exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 59 RSS Feed

Files Date: 2007-11-15

samba-nmbdoverflow.txt
Posted Nov 15, 2007
Site samba.org

Samba versions 3.0.0 through 3.0.26a suffer from a vulnerability where the processing of specially crafted GETDC mailslot requests can result in a buffer overrun in nmbd.

tags | advisory, overflow
advisories | CVE-2007-4572
SHA-256 | e72f937e9999c88ee69b8d0ed43eb0b5f32cf81db8a0f776c662af87902e6a63
HP Security Bulletin 2007-14.83
Posted Nov 15, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2007-5240, CVE-2007-5239, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5273, CVE-2007-5274, CVE-2007-5232, CVE-2007-5689
SHA-256 | 901b575005153b95860b05640b68707f3a44368b6fc1b79cdcdd6e9459d4a552
InvisibleInk-source.zip
Posted Nov 15, 2007
Authored by Marco Ceriani | Site enlargeyournerd.com

Invisible Ink is a very simple and intuitive steganography program coded in C# that embeds text into a .bmp picture file. Text can be easily encrypted/decrypted with Rijndael algorithm using a 256 byte key generated with the sha256 function.

tags | encryption, steganography
SHA-256 | 3fd38f6939a1a6a60067a78959279f22bb85a3bc033e5a4a095fe6fbf60ad030
wordpressbf.py.txt
Posted Nov 15, 2007
Authored by d3hydr8 | Site darkc0de.com

WordPress brute forcing utility for wp-login.php.

tags | cracker, php
SHA-256 | d64fcb649d8746f06fd0d8f6e9998a3656222a4b3bfd7caf6a87c60556bcac0c
secunia-samba.txt
Posted Nov 15, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). Samba version 3.0.26a is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2007-5398
SHA-256 | 82afed15d3f975d552bba9eead56ad36e744e8f82013c3f2af53a1c26f333832
Secunia Security Advisory 27550
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in BtitTracker, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks and to bypass certain security restrictions.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 74fb6862d8d545e7487a484f8eb5b4242c968312e1de4f51e943434f43b25c62
Secunia Security Advisory 27625
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | e7f16c42b2f5b78a8cd71cba138c3e8c26a0bceb3c743c0eea4f6ed075e674f0
Secunia Security Advisory 27629
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, mandriva
SHA-256 | ce8180ccb9b283bf11be070e918d84a778396fe7b64544da864fe34d3f85d94b
Secunia Security Advisory 27633
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 5fad95c16dec8a3e07cbdf33cfb0b81bd64e1e978979bca8717268b61f0f640b
Secunia Security Advisory 27641
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 066ee5efb7887821223bd46020ef1f961a33f319f968d186f54346e9127a0752
Secunia Security Advisory 27648
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited to bypass certain security restrictions.

tags | advisory, php, vulnerability
SHA-256 | c4c89b1934f04a478723760cd6267a7c68a314bd2aea66b8b81047690e3fe959
Secunia Security Advisory 27665
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for firefox, seamonkey, and xulrunner. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | 727010e4d25dac57628eb1874a2dcb014ec0f5ff5caa5d94f786b62f754fb924
Secunia Security Advisory 27671
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - L4teral has discovered a vulnerability in AutoIndex PHP Script, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, php, xss
SHA-256 | 8a9c284844f33a9a5fe2d06e482067daafff879b804505899f6c2ebe1eb07ef0
Secunia Security Advisory 27673
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof, ruby
systems | linux, redhat
SHA-256 | 276f26b1d7d2195e581b51cdcdfb98c488e975dcea7894931527c3b91e9ac4ea
Secunia Security Advisory 27677
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ShAy6oOoN has discovered a vulnerability in X7 Chat, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | be4ebfa9a960f2ed17f26af7413eed16529676f8c853eb14b2bd32e64c012317
Secunia Security Advisory 27566
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Emiliano Scavuzzo has discovered a vulnerability in TorrentStrike, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 1f5703dcc3ee0da3beba43dd9f5f7faec34b69c4456a441b50badb191171323e
Secunia Security Advisory 27628
Posted Nov 15, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 3bc27e5a8070bd063dd1401f14d7b3bcdb60746b8377afc70c9586d10a636630
iDEFENSE Security Advisory 2007-11-14.4
Posted Nov 15, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.

tags | advisory, arbitrary, kernel, local, root, code execution
systems | apple, osx
advisories | CVE-2007-3749
SHA-256 | ddf3efb648c973e23481ba27247dee4c3391b50406769e418dd0d2779ae4fc6a
iDEFENSE Security Advisory 2007-11-14.3
Posted Nov 15, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, kernel, local
systems | bsd, apple, osx
advisories | CVE-2007-4268
SHA-256 | d3636fc385ddd79f2efb43a505c489290c2f0348f9f6f5f5b934e9c58f071cf2
iDEFENSE Security Advisory 2007-11-14.2
Posted Nov 15, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 11.14.07 - Local exploitation of a stack based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within the function responsible for adding an AppleTalk zone to an interface's routing table. A zone can be thought of as something similar to a Windows Domain. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, kernel, local
systems | windows, apple, osx
advisories | CVE-2007-4267
SHA-256 | 36fda99fdbd5125a1d1b3bffbc10bbe5bf332f6cbb674f55ea2665d857cc06db
iDEFENSE Security Advisory 2007-11-14.1
Posted Nov 15, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket. When allocating a buffer, the kernel uses a user provided integer to perform an arithmetic operation that calculates the number of bytes to allocate. This calculation can overflow, leading to the allocation of a buffer of insufficient size. This results in an exploitable heap based buffer overflow within the kernel. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, kernel, local, protocol, asp
systems | apple, osx
advisories | CVE-2007-4269
SHA-256 | 98ff4c86de36c7d39cd2880507a3d298ac1b6eba2990cfbad6dcb871ef57508f
Gentoo Linux Security Advisory 200711-20
Posted Nov 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-20 - Bas Wijnen discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Versions less than 0.11.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5933
SHA-256 | a1d4fce18098b44553354d8f167c9663d2da35614c7d3a6c47ce571c9c9430dd
Gentoo Linux Security Advisory 200711-19
Posted Nov 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-19 - Stefan Esser reported that a previous vulnerability was not properly fixed in TikiWiki 1.9.8.1. The TikiWiki development team also added several checks to avoid file inclusion. Versions less than 1.9.8.3 are affected.

tags | advisory, file inclusion
systems | linux, gentoo
advisories | CVE-2007-5423, CVE-2007-5682
SHA-256 | 99b2b391e1b8c4e7204fab5ec76d9d88dc7a636333069e52a5271779d50ea093
Gentoo Linux Security Advisory 200711-18
Posted Nov 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4476
SHA-256 | fd33823e7ab97166450f1a66072fa2b17bed42995063e54812d268d94e68b1aa
Gentoo Linux Security Advisory 200711-17
Posted Nov 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-17 - candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames. The session management functionality allowed the session_id to be set in the URL. BCC discovered that the to_json() function does not properly sanitize input before returning it to the user. Versions less than 1.2.5 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-3227, CVE-2007-5379, CVE-2007-5380
SHA-256 | 56267a11d2e0430390325feac70669ed4b084a3bbfe8e068dc20a304ea8ef191
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close