exploit the possibilities
Showing 1 - 25 of 78 RSS Feed

Files Date: 2007-07-13

verisign-redirect.txt
Posted Jul 13, 2007
Authored by Aditya K Sood | Site secniche.org

Verisign has various open HTTP redirect servers that may assist phishing.

tags | advisory, web
SHA-256 | e8af84c34d993d2f3a426aa98367353af8697e3b1bdcdae5dba286af1f725cba
mzkblog-sql.txt
Posted Jul 13, 2007
Authored by GeFORC3

MzK Blog suffers from a SQL injection vulnerability in katgoster.asp.

tags | exploit, sql injection, asp
SHA-256 | a9bababfe56c0450554ad72b016fdf4c8f2590a20b6fa92e64f3fa6c0e7da067
chroot_sshd_linux.pdf
Posted Jul 13, 2007
Authored by Paul Sebastian Ziegler | Site observed.de

Whitepaper discussing how to chroot SSHd on Linux.

tags | paper
systems | linux
SHA-256 | af958cdea0fa1867d95fdc17f44bc811a2067dcfa26bacaf4799298815175996
Ubuntu Security Notice 483-1
Posted Jul 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 483-1 - Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. Steffen Ullrich discovered that the Net::DNS Perl module did not correctly detect recursive compressed responses. A remote attacker could send a specially crafted packet, causing applications using Net::DNS to crash or monopolize CPU resources, leading to a denial of service.

tags | advisory, remote, denial of service, perl, spoof
systems | linux, ubuntu
advisories | CVE-2007-3377, CVE-2007-3409
SHA-256 | 23402e1eb87ebdef781c7ff730c5104d8411dfcb246b85b8f53f40de76c8bfb0
MSA01110707.txt
Posted Jul 13, 2007
Authored by Stefano Di Paola | Site mindedsecurity.com

By using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | b5745d95565e102a3b47c37bae0f9bb5d2ad4eb82226f8857c7805702ddd2ae8
esyndicat-sql.txt
Posted Jul 13, 2007
Authored by d3v1l

eSyndiCat is susceptible to multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | d843ff604f3f46517a45dcfa7e1a21495f839b8c3d86df197fe21ef4c395df0a
TISA2007-03-Public.pdf
Posted Jul 13, 2007
Authored by Edi Strosar | Site teamintell.com

TeamIntell has discovered a local buffer overflow vulnerability in Poslovni Informator Republike Slovenije 2007 aka PIRS2007, a data collection of companies and active business subjects in Slovenia.

tags | advisory, overflow, local
SHA-256 | 2648391a8541792b5d75d4ceba84f3e915c4492ff0cd020e5260da2a814aa48f
Secunia Security Advisory 26048
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | 0f67186da20a3379be13fcebe435eca3657f18a83a0aa375e172d6072dc3c485
AL-2007-0071.txt
Posted Jul 13, 2007
Site auscert.org

AUSCERT ALERT - A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. The first vulnerability affects JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier. The second vulnerability affects JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier.

tags | advisory, java, overflow, local
advisories | CVE-2007-2788, CVE-2007-2789
SHA-256 | b4e7bf595970ae7065a98357807cb501af2b46b0055a9e2bde3fd8e57b04a001
Secunia Security Advisory 26014
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for perl-Net-DNS. This fixes some vulnerabilities, which can be exploited to poison the DNS cache or cause a DoS (Denial of Service).

tags | advisory, denial of service, perl, vulnerability
systems | linux, mandriva
SHA-256 | a6b3766b3b424b2b35bc6a1fc376df73d7595b570b43cdac3ccd9857eb9b9db8
Secunia Security Advisory 26021
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Rapha

tags | advisory, denial of service
SHA-256 | 47f30727bd43c6bbb946220f1bd949706792badec4b356ccd654dc25ae9db9fb
Secunia Security Advisory 26050
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in libarchive, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
SHA-256 | 0fd2a6e135594bd54fd5fe51a0a82ac15e5a87633a3036a5ecd59a7f0c0d5983
Secunia Security Advisory 26058
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aaron Portnoy has reported a vulnerability in Progress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 681c3629db20c982e1edf66c4ed392cc7a8d7d007df4026d24f4316f9c736c7f
Secunia Security Advisory 26062
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - FreeBSD has issued an update for libarchive. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | freebsd
SHA-256 | cda153679a245ad640110520fc76e3d9d5311f011c1b4b29b175822854ac6af4
Secunia Security Advisory 26067
Posted Jul 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - RSA has acknowledged a vulnerability in some products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | eab15f6b60ec6afcea9ddf4bb1c7b60ada493c054995047ae2b5a1edda1b2278
youtube-bypass2.txt
Posted Jul 13, 2007

YouTube.com suffers from an age verification bypass vulnerability via using googlevideo.com to watch the recording.

tags | exploit, bypass
SHA-256 | 9b88a68a46eb84499571819fe3e5aacc70b9ca5805f95dc5397af1ced025c8b8
rt-sa-2007-007.txt
Posted Jul 13, 2007
Site redteam-pentesting.de

ActiveWeb Contentserver CMS versions 5.6.2929 and below suffer from a permissions settings security issue.

tags | advisory
advisories | CVE-2007-3018
SHA-256 | 98b2278fe74c4b5c02e290563a3cd28e03d7495811f241b8175aa3fab52c0309
rt-sa-2007-006.txt
Posted Jul 13, 2007
Site redteam-pentesting.de

ActiveWeb Contentserver CMS versions 5.6.2929 and below suffer from a design flaw where it performs client side content filtering to restrict javascript insertion.

tags | advisory, javascript
advisories | CVE-2007-3017
SHA-256 | bc4832766be82e02a34378142e0ee9f05d44f38e630b629a245d37622575bcc9
rt-sa-2007-005.txt
Posted Jul 13, 2007
Site redteam-pentesting.de

ActiveWeb Contentserver CMS versions 5.6.2929 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2007-3014
SHA-256 | 2d0949b924612b1f96f9c3711606b75f41254df1e65e4e224e463a9870d7fee0
rt-sa-2007-004.txt
Posted Jul 13, 2007
Site redteam-pentesting.de

ActiveWeb Contentserver CMS versions 5.6.2929 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2007-3013
SHA-256 | b420640763e53d8c157e14cb6ba6cf0a71f7e2aefcb1a74b7229bdee5a89e327
multi-xss.txt
Posted Jul 13, 2007
Authored by Hanno Boeck | Site hboeck.de

Various popular web sites like thepiratebay.org and internic.net suffer from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 82b5aa1c83e2d6e46d937cbaf519462a11668f67a3ded0cbef27b092f54ee084
Zero Day Initiative Advisory 07-040
Posted Jul 13, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists during the process of scanning multiple maliciously formatted CAB archives. The parsing routine implicitly trusts certain user-supplied values that can result in an exploitable heap corruption.

tags | advisory, remote, arbitrary
advisories | CVE-2007-0447
SHA-256 | ff68def6414c5a17260597ea6f9302bbc0974165cea1f57150ee5963846fb729
Zero Day Initiative Advisory 07-039
Posted Jul 13, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability. The specific flaw resides in a forged PACK_SIZE field of a RAR file header. By setting this field to a specific value an infinite loop denial of service condition will occur when the scanner processes the file.

tags | advisory, denial of service
advisories | CVE-2007-3699
SHA-256 | 8c3b03361c415d4af702f337b7b7a1c3bac489c20da60f6b941d19b2bbde57f6
TPTI-07-12.txt
Posted Jul 13, 2007
Authored by Aaron Portnoy | Site dvlabs.tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of RSA Authentication Manager and other products that include the Progress server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the Progress Server listening by default on TCP ports 5520 and 5530. The _mprosrv.exe process trusts a user-supplied DWORD size and attempts to receive that amount of data into a statically allocated heap buffer

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2417
SHA-256 | 5991d00193b63121f2781ae42162b01e3c2ec0fe6645783a2f56dd01c2fc2de0
Mandriva Linux Security Advisory 2007.146
Posted Jul 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data. A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding.

tags | advisory, remote, denial of service, perl
systems | linux, mandriva
advisories | CVE-2007-3377, CVE-2007-3409
SHA-256 | c2a2cee9cc049306a5cd40b0e59a19a5592f58175929efba008c2a59967d82af
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close