Writing local stack overflows on Solaris SPARC.
1178fffed1c888d3076dac7a5c02c32cb12d80ea6e89eb2c63ef61178491c43fwireless_tools: The Guide to the Goods.
6aeb4992d1be4aeb2a07fd8f9e1eb5b87ffd0257a73c68846a10161a9979915dWhitepaper discussing the remote exploitation of format string bugs.
e56ac2e283600d4cc1b61d33886eb76a7532991e7f0d2394cec3fa119c1c9887A small whitepaper discussing code auditing in C.
11fb1c5a2417f1cd02c72bad9316aff637575f8a2d814bd9c9c5aa3d3fff2ca7Whitepaper: Oracle Forensics Part 5 - Finding Evidence of Data Theft in the Absence of Auditing.
05f964f5538507637f62883278dca0fbb358534be66e7a889e548211d48bc52cDissection of an Oracle Attack in the Absence of Auditing. Presentation slides from Black Hat 2007 as presented by David Litchfield.
ea0db6b1c967296d75373f0bddcdec3b52590bea40c28dd773a626143ccc0a39Whitepaper discussing cross site request timing attacks. This was originally presented at Black Hat 2007 and Defcon 15.
88fce15c0a9ed8dc4bc6ad55deb64e3a3b97add18472559f9a0f7481f2f6d3d2squeeza is a tool helps exploits SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (dns, timing, http error messages).
ed5de3ae05d77b7285523cc1c34484c73029565ace873988605f4b640b76d635A write up that discusses buffer overflows in Windows Extended file attributes. Includes some exploits.
8e4c9ac85d956e95c45456c212760ccccf702140501b1ca9dca0001515bf9310Zyxel Zywall 2 suffers from persistent cross site scripting, cross site request forgery, and persistent denial of service vulnerabilities.
8059f7f3aaa91ace28d4deb5fd4951ae7e4f2a72fd9b0c7aa41f4be8a1b816a7Joomla CMS version 1.0.12 suffers form a session fixation issue in the backend administration interface.
2e91e828f738a8734a04193a718556a5e9599a70061f57213f41d7f7fd60b5a0Harmony Security Advisory - Qbik's WinGate versions below 6.2.2 suffer from a remote denial of service vulnerability.
01bc3078c7944cbe079a4848b79ed8258c76fb99bef205db3e3b00b3fe9bca9eMandriva Linux Security Advisory - An off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame.
3bfb6fa240f257ac8f3808201d1287f91d9ddcd0624dfa025e3af23cf4e78763GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
cf3c90a0998808f2d78beb81743097e2c2cda7a59c8094078e56b81d205c1a7bMandriva Linux Security Advisory - A format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
b32a09c07674b6009d0ea70a041224cbaafa1d364f22b570b4ee694400246ae5SSHatter is a remote brute force utility that attempts every password from a given list against a target.
f36698575e0aefc1ed0903dc22c54cd9ffdeb171aa4341ea9cc93b770555d3adTcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires Libpcap.
09f1daece22a3555f1ca1f9779caf36357cc8d5b9ad1964606093c7e884e0da4Micrsoft DXMedia SDK6 "SourceUrl" ActiveX remote code execution exploit.
8440922a3a5e7b87aaf529b1f60ac8a8c3362ddc802ba0be6e2692afabf1b754Pixlie version 1.7 suffers from a remote file inclusion vulnerability in pixlie.php.
26ea74cb61d1341d7b4eb4b01ac2598bb9f382ba7243c70fde73c3ed446f41b2PHP Blue Dragon CMS version 3.0.0 remote code execution exploit.
a6e9774d64ae1264794ea557cead8acc0b27f5c18eeb9ede94dd142863038c1fPHP Blue Dragon CMS version 3.0.0 suffers from a remote file inclusion vulnerability.
8556f93708d92f2f398506f2c002feef4007d93288baee7d1c1ee527dca20dfePHP Blue Dragon CMS version 3.0.0 remote SQL injection exploit.
53929a6a61595da3fdbb24907caea889d4ad4f19531f58276e306e796172f79dShoutbox version 1.0 suffers from a remote file inclusion vulnerability.
5edde50fdd8acd276fdb857951a1639703b2b2120b0ae92b6718d88686403e0fFile Uploader version 1.1 suffers from a remote file inclusion vulnerability.
207313b9c2a2c69e1b5c5c02e17a2a4a3249f50ffb1d7888b684b0f003769c47Web News version 1.1 suffers from a remote file inclusion vulnerability.
b0c9456456ade7c978dcdb359844169642acc4310176d9f9b22009226bfb231b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed