exploit the possibilities
Showing 1 - 25 of 45 RSS Feed

Files Date: 2007-07-19

Ubuntu Security Notice 486-1
Posted Jul 19, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878
MD5 | d1fbda39809930977b9a5d12439c40b2
msdirectx-heap.txt
Posted Jul 19, 2007
Authored by Ruben Santamarta | Site reversemode.com

Microsoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.

tags | advisory, overflow
MD5 | bb5803ba2e354d2239ac11ee93edc562
mdpro108-sql.txt
Posted Jul 19, 2007

MDPro versions 1.0.8x and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 6c93609fdf66685d21aeaf6ac8aa7bf7
ashop-multi.txt
Posted Jul 19, 2007
Authored by Timq | Site private-node.net

A-Shop versions 0.70 and below suffer from an arbitrary remote file deletion vulnerability.

tags | exploit, remote, arbitrary
MD5 | 2581e9526dc6e060754f481b0a29ecbc
phpbbsupanav-rfi.txt
Posted Jul 19, 2007
Authored by bd0rk | Site soh-crew.it.tt

phpBB module SupaNav version 1.0.0 suffers from a remote file inclusion vulnerability in link_main.php.

tags | exploit, remote, php, code execution, file inclusion
MD5 | 04dd164da0123e7009df2c66cfe65917
bbsemarket-rfi.txt
Posted Jul 19, 2007
Authored by mozi, magenkyo.sharingan

BBS E-Market suffers from a remote file inclusion vulnerability in postscript.php.

tags | exploit, remote, php, code execution, file inclusion
MD5 | 28e1bee4fdc01b7e6235f2f0bb449b12
joomlaexpose-rfu.txt
Posted Jul 19, 2007
Authored by Cold z3ro | Site hack-teach.com

The Joomla component Expose versions RC35 and below suffer from a remote permission bypass and file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 06baad934f99d9743d1b9e55d3233198
quickestore-sql.txt
Posted Jul 19, 2007
Authored by meoconx

QuickEStore versions 8.2 and below suffer from a remote SQL injection vulnerability in insertorder.cfm.

tags | exploit, remote, sql injection
MD5 | b95d4eb25fa4ab2dba00b78c270fcf44
vivvocms-sql.txt
Posted Jul 19, 2007
Authored by ajann

Vivvo CMS versions 3.4 and below remote blind SQL injection exploit that makes use of index.php.

tags | exploit, remote, php, sql injection
MD5 | 2660905f777e3fa82f3e0bee7d57dcab
prmsgid-sql.txt
Posted Jul 19, 2007
Authored by t0pp8uzz, xprog

Pictures Rating suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 36f268aa655d839f4915355ff502c385
AstKilla.c
Posted Jul 19, 2007
Authored by fbffff

Asterisk versions below 1.2.22 / 1.4.8 / 2.2.1 chan_skinny remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 56fafab58ecdf3198e8233e4305ffae7
shatter-mdsysmd.txt
Posted Jul 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.

tags | advisory, denial of service, overflow
advisories | CVE-2007-0272
MD5 | afba5f5746af8553dd304410e1145eb9
shatter-dbmsdrs.txt
Posted Jul 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Alert - Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
advisories | CVE-2007-0270
MD5 | b4b505cfada4710650557f7e45113851
Debian Linux Security Advisory 1335-1
Posted Jul 19, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1335-1 - Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2006-4519, CVE-2007-2949
MD5 | 8c2676d4606df48917eabd54c263e6c3
iDEFENSE Security Advisory 2007-07-18.2
Posted Jul 19, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 07.18.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code. IMail includes an IMAP daemon that users can use to access their email. The "Search" IMAP command contains an exploitable stack-based buffer overflow vulnerability. Additionally, the "Search charset" contains an exploitable heap-based buffer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in IMail Server 2006. The vulnerable executable used was version 6.8.8.1 of imapd32.exe.

tags | advisory, remote, overflow, arbitrary, vulnerability, imap
MD5 | 1e0ce85fd16d67c016ab72edc74b38c8
iDEFENSE Security Advisory 2007-07-18.1
Posted Jul 19, 2007
Authored by iDefense Labs, Ruben Santamarta | Site idefense.com

iDefense Security Advisory 07.18.07 - Exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX library could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value. For example, instead of storing 'AAAAAAAA', it may encode that into 'store "A" 8 times'. The buffer allocated for the image data is based on the width, height and color depth stored in the image, but when decoding this type of file, no checks against writing past the end of the buffer are performed. If the encoding specifies more data than has been allocated, a controlled heap overflow can occur. iDefense has confirmed that libraries in Microsoft's DirectX SDK (February 2006) are vulnerable, as are the DirectX End User Runtimes (February 2006). It is suspected that previous versions are also affected, including the DirectX 9.0c End User Runtimes.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-4183
MD5 | 90bae1472730b5cdfd52dc955a5da8ea
Technical Cyber Security Alert 2007-199A
Posted Jul 19, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-199A - The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.

tags | advisory, remote, web, arbitrary, vulnerability
MD5 | 2901de1606f0f2ca8aa29e8e289c4b59
Debian Linux Security Advisory 1334-1
Posted Jul 19, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-2754
MD5 | 0fe3ecc159d2bcdf1b2fb7ab84a6adb1
Debian Linux Security Advisory 1333-1
Posted Jul 19, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1333-1 - It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2007-3564
MD5 | 4f8fae878f598eb9ea98c3a5cbe27c1d
Cisco Security Advisory 20070718-waas
Posted Jul 19, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Wide Area Application Services (WAAS) software contains a denial of service (DoS) vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE-502 module) to stop processing all types of traffic, including data traffic and management traffic.

tags | advisory, denial of service
systems | cisco
MD5 | 28afe455034b3a7f7e2f312140d97afb
ledgersmb-bypass.txt
Posted Jul 19, 2007
Authored by Chris Travers

LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.

tags | advisory, bypass
MD5 | da593cf217e1cd7ff7d1ecd11e8c035a
STEGASRC201.zip
Posted Jul 19, 2007
Authored by Asko Vuori

STEGA is a tiny 4058 byte steganography program that will hide files inside of BMP/GIF/PCX/TGA pictures, VOC/WAV sound files, RAW 8-bit data file, or LST/TXT text files.

tags | encryption, steganography
MD5 | 1846750c752ff8c49721e6131db6aac6
oracle_apex_sql_injection_check_db_password.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle APEX suffers from a SQL injection vulnerability in the function wwv_flow_security.check_db_password.

tags | advisory, sql injection
MD5 | 4956fad79b96f4d8ea8445926cd628f3
oracle_sql_injection_dbms_prvtaqis.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in package DBMS_PRVTAQIS.

tags | advisory, sql injection
MD5 | d8aff3c7d04f6dc394e84c3ce6d8d1cb
oracle_cpu_jul_2007.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.

tags | advisory
MD5 | 983012a6e51d19bba18e796f5e0b9fc0
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close