what you don't know can hurt you
Showing 1 - 25 of 29 RSS Feed

Files Date: 2007-10-31

TOR Virtual Network Tunneling Tool 0.1.2.18
Posted Oct 31, 2007
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Multiple major and minor fixes and enhancements.
tags | tool, remote, local, peer2peer
MD5 | 6cfe65643f3874a9709f0c19e7c648e0
bunny-0.9.tgz
Posted Oct 31, 2007
Authored by Michal Zalewski | Site code.google.com

Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.

tags | protocol, fuzzer
MD5 | 91dbc29e0ecda883078f012844566bb4
ispworker-disclose.txt
Posted Oct 31, 2007
Authored by GolD_M | Site tryag.cc

ISPworker version 1.21 suffers from a remote file disclosure vulnerability in download.php.

tags | exploit, remote, php, info disclosure
MD5 | d4cffdfc29150b20d013d7117e1fdd2a
mb-disclose.txt
Posted Oct 31, 2007
Authored by GolD_M | Site tryag.cc

ModuleBuilder version 1.0 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 176200e6d0e88ad2ab7115f6be4c1b1c
Secunia Security Advisory 27457
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - L4teral has discovered some vulnerabilities in ILIAS, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 54c02b59b499964d36ebb2532bd063ff
Secunia Security Advisory 27410
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
MD5 | 501846eedb2b415af1989ac9e0bbd397
Secunia Security Advisory 27448
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM WebSphere, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

tags | advisory, vulnerability, xss
MD5 | 72cda1a4617ca6c29f74828003039ab7
Secunia Security Advisory 27461
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Skien has reported a vulnerability in AirKiosk, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 34ceaa44cd8f4ff26da342d1fa70364a
iDEFENSE Security Advisory 2007-10-31.2
Posted Oct 31, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 10.31.07 - Remote exploitation of a directory traversal vulnerability in Symantec's Altiris Deployment Solution products could allow attackers to gain read access to arbitrary files hosted on the Altiris server. iDefense confirmed the existence of this vulnerability in Altiris Deployment Solution for Windows version 6.8. The specific vulnerable executable is pxemtftp.exe version 6.8.8297.48.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2007-3874
MD5 | 69c30592d1e81af223bc206a0d0fbd5f
iDEFENSE Security Advisory 2007-10-31.1
Posted Oct 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.31.07 - Remote exploitation of an unsafe method vulnerability in Macrovision InstallShield Update Service allows attackers to execute arbitrary code with the privileges of the currently logged-in user. iDefense has confirmed the existence of this vulnerability in versions 5.01.100.47363, and 6.0.100.60146 of Macrovision InstallShield Update Service. Previous versions are also suspected to be vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-5660
MD5 | 3addc6c9d8c0ef03f3685cd0202c1a9b
Secunia Security Advisory 27458
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Bernhard Mueller has reported a vulnerability in Perdition, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

tags | advisory, denial of service
MD5 | 6428795cc680c4c8f840a557727a3011
Secunia Security Advisory 27454
Posted Oct 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Duncan Gilmore has discovered a vulnerability in yarssr, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 9d829529741529bc8f1021c76a2ea27c
macosx-fwissues.txt
Posted Oct 31, 2007
Authored by Juergen Schmidt | Site heise-security.co.uk

It appears that the firewall on the new Mac OS X Leopard system is a bit botched.

tags | advisory
systems | apple, osx
MD5 | bdd41cdbb1eb7588c57821fad260351b
SA-20071031-0.txt
Posted Oct 31, 2007
Authored by Bernhard Mueller | Site sec-consult.com

SEC Consult Security Advisory 20071031-0 - The Perdition Mail Retrieval Proxy versions 1.17 and below suffer from a format string vulnerability.

tags | advisory
MD5 | 8b94c6a2ea934c2582c4c95be156a6a6
secunia-cups.txt
Posted Oct 31, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags.

tags | advisory, protocol
advisories | CVE-2007-4351
MD5 | f050529925963e4d354c1ae9af386929
secunia-mcafee.txt
Posted Oct 31, 2007
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Affected is McAfee E-Business Server for Linux version 8.1.1.

tags | advisory, overflow
systems | linux
advisories | CVE-2007-2957
MD5 | 6dae62c7ecd1fa070332a3f1e761cc2d
Vulnerability_Axis_2100_research.pdf
Posted Oct 31, 2007
Authored by Adrian Pastor, Amir Azam | Site procheckup.com

Whitepaper discussing multiple vulnerabilities discovered against the AXIS 2100 IP camera system.

tags | exploit, vulnerability
MD5 | c14d61fdf02cb99eeda4ed644b8a84c2
Gentoo Linux Security Advisory 200710-30
Posted Oct 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-30:02 - Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Versions greater than or equal to 0.9.8f are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-4995
MD5 | d512f124ed8f60961db844caffc013cb
Gentoo Linux Security Advisory 200710-31
Posted Oct 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-31 - Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced. Versions less than 9.24 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5540, CVE-2007-5541
MD5 | 7fab15791e85f4456625c973666069b1
iDEFENSE Security Advisory 2007-10-30.7
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4623
MD5 | a185a185af8ec2c2ce27a46a467d032d
iDEFENSE Security Advisory 2007-10-30.6
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4217
MD5 | 3e29520806c28983f3fe4b7bdecdcd7d
iDEFENSE Security Advisory 2007-10-30.5
Posted Oct 31, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4513
MD5 | 6b7ef8143a1978882368835cc0236a7f
iDEFENSE Security Advisory 2007-10-30.4
Posted Oct 31, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4513
MD5 | f2ea5507b88b98c70d8372163d1fd68c
iDEFENSE Security Advisory 2007-10-30.3
Posted Oct 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the '-y' command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.

tags | advisory, arbitrary, local, root
systems | aix
advisories | CVE-2007-4622
MD5 | e9d35b47c15f1b28d3fd059f92b68189
iDEFENSE Security Advisory 2007-10-30.2
Posted Oct 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.'s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it's possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4621
MD5 | 702b614f37ff173a32386b75ea06bd8c
Page 1 of 2
Back12Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close