what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2007-12-06

firefox20011-dos.txt
Posted Dec 6, 2007
Authored by Azizov Emin

Firefox 2.0.0.11 appears to suffer from an INPUT denial of service flaw.

tags | advisory, denial of service
SHA-256 | 106de90631ae727c057e777f65c56f3e54f8d09f1d807d7aa7fb49cf8f679345
Gentoo Linux Security Advisory 200711-29
Posted Dec 6, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory [UPDATE] GLSA 200711-29:02 - Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. The original GLSA only resolved one of the two vulnerabilities due to a regression. New packages are available that resolve both buffer overflows. Versions less than 3.0.27a are affected.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
SHA-256 | 5557de32405923b2805ccfe30b4853e9a647f880a50d5de4f71ef0a5b640500b
Gentoo Linux Security Advisory 200712-2
Posted Dec 6, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-02:02 - It has been reported that the local_graph_id variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Versions less than 0.8.7a are affected.

tags | advisory, php
systems | linux, gentoo
advisories | CVE-2007-6035
SHA-256 | da4a4b89600f7f51dc73aa6b1ce47f4768e8e260621ae035de1d06f41a1443af
Gentoo Linux Security Advisory 200712-1
Posted Dec 6, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-01 - Suse Linux reported that Hugin creates the hugin_debug_optim_results.txt temporary file in an insecure manner. Versions less than 0.7_beta4-r1 are affected.

tags | advisory
systems | linux, suse, gentoo
advisories | CVE-2007-5200
SHA-256 | f72a55677a24c843f1f060ea87e950a2a91ad0269c80bcf1ee72aa118b7377c1
ezcontents-disclosure.txt
Posted Dec 6, 2007
Authored by p4imi0

ezContents version 1.4.5 suffers from a remote file disclosure vulnerability. Exploitation details included.

tags | exploit, remote, info disclosure
SHA-256 | 836281b1587a26e996351b905a3aabb5dc4198eb9ac3b026a7c8ab57163f12ad
Debian Linux Security Advisory 1420-1
Posted Dec 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.

tags | advisory, root
systems | linux, debian
advisories | CVE-2007-6210
SHA-256 | d23d17f90a2adf746f2242041c32d79d54e57c8fc7b7d073a784c2b395e16d41
Cisco Security Advisory 20071205-csa
Posted Dec 6, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | cisco, windows
SHA-256 | d6feb3ae1ee89b617ef815ece5040454f7d85e317d3b91ac3b902fda7d1785b4
cisco7940-dos.txt
Posted Dec 6, 2007
Authored by Radu State, Humberto J. Abdelnur, Olivier Festor

The Cisco 7940 is susceptible to a denial of service vulnerability when sent a sequence of SIP INVITE transactions. Demonstration exploit included.

tags | exploit, denial of service
systems | cisco
SHA-256 | a26c3e610685427175a09dd9c6263f17dfcce7d29309566957189aa762b24539
nokia-dos.txt
Posted Dec 6, 2007
Authored by Radu State, Humberto J. Abdelnur, Olivier Festor

The Nokia RM-159 version 12.0.013 suffers from a denial of service vulnerability when accepting a special sequence of SIP messages. Demonstration exploit included.

tags | exploit, denial of service
SHA-256 | 982d32bb063c52ac57973b7647ceca386a41fd00f3d6fafc909e609396e52d0c
Debian Linux Security Advisory 1419-1
Posted Dec 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1419-1 - A vulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.

tags | advisory, java, arbitrary
systems | linux, debian
advisories | CVE-2007-4575
SHA-256 | c16330dba85aa9cc4f0f76fb8674472566d62d50cb9be41f7f80f5c8f1b448b7
matahari-0.1.22.tar.gz
Posted Dec 6, 2007
Authored by Martin Obiols Herrera | Site matahari.sourceforge.net

This is a script to obtain a basic shell remotely on unix systems behind firewalls. Client gets commands by periodically polling the server and sends the output back after executing them. Traffic traverses firewall as standard outgoing HTTP GET/POST requests. HTTP requests/responses carry payload b64 encoded.

tags | tool, web, shell, rootkit
systems | unix
SHA-256 | bcbe505bee2a0877ae0ac0de00bbeda57cfbcbba46d50332bd6b6a0dde1abf18
ciscoworks-xss.txt
Posted Dec 6, 2007
Authored by Dave Lewis | Site liquidmatrix.org

CiscoWorks versions 2.6 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | e82d3e33fc9023b1641db87b491be48e638aec82f23c25a91a6e65ed97d725a4
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Dec 6, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixes and improvements to multithreading code. Various other tweaks.
tags | kernel, encryption
systems | linux
SHA-256 | d4503fd2d730443d0c3918048a4fb1482c4e87a55a81e6c6fb92df13accec2bd
nufw-2.2.10.tar.gz
Posted Dec 6, 2007
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: This is a maintenance release which fixes some bugs.
tags | tool, remote, firewall
systems | unix
SHA-256 | ee8e022d60a4f225a981bf8408d6c35ffc30b4726665854ced05778cf7c0feff
sinecms-sql.txt
Posted Dec 6, 2007
Authored by KiNgOfThEwOrLd | Site inj3ct-it.org

SineCMS versions 2.3.4 and below with the Calendar module suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b0ff2a7916ae3e6728f3450b14ecfd23a3ece8b3aee17a731eb923f882626a4e
adv86-K-159-2007.txt
Posted Dec 6, 2007
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

The Mambo/Joomla component rsgallery versions 2.0 beta 5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | dcb1c4abb718a08363c440ddbec0a9390ab1be55a36bdff64af572c3269968f2
opera9-dos.txt
Posted Dec 6, 2007
Authored by Gynvael Coldwind

Opera is vulnerable to a remote denial of service attack, using specially crafted BMP files, that causes the browser to freeze for a short amount of time (around 4 minutes on fast computer).

tags | advisory, remote, denial of service
SHA-256 | 93b879e9a06d7e933fad2efbb0ff9f866107dcf04c983da9154afa99bd7a2b12
mpaa-xss.txt
Posted Dec 6, 2007
Authored by Kristian Hermansen

The MPAA web site suffers from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | b8242db2e9de0aa143117b12d1ed5ede37fa7cba62a658fbeacf46f6219df6a6
Mandriva Linux Security Advisory 2007.237
Posted Dec 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4995
SHA-256 | f791a9296c8d4400be0291b24e5962d68ebe3bd47ea912792d38fd87a0988fd5
Mandriva Linux Security Advisory 2007.236
Posted Dec 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-4752
SHA-256 | b9a5ce7c195cf23dc93bea4b0e8421b2c3846ed1d22327a5e165ead7aa461f41
eleytt-various.txt
Posted Dec 6, 2007
Authored by Michal Bucko, Tomasz Polis | Site eleytt.com

Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.

tags | advisory, remote, denial of service, vulnerability, xss
SHA-256 | fda1f78dbc21e6774b76805b3b3221c77386552903d0b01b908867ea83063cbb
Ubuntu Security Notice 553-1
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5197
SHA-256 | a5ca1e30ea861e4166a60a266a86b1e6214e7fd247ffec66450a64a54d59bf70
Ubuntu Security Notice 552-1
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2007-5116
SHA-256 | 2f2bc258abbaf3c5f0854911699f361757f636eec99c67a0c470e681692e7f70
Ubuntu Security Notice 546-2
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | cd6620ec6ef11dcd2e4ad14c25d074f47f1e99e49f81174d1ae8cd195e713a76
HP Security Bulletin 2007-14.94
Posted Dec 6, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited remotely to gain unauthorized access.

tags | advisory
advisories | CVE-2007-6194
SHA-256 | f778ace1842d805c54d5c2c7d179191b9389baafbe1938ad271c0a143f9a7230
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close