039eadde39f46e205e62eb549916da60
iDEFENSE Security Advisory 2007-06-26.1
Posted Jun 29, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, fedora
advisories | CVE-2007-2798
SHA-256 | be5f0849e7f1bf120b8913f668f5393a0b1f9c0b40b5028210fa1f9f8539974d
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close