what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

Files Date: 2008-01-17

Mandriva Linux Security Advisory 2008-016
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, denial of service, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | 7011750e86e2350ac4aa01c2801209a1471d2cfd530582dc3a9b8ae8243bbe30
Mandriva Linux Security Advisory 2008-015
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2008-0005
SHA-256 | dda119fab4bbfc092df5941a6d76ce66e859a53e5fab37e511b65b301d0251c9
Mandriva Linux Security Advisory 2008-014
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_autoindex module could lead to a cross-site scripting attack on sites where mod_autoindex was enabled and the AddDefaultCharset directive was removed from the configuration, against web browsers that did not correctly derive the response character set following the rules in RFC 2616. A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, xss
systems | linux, mandriva
advisories | CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005
SHA-256 | 99928353f403d25058b0be4b7ae1cc98fadff2fc75cd15dec8eded067ebadb82
Ubuntu Security Notice 570-1
Posted Jan 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 570-1 - Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 7a75a95eb54b1bbce2d18c0f317d1d00bfab67a4f2488a2f0304ee0df2be5cd5
gradman-lfi.txt
Posted Jan 17, 2008
Authored by JosS | Site spanish-hackers.com

Gradman versions 0.1.3 and below local file inclusion exploit that makes use of agregar_info.php.

tags | exploit, local, php, file inclusion
SHA-256 | ca111e9fb1506c339f9f40df6dac92f656d360efd1a0e8693fcd55c02f925e67
Technical Cyber Security Alert 2008-16A
Posted Jan 17, 2008
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA08-016A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

tags | advisory, remote, arbitrary, vulnerability
systems | apple
SHA-256 | 0d75a1573438056b77ca77062f90d6189bc149f21669ac74ba399b9f7aa91c25
waraxe-2008-SA-062.txt
Posted Jan 17, 2008
Authored by Janek Vind aka waraxe | Site waraxe.us

MyBulletinBoard aka MyBB version 1.2.10 suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 885bbf7ceb22b810e73389a89b065ea8674e690816429176224d81ae17320b86
waraxe-2008-SA-061.txt
Posted Jan 17, 2008
Authored by Janek Vind aka waraxe | Site waraxe.us

MyBulletinBoard aka MyBB version 1.2.10 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 0af5fb9f4092490c864cd396a3c12fc32749674efb46e40b8f30df6709fffff1
TPTI-08-02.txt
Posted Jan 17, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
systems | cisco
advisories | CVE-2008-0027
SHA-256 | d1adddda0bed4abbd64d6b58766d7cbc90bbbd0ab44c72ddd31afb9f5483c8ee
ruttorrent.zip
Posted Jan 17, 2008
Authored by Luigi Auriemma | Site aluigi.org

Proof of concept exploit for BitTorrent versions 6.0 and below and uTorrent versions 1.7.5 and below which suffer from a buffer overflow vulnerability.

tags | exploit, overflow, proof of concept
SHA-256 | a1b23a4696407d59e6915297d68f6340b5ecfad5200b23d9a06671b31be1090e
ruttorrent.txt
Posted Jan 17, 2008
Authored by Luigi Auriemma | Site aluigi.org

BitTorrent versions 6.0 and below and uTorrent versions 1.7.5 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 7804196a3c68e02a9fe62e20e0f7f315ca83a3091b52bb5c8dcd19974c4d5c8d
Cisco Security Advisory 20080116-cucmctl
Posted Jan 17, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | cisco
advisories | CVE-2008-0027
SHA-256 | 52f72ec33d9e80d1f5ccfe6b8f9bc28ae3aa05d9dabf8b942304ad24a75f4b86
mfh-lfi.txt
Posted Jan 17, 2008
Authored by Scary-Boys | Site scary-boys.com

Mini File Host versions 1.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | dddd51585966fcd9b66dbec0becf9ad3af392735160b537fb09462ed4292c3b4
DSECRG-08-003.txt
Posted Jan 17, 2008
Authored by Sh2kerr, Stas Svistunovich | Site dsecrg.com

Blogcms version 4.2.1b suffers from SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 7055b7f59b9b375b2ccf49e5707f2210d371270af651ca0fc33a90e6a5bddcf6
DSECRG-08-002.txt
Posted Jan 17, 2008
Authored by Sh2kerr, Stas Svistunovich | Site dsecrg.com

aria version 0.99-6 suffers from a local file inclusion vulnerability in arias/help/effect.php.

tags | exploit, local, php, file inclusion
SHA-256 | 2227798c61a6c13da0a219ab942db2a3c871e47e15fb18de1ad574438aa2c1d5
miniweb-multi.txt
Posted Jan 17, 2008
Authored by Hamid Ebadi | Site bugtraq.ir

MiniWeb version 0.8.19 suffers from directory traversal and heap overflow vulnerabilities. Exploitation details provided.

tags | exploit, overflow, vulnerability
SHA-256 | 5799c6c5fc79d425ac6b418209397eb7731bd51687ee3c4949324fea94c6634c
phpecho-sql.txt
Posted Jan 17, 2008
Authored by Stack-Terrorist | Site v4-team.com

PHPEcho CMS version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 20a81541b7228837f34d9fa3ed90db503ae6f84ec485f9251da4fe85feb5a603
mybb1210-exec.txt
Posted Jan 17, 2008
Authored by Silentz | Site w4ck1ng.com

MyBulletinBoard aka MyBB versions 1.2.10 and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | aa91d6d3bd64d3a6cae6b907ab80fdb42fd3ac0121d79eba2812b0f1301bc5f2
phpresidence-sql.txt
Posted Jan 17, 2008
Authored by IRCRASH | Site ircrash.com

PHP-RESIDENCE version 0.7.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 0a4e95a7c6bc4704625bcdbc71e2a9dce1790f190687a2bea5a5755222f2e8c0
cpanelpro-xss.txt
Posted Jan 17, 2008
Authored by The-0utl4w | Site aria-security.net

It appears that the cPanel hosting manager suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 70f086f77ceeb8de20ed048dcbd207c15586d0caf99f40c2f0692062863390f2
realestates2n-sql.txt
Posted Jan 17, 2008
Authored by The-0utl4w | Site aria-security.net

Real Estate Web by Site2Nite suffers from a SQL injection vulnerability.

tags | exploit, web, sql injection
SHA-256 | 3504ae1cc83a800900093ece5bf32c65897c23489000b66f9a6a096fe8fc3c8a
8e6-bypass.txt
Posted Jan 17, 2008
Authored by nnposter

The HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet Filter can be bypassed by simply splitting the HTTP request line (which contains the URI) into multiple packets.

tags | exploit, web, bypass
SHA-256 | 187a0e359bab1a916b2621f03264d407ca323d63ed31f60f2ffb569d23c49607
pixelpost-sql.txt
Posted Jan 17, 2008
Authored by Silentz | Site w4ck1ng.com

PixelPost 1.7 remote blind SQL injection exploit that makes use of the Content-Length header.

tags | exploit, remote, sql injection
SHA-256 | 891146cdd1a875d925fb1624b11e8ded3420fe0aac29009d56d2c89a4fb37d43
alitalk-multi.txt
Posted Jan 17, 2008
Authored by tomplixsee

ALITALK version 1.9.1.1 suffers from severe remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | e72f4f0993335bce4ad2605189a21e4ae4b90da1360217cd3c030f2263f55c0e
mailbee-rfd.txt
Posted Jan 17, 2008
Authored by -=M.o.B=-

MailBee WebMail Pro version 4.1 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 1f8a66617da5a4d95951635a9e0eefca05834e5215a5e9990ddfcb14bcf22dd7
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close