what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2008-04-03

Ubuntu Security Notice 598-1
Posted Apr 3, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 598-1 - It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. If a crafted HP-GL/2 file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, udp
systems | linux, ubuntu
advisories | CVE-2008-1373, CVE-2008-0047, CVE-2008-0053, CVE-2008-0882
SHA-256 | 76971a967007cc526ac3f071c811a22f58d61bf8643d735b0b8e9e0ab5e7fefe
Ubuntu Security Notice 588-2
Posted Apr 3, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 588-2 - USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for Ubuntu 6.06, additional improvements were made to make privilege checks more restrictive. As a result, an upstream bug was exposed which could cause operations on tables or views in a different database to fail. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-2692, CVE-2006-7232, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227
SHA-256 | 7b3e0c3b9aac237bc56c8aa95c0492465ee731361e13d7ca3e16a16caaa29be0
Gentoo Linux Security Advisory 200804-2
Posted Apr 3, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-02 - The Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. Versions less than 1.0.5 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-1372
SHA-256 | 35e5568654fbecaba5c7633b8a103b80c11445c7792b5085f75c2df4ec3da8e3
Mandriva Linux Security Advisory 2008-081
Posted Apr 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A heap-based buffer overflow in CUPS 1.2.x and later was discovered by regenrecht of VeriSign iDenfense that could allow a remote attacker to execute arbitrary code via a crafted CGI search expression. A validation error in the Hp-GL/2 filter was also discovered. Finally, a vulnerability in how CUPS handled GIF files was found by Tomas Hoger of Red Hat, similar to previous issues corrected in PHP, gd, tk, netpbm, and SDL_image.

tags | advisory, remote, overflow, arbitrary, cgi, php
systems | linux, redhat, mandriva
advisories | CVE-2008-0053, CVE-2008-0047, CVE-2008-1373
SHA-256 | 33f7be52443dd3e1c3609c74935cb7e59ffbfa88be92cf0470f82f810b6d0416
silk-1.0.0.tar.gz
Posted Apr 3, 2008
Authored by CERT | Site tools.netsa.cert.org

SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning.

tags | tool
systems | unix
SHA-256 | 8ac1cb132ef9ba9711dc86026cd0472de7d583fbee5b06538079be071c992248
phpblock-rfi.txt
Posted Apr 3, 2008
Authored by w0cker

PHP Block version a8.4 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 91668e6016e4f9d950f92820c6b67f2ea21bfeaaf17adb6f307a4ba0409bc16b
dazphp-lfi.txt
Posted Apr 3, 2008
Authored by w0cker

DaZPHP version 0.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | e5926bd38a12ef27844ff4f82aa07973bde1a56aaae7121e5392fdb41d43dd6d
joomlaonline-rfi.txt
Posted Apr 3, 2008
Authored by NoGe

The Joomla OnlineFlashQuiz component versions 1.0.2 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ae3ac94806846e27d126becdd8d49824eec6b35a31229b2a9b5a6f73c6527398
landesk-traverse.txt
Posted Apr 3, 2008
Authored by Luigi Auriemma | Site aluigi.org

LANDesk Management Suite versions 8.80.1.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 6191c070f9c9492d4019e3b2bdf5115c983ccfed765712593ac7faece222a942
httpry-0.1.3.tar.gz
Posted Apr 3, 2008
Authored by Dumpster Keeper | Site dumpsterventures.com

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.

tags | tool, web, sniffer
SHA-256 | ca3c464a95f4b70b9b857e0df7288bdab7eaa95d0a0f26a096e0cb01fb068ea0
joomlaactualite-sql.txt
Posted Apr 3, 2008
Authored by Stack-Terrorist | Site v4-team.com

The Joomla actualite component version 1.0 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 6cf8bb6ee774f01f2baa05956b9075092088fb278a366b99219fe1328e06a260
AKLINK-SA-2008-005.txt
Posted Apr 3, 2008
Authored by Alexander Klink | Site cynops.de

Apache-SSL versions prior to apache_1.3.41+ssl_1.59 suffer from a memory disclosure vulnerability that may allow for privilege escalation.

tags | advisory
advisories | CVE-2008-0555
SHA-256 | 39036c5cb769695609adfa378084ea68badbe067b04e9ae812fda9a39d1ed918
noticeware-dos.txt
Posted Apr 3, 2008
Authored by Ray

Noticeware Email Server version 4.6.1.0 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | a4982d774492c0571b26d5f59523f4127736d0afa7ea53c03e57dabed1edbacf
writersblock-sql.txt
Posted Apr 3, 2008
Authored by katharsis | Site katharsis.x2.to

Writer's Block suffers from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | 7d4c166b54ba7f86db89d2016b5947ef11401133013827564059b8c124b47176
chilkathttp-overwrite.txt
Posted Apr 3, 2008
Authored by shinnai | Site shinnai.altervista.org

ChilkatHttp ActiveX version 2.3 arbitrary file overwrite exploit.

tags | exploit, arbitrary, activex
SHA-256 | bf29ab50485a2fac246d06b896a16159790b4ab2e331c9b9196591fc6745536f
HP Security Bulletin 2008-00.6
Posted Apr 3, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in PostgreSQL versions 8.2.4 and earlier running on HP Internet Express for Tru64 UNIX. The vulnerabilities could be exploited to execute arbitrary code, elevation of privilege, or cause a Denial of Service (DoS).

tags | advisory, denial of service, arbitrary, vulnerability
systems | unix
advisories | CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601
SHA-256 | afd1bc6c33580067923d30d07609a12eab7bab28a754619e073a2ce527a5286a
HP Security Bulletin 2008-00.26
Posted Apr 3, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited by an authenticated user to gain unauthorized access to other user accounts.

tags | advisory, vulnerability
advisories | CVE-2008-0709
SHA-256 | 3fd266ece8249b8f74803324f88c759f7ba7b1684d16f85e1adf5260a26c1330
runcms11a-sql.txt
Posted Apr 3, 2008
Authored by DreamTurk

The RunCMS module bamagalerie3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9795fd5d56e1fc286e5b61e0865a234dadb7f4f4606c7ef217505021fc318a9b
nk_exploit.txt
Posted Apr 3, 2008
Authored by real

Nuked-Klan versions 1.7.6 and below exploit that allows for remote upload, remote code execution, and administrative hash retrieval.

tags | exploit, remote, code execution
SHA-256 | 1392860208d07523aee995e9f2a4fbff3155be005bd84a668e099c1eb4ec0cb1
hpopenviewnnm-overflow.txt
Posted Apr 3, 2008
Authored by Mati Aharoni | Site offensive-security.com

HP OpenView NNM version 7.5.1 pre-authentication SEH overflow exploit that takes advantage of OVAS.EXE and spawns a shell on port 4444.

tags | exploit, overflow, shell
SHA-256 | 2a87cd0d72e24941751c9b2458bcad6fef042e1ef4977ab83e8bcd7be9a4421c
nipper-0.11.5.zip
Posted Apr 3, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version.

Changes: This release includes updates to the report output from Nipper, some minor PQR issues and resolves issues reported by the community.
systems | cisco, windows, juniper
SHA-256 | 3ec6cda6bd7f8beeb5ce41b8da0551d6d0c685cca84893f711ef26ddb0f2c14c
nipper-0.11.5.tgz
Posted Apr 3, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the source version.

Changes: This release includes updates to the report output from Nipper, some minor PQR issues and resolves issues reported by the community.
systems | cisco, juniper
SHA-256 | 44bb0b2447846f08a72b97acabeb682c1ba6d374c4c3b33dd163fefdf9f93100
xnview1921-overflow.txt
Posted Apr 3, 2008
Authored by haluznik

XnView version 1.92.1 Slideshow "FontName" buffer overflow exploit.

tags | exploit, overflow
SHA-256 | d231e3a018ad89ca7664a054729fab6dc5e52086d498367d68d84bf4ba079570
novell-dos.txt
Posted Apr 3, 2008
Authored by Mati Aharoni | Site offensive-security.com

Novell eDirectory HTTP denial of service exploit.

tags | exploit, web, denial of service
SHA-256 | 2c961b1cde60fd28279cf7e9b53458f1a01c1d0b1131d03732e76b4866e70814
mcafeeepo-dos.txt
Posted Apr 3, 2008
Authored by Mati Aharoni | Site offensive-security.com

McAfee EPO version 4.0 remote denial of service exploit that takes advantage of FrameworkService.exe.

tags | exploit, remote, denial of service
SHA-256 | cb56841f9c46eb5a51ac3a43af27a3dcf1131d28c3139972272f110b7ea86d68
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close