what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2007-10-31

TOR Virtual Network Tunneling Tool 0.1.2.18
Posted Oct 31, 2007
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Multiple major and minor fixes and enhancements.
tags | tool, remote, local, peer2peer
SHA-256 | e485f916dc02908a390c96b6bd3385a562281706e62987fffd486c635d380991
bunny-0.9.tgz
Posted Oct 31, 2007
Authored by Michal Zalewski | Site code.google.com

Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.

tags | protocol, fuzzer
SHA-256 | 7316d0f0a285a94b48f522cda8e5a4963a67a6b63cbe7e8aaa2dd7ed46a4b9ef
ispworker-disclose.txt
Posted Oct 31, 2007
Authored by GolD_M | Site tryag.cc

ISPworker version 1.21 suffers from a remote file disclosure vulnerability in download.php.

tags | exploit, remote, php, info disclosure
SHA-256 | 55ca5e225126e342d46369ee76f34e6d80e49a9e985afc661e6285b8f4b6c910
mb-disclose.txt
Posted Oct 31, 2007
Authored by GolD_M | Site tryag.cc

ModuleBuilder version 1.0 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 213e35de465df5adefc4fb5fef51a2c1b9fcfcaa72b9f40095fc902fb7aa5b7e
Secunia Security Advisory 27457
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - L4teral has discovered some vulnerabilities in ILIAS, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 617d57750fdea3abff32828695563a1f334a956cea8fea0ee988c9ce277fbb0f
Secunia Security Advisory 27410
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
SHA-256 | d7c7244dc6998614dc5a96464902279538f081fb46b4bc83d4ebea025e20b1dc
Secunia Security Advisory 27448
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM WebSphere, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

tags | advisory, vulnerability, xss
SHA-256 | 63afc9feded3dcc3047faf5e97d418e53887c009d25d63ba56bc8155c8450c89
Secunia Security Advisory 27461
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Skien has reported a vulnerability in AirKiosk, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 637b1eaa172c4dcbc427cde9d6cf5e89b83ca290b506cb2febebeb6a12e1b704
iDEFENSE Security Advisory 2007-10-31.2
Posted Oct 31, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 10.31.07 - Remote exploitation of a directory traversal vulnerability in Symantec's Altiris Deployment Solution products could allow attackers to gain read access to arbitrary files hosted on the Altiris server. iDefense confirmed the existence of this vulnerability in Altiris Deployment Solution for Windows version 6.8. The specific vulnerable executable is pxemtftp.exe version 6.8.8297.48.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2007-3874
SHA-256 | fa8277cc5111cfc23dbfb67fa45a274da8a6f43df22df9b77441ea7561432e97
iDEFENSE Security Advisory 2007-10-31.1
Posted Oct 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.31.07 - Remote exploitation of an unsafe method vulnerability in Macrovision InstallShield Update Service allows attackers to execute arbitrary code with the privileges of the currently logged-in user. iDefense has confirmed the existence of this vulnerability in versions 5.01.100.47363, and 6.0.100.60146 of Macrovision InstallShield Update Service. Previous versions are also suspected to be vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-5660
SHA-256 | df53e7e656c045b43e42fe1c4b36a4ca09f9fddad56b17b10c1cd411d44ff1f1
Secunia Security Advisory 27458
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Bernhard Mueller has reported a vulnerability in Perdition, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | 4cb6006f1fac6e8f6a30b6cf1389f8dddd23a9d1e19ca5bac6924b4eecd36938
Secunia Security Advisory 27454
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Duncan Gilmore has discovered a vulnerability in yarssr, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | d97f17986e1d34179964985b4da70b2c44705a1348ea0e5048d677e1da76f79a
macosx-fwissues.txt
Posted Oct 31, 2007
Authored by Juergen Schmidt | Site heise-security.co.uk

It appears that the firewall on the new Mac OS X Leopard system is a bit botched.

tags | advisory
systems | apple, osx
SHA-256 | efa50c2ac1cc5fbec32db0b5e76f7437fc458042c3a85e3b25136a6246f482e1
SA-20071031-0.txt
Posted Oct 31, 2007
Authored by Bernhard Mueller | Site sec-consult.com

SEC Consult Security Advisory 20071031-0 - The Perdition Mail Retrieval Proxy versions 1.17 and below suffer from a format string vulnerability.

tags | advisory
SHA-256 | 4efe9018c77b580c8c0bdf7897b14f170b94aec142d3cc6dc57eb1e1f9e4d1f1
secunia-cups.txt
Posted Oct 31, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags.

tags | advisory, protocol
advisories | CVE-2007-4351
SHA-256 | ff66b477e49a4a9b5d88d1542d5cee03ef01f2f4ca231988e62038f76d3f78fd
secunia-mcafee.txt
Posted Oct 31, 2007
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Affected is McAfee E-Business Server for Linux version 8.1.1.

tags | advisory, overflow
systems | linux
advisories | CVE-2007-2957
SHA-256 | 48d4afec2f5d9ccb7c0a2dfc502a2ae72692c50ed8690518870a45beb34c756d
Vulnerability_Axis_2100_research.pdf
Posted Oct 31, 2007
Authored by Adrian Pastor, Amir Azam | Site procheckup.com

Whitepaper discussing multiple vulnerabilities discovered against the AXIS 2100 IP camera system.

tags | exploit, vulnerability
SHA-256 | 986692b6f4654c94d63979c6dd3fda4e17b01269b1945b047ee8d945a1bdd005
Gentoo Linux Security Advisory 200710-30
Posted Oct 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-30:02 - Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Versions greater than or equal to 0.9.8f are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-4995
SHA-256 | 0d73f5bba0849e1ddcfad464c93bbf52c3b793bef96268a80458eb993f14cef2
Gentoo Linux Security Advisory 200710-31
Posted Oct 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-31 - Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced. Versions less than 9.24 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5540, CVE-2007-5541
SHA-256 | 5de4d869f192fec6d1b11761c3c219e64fa4c2a60bc85eb35ea929e7ffea4dd1
iDEFENSE Security Advisory 2007-10-30.7
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4623
SHA-256 | 1a95829422936a89bd9887255c30ff92f350d73e274073408ed62d53ae1c4d5f
iDEFENSE Security Advisory 2007-10-30.6
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4217
SHA-256 | 3dec465fdd656832a851c313df9dd10488b2e285927b610249519c54c3cf6f7e
iDEFENSE Security Advisory 2007-10-30.5
Posted Oct 31, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4513
SHA-256 | 1152160dd4f6457dc8644941e7cf9fd4d5b9fa651d55372dea033af1fc1e7361
iDEFENSE Security Advisory 2007-10-30.4
Posted Oct 31, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4513
SHA-256 | eb8cc170ed6bb2ea346bb5e6132e53f58af5bec2acd833b04f0b10e62fb9c848
iDEFENSE Security Advisory 2007-10-30.3
Posted Oct 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the '-y' command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.

tags | advisory, arbitrary, local, root
systems | aix
advisories | CVE-2007-4622
SHA-256 | ec26bd7b077f967aa8a68f926d03462460aa6ced38d18b3c6d83bfa3e540affe
iDEFENSE Security Advisory 2007-10-30.2
Posted Oct 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.'s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it's possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4621
SHA-256 | bf2bf7ab5d98550fc89a5faddb98bd4109429208cc010b3c2097a31ab31c0e91
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close