what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 99 RSS Feed

Files Date: 2007-11-26

nah-sql.txt
Posted Nov 26, 2007
Site aria-security.net

NetAuctionHelp suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ca23929265ae8b9dfc26dec901a3cd27e03bbc545ca9adc5b650f178f9bb501f
aurigma-overflows.txt
Posted Nov 26, 2007
Authored by Elazar Broad

Proof of concept exploit for multiple stack overflows in Aurigma ImageUploader ActiveX control version 4.1.

tags | exploit, overflow, activex, proof of concept
SHA-256 | 1fd8bc4698db9e7659313d9d64f5b6b48c84457e87dabf73c65622b27cab1fa4
Mandriva Linux Security Advisory 2007.224
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The patch that fixed CVE-2007-4572 introduced a regression that would prevent shares from being mounted properly and would cause the remote (patched) smbd to crash. This update contains another fix from upstream to correct the problem.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 1b3f94b8569cfc063704531efc34b38497061332bf568a6d155f7bfe07342004
ucms-backdoor.txt
Posted Nov 26, 2007
Authored by D4m14n, shadowleet | Site opencosmo.com

Ucms version 1.4, 1.7, and 1.8 suffer from a backdoor vulnerability allowing for remote code execution.

tags | exploit, remote, code execution
SHA-256 | 86c2b9962062afa454dc85f4605b1756eacdfbf72946cb8782d601d891e74a49
talkback-rfi.txt
Posted Nov 26, 2007
Authored by NoGe

TalkBack version 2.2.7 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 429e3da97f257cf5e1705f63e1200eab2d15b35583a5add110c617473d567850
Debian Linux Security Advisory 1408-1
Posted Nov 26, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1408-1 - Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-5393
SHA-256 | e26e5395eaeb216d2ccc80d9ba8d899c2b4ffc3082ae988f5ad0412153506f14
gwextranet-include.txt
Posted Nov 26, 2007
Authored by Joseph Giron

GWextranet suffers from local file inclusion and script insertion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 1676a9dea3a2ede65a959cbec5f9175da648132009881739f4c241c42d0b5937
evanced-sqlxss.txt
Posted Nov 26, 2007
Authored by Joseph Giron

E-vanced Solutions suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 0d2827a61c4d8c24e895ec0729ebe413d4fba8dd7b983b3880bc78eaeaa377bb
vumailer-sql.txt
Posted Nov 26, 2007
Authored by The-0utl4w | Site aria-security.net

The VU Mailer mass mailer suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 6d9f41ef4f01858ff7d156bdb72c133cc096a001aa40777b101fc5606db20707
Mandriva Linux Security Advisory 2007.230
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-5937, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-4033
SHA-256 | 0f991775c30cb8dd149ffa43aa740074474f1908da8c8544dd63843d28effc58
Mandriva Linux Security Advisory 2007.229
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.1.2 release. This update provides version 2.11.2.2 which is the latest stable release of phpMyAdmin.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-5976, CVE-2007-5977
SHA-256 | 83dde85da13a25c662fbd983457ced6133cd8569139874bc6958a2d704cb5ebe
Gentoo Linux Security Advisory 200711-32
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-32 - Kevin B. McCarty discovered that the feynmf.pl script creates a temporary properly list file at the location $TMPDIR/feynmf$PID.pl, where $PID is the process ID. Versions less than 1.08-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5940
SHA-256 | b4fac0acfeac8814619a646d2acf29422078161129e7f8f5b289adeaa643342a
Gentoo Linux Security Advisory 200711-31
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-31 - The SNMP agent (snmpd) does not properly handle GETBULK requests with an overly large max-repetitions field. Versions less than 5.4.1-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5846
SHA-256 | 2bf7b5bd4aff2930104896bbebb480bc1f35c010301516f8482c848c280da33c
Gentoo Linux Security Advisory 200711-30
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-30 - Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing \Q\E sequences with unmatched \E codes that can lead to the compiled bytecode being corrupted. PCRE does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow. Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode and when searching for unmatched brackets or parentheses. Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows. PCRE does not properly handle \P and \P{x} sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops, PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow. Versions less than 7.3-r1 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768
SHA-256 | 2cf13565c4553f4360f8a93a282b82bbdd945f46fb26b822c659e837a4d9ca2a
Gentoo Linux Security Advisory 200711-29
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-29 - Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia Research) discovered a boundary checking error in the reply_netbios_packet() function which could lead to a stack-based buffer overflow. The Samba developers discovered a boundary error when processing GETDC logon requests also leading to a buffer overflow. Versions less than 3.0.26a-r2 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4572, CVE-2007-5398
SHA-256 | f46e72487552f1168508968dbcdd379e12d68c8d63c41e0bb358bfad44f2d20b
skyportal-multi.txt
Posted Nov 26, 2007
Site bugreport.ir

SkyPortal version RC6 suffers from multiple SQL injection vulnerabilities along with an unauthorized access to messages flaw.

tags | exploit, vulnerability, sql injection
SHA-256 | 417883db11b71d54dc2e7f99f52f1dea092031baeae8e52690204b94c35f24a7
bcoos-lfisql.txt
Posted Nov 26, 2007
Authored by trueend5 | Site kapda.ir

bcoos version 1.0.10 suffers from local file inclusion and SQL injection vulnerabilities.

tags | exploit, local, vulnerability, sql injection, file inclusion
SHA-256 | fca385a2ee787e17835e94128c52ec1e428541d162914c834e7823152b844dbf
wirelessg-multi.txt
Posted Nov 26, 2007
Authored by petko d. petkov | Site gnucitizen.org

The Wireless-G ADSL Gateway with SpeedBooster (WAG54GS) suffers from persistent cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 4b17ddab5f1abda0d7cf284ccb9ff382a2608ce27aab158d6b8a36ab2ac4d96f
EEYE-bitdefender.txt
Posted Nov 26, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006.

tags | advisory, remote, code execution, virus
SHA-256 | fc1814d1cbae3769356bcebcdf2053773a16eac33866492d72627399464648fb
HP Security Bulletin 2007-14.61
Posted Nov 26, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning.

tags | advisory
systems | hpux
advisories | CVE-2007-2930
SHA-256 | e576ef75d7d35d4baaed93528e0ab332df30743323b10de7121d5697e59ce372
wellsfargo-notsogood.txt
Posted Nov 26, 2007
Authored by joel

It appears that Wells Fargo's online banking is now allowing third party javascript from Akamai. Hopefully they come to their senses.

tags | advisory, javascript
SHA-256 | e4d79e1cad516e2ec202661e2374aaa01a707a6fadb16e87bd2b8adeff736ec8
Mandriva Linux Security Advisory 2007.228
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 26f792baa8eac68c8351e87ce1a11aa8ddc0a8dc5454c7e57a98ebcc1aa8bbb4
Mandriva Linux Security Advisory 2007.227
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 825fff34785109cf16b4ef4d19fe2069bdac7502d154d456862ff55a09f80ac0
Mandriva Linux Security Advisory 2007.226
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, minix, mandriva
advisories | CVE-2006-6058, CVE-2007-4997
SHA-256 | 89f7e97dfe062a6a8a1f5cfeecfc09fb45d983d76db73bbaff83505cc87f53ae
ezchatbox-xss.txt
Posted Nov 26, 2007
Authored by ShAy6oOoN

EZChatbox version 1.01 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0770bdbf7da69f9375370f70350ccbeceaf555c6b611eabda8a3347492e93247
Page 1 of 4
Back1234Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close