what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 76 RSS Feed

Files Date: 2008-03-26

Secunia Security Advisory 29529
Posted Mar 26, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in some Sun SPARC Enterprise T5120 and T5220 Servers, which can be exploited by malicious users to bypass certain security restrictions

tags | advisory
SHA-256 | 05a143d831e9af3dff5d4204985207a0a8cb10c593608de03de031b45867e88a
Cisco Security Advisory 20080326-pptp
Posted Mar 26, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.

tags | advisory, vulnerability, protocol, memory leak
systems | cisco
advisories | CVE-2008-1151, CVE-2008-1150
SHA-256 | a9b789f67d015ebfaacfdad835aecae916f95ae2cd8af25a282d09ab989b9064
Cisco Security Advisory 20080326-mvpn
Posted Mar 26, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

tags | advisory
systems | cisco
advisories | CVE-2008-1156
SHA-256 | 590abd633caccc57ef5091f07338b3bb47024165cb0abfe8e22de9efa1b6de59
Cisco Security Advisory 20080326-IPv4IPv6
Posted Mar 26, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

tags | advisory, denial of service, udp, protocol
systems | cisco
advisories | CVE-2008-1153
SHA-256 | eaab00543556990c9814d3f8fdd5005a6f0b3ae28e6943684965111b23bafee3
Cisco Security Advisory 20080326-queue
Posted Mar 26, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.

tags | advisory, denial of service, protocol
systems | cisco
advisories | CVE-2008-0057
SHA-256 | dcb91b8e9e526a01e6830474e66caabdc396217550f5f948e3ede12a6af14b52
Cisco Security Advisory 20080326-dlsw
Posted Mar 26, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.

tags | advisory, udp, vulnerability, protocol, memory leak
systems | cisco
advisories | CVE-2008-1152
SHA-256 | c0d42ecfdbd323b7c72cd98ba5fa908269034f82bd1bcde8170b8fa5f6a55b4e
Mandriva Linux Security Advisory 2008-076
Posted Mar 26, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Two vulnerabilities were found in the Website META Language (WML) package that allowed local users to overwrite arbitrary files via symlink attacks.

tags | advisory, arbitrary, local, vulnerability
systems | linux, mandriva
advisories | CVE-2008-0665, CVE-2008-0666
SHA-256 | 642f93fb28c1a2234f77263f6160cec95cf0a8097345eac770f28404eaf2d0ff
Zero Day Initiative Advisory 08-013
Posted Mar 26, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. This results in a situation allowing the execution of arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux
advisories | CVE-2008-0924
SHA-256 | 46d033672b84882059d7bd3a080efd1b899bcbeaad30ac9d9f03740fdca6aa26
soliduro.zip
Posted Mar 26, 2008
Authored by Luigi Auriemma | Site aluigi.org

Demonstration exploit code for IBM solidDB versions 6.00.1018 and below which suffer from format string, crash, NULL pointer, and server termination vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 038d3b3993fe0c01cfed2a62f8ce866d6eb763003f023ba470ac0ff67e251358
soliduro.txt
Posted Mar 26, 2008
Authored by Luigi Auriemma | Site aluigi.org

IBM solidDB versions 6.00.1018 and below suffer from format string, crash, NULL pointer, and server termination vulnerabilities.

tags | advisory, vulnerability
SHA-256 | ff89c52841e7aa03bcec7f58142e408965df48f8aa3e374a90daa645b36be539
ipb23x-xss.txt
Posted Mar 26, 2008
Authored by SHAHEE_MIRZA

Invision Power Board versions 2.3.x and below allow for an arbitrary iframe insertion.

tags | exploit, arbitrary, xss
SHA-256 | 8c908879829b9103be2ddd6cb8070b795c89440b8481bc82b9cd15d3aa20e5ed
Secunia Security Advisory 29480
Posted Mar 26, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Digital Security Research Group has discovered a vulnerability in PowerBook, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 89ae84f02d17c4b3bb5a2ea74c9e267bff94a7d387381d3f67d060b4f112b7d3
Secunia Security Advisory 29509
Posted Mar 26, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.

tags | advisory, php
SHA-256 | 8b50ce052fe5c6a38ed3f14cbe0d6d75a6d302a164f33816e15eeb716917e9b1
Ubuntu Security Notice 596-1
Posted Mar 26, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 596-1 - Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols.

tags | advisory, remote, web, imap, protocol, ruby
systems | linux, ubuntu
advisories | CVE-2007-5162, CVE-2007-5770
SHA-256 | c8117d450a2491ab5a1b7ababcad5544029bd84fc845134213c6b2b164d9e5ba
Ubuntu Security Notice 595-1
Posted Mar 26, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 595-1 - Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-0544, CVE-2007-6697
SHA-256 | 8787a0170078a9d1a7576ce3ff41cf570558373d705eef090cfb9ca7e6eb0737
Ubuntu Security Notice 594-1
Posted Mar 26, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 594-1 - It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-6341
SHA-256 | 9226a1928d84d1cb3b36af5f475f4d2dd2386512949872d5714643ddfa6187ff
Ubuntu Security Notice 593-1
Posted Mar 26, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 593-1 - It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2008-1199, CVE-2008-1218
SHA-256 | 152ff94141df0e8a6338bc7c8610db35bac87dfa8800d44c753be25d8facba18
Ubuntu Security Notice 592-1
Posted Mar 26, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 592-1 - A ridiculous amount of vulnerabilities in Firefox have been addressed in this advisory for Ubuntu.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4879, CVE-2008-0416, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241
SHA-256 | b07c0e96e68ab81ecf155d01fffd3b142f8726c133c09cc6e3cb2bf3de2ffa13
quick-tftp-poc.py.txt
Posted Mar 26, 2008
Authored by Mati Aharoni | Site offensive-security.com

Quick TFTP Pro version 2.1 SEH overflow zero day exploit that binds a shell to port 4444.

tags | exploit, overflow, shell
SHA-256 | 1bac570fc98c5f940e65509f6372e870bf2fe8387dd7abd28dbe29874b43bf7a
Nmap Scanning Utility 4.60
Posted Mar 26, 2008
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: OS detection and service fingerprints have been added. Added the NSE HTTP library. Fixed multiple integer overflows. Various other fixes, additions, and improvements.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | 03bf22ca986ff65536141d78a982e27f1faa86bc10ac98016be4d6d969d1611d
sourceforge-tftpd.py.txt
Posted Mar 26, 2008
Authored by Mati Aharoni | Site offensive-security.com

TFTP Server for Windows version 1.4 ST zero day buffer overflow exploit. Binds a shell to port 4444.

tags | exploit, overflow, shell
systems | windows
SHA-256 | 67086b8e331febb1aa873729f1bee0fc7975c00a401b0d11aa39d04f9b68c580
linksys-bypass.txt
Posted Mar 26, 2008
Authored by meathive | Site kingpinz.info

The Linksys WRT54G firmware version 1.00.9 suffers from a slew of bypass vulnerabilities. Full details provided.

tags | exploit, vulnerability, bypass
advisories | CVE-2008-1247
SHA-256 | 56c6c3e22d21d215263eac4438a45fbbd1ee78f39e47e11bf406698b138d115a
HP Security Bulletin 2008-00.11
Posted Mar 26, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified in the SFTP Server (sftp-server) component of SSH version 3.2.0 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited by a remote user to execute arbitrary code or cause a Denial of Service (DoS). Yes, this is from 2006. Yes, HP is just notifying people now.

tags | advisory, remote, denial of service, arbitrary
systems | unix
advisories | CVE-2006-0705
SHA-256 | 97b55c3fc497bd98e96bbfccb72fb18e043e763c3dc094e105a84a146f8bc9bb
phpaddressbook-sql.txt
Posted Mar 26, 2008
Authored by hadihadi | Site virangar.org

phpAddressBook version 2.0 suffers from a SQL injection vulnerability allowing for administrative bypass.

tags | exploit, sql injection
SHA-256 | 0048aeb863c2580cb1be75d2dc60c5dc097fb37246d95a68df83023f2c757db4
blackboard-xss.txt
Posted Mar 26, 2008
Authored by Knight4vn

Blackboard versions 7.x and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a645dcc1193f7bfeb626eb7d7cae92f14e5c4bcf9b67413688401878b50d78d7
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close