exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2008-04-24

Debian Linux Security Advisory 1558-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.

tags | advisory, arbitrary, javascript
systems | linux, debian
advisories | CVE-2008-1380
MD5 | 4850d8da80953fcdd093d6f183997530
GNU SIP Witch Telephony Server
Posted Apr 24, 2008
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Introduction of system and anon user identifiers. Support for SMS message generation. Various other additions.
tags | telephony, protocol
MD5 | caf97dbd9cac8e46eef2f74db456a3de
HP Security Bulletin 2008-00.31
Posted Apr 24, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code.

tags | advisory, remote, arbitrary, activex
systems | windows
advisories | CVE-2008-0712
MD5 | 94d1e54ffae4bc8b8badbca2a431fe5f
Debian Linux Security Advisory 1534-2
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1534-2 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Second advisory released as a regression in mailnews handling has been fixed.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-4879, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241
MD5 | e5cffa80650ace4d2c1c8b242917e944
Debian Linux Security Advisory 1557-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.

tags | advisory, remote, web, arbitrary, local, php, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2008-1149, CVE-2008-1567, CVE-2008-1924
MD5 | 048c9857c58552e12caabe6fe8388596
Debian Linux Security Advisory 1556-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.

tags | advisory, overflow, arbitrary, perl, code execution
systems | linux, debian
advisories | CVE-2008-1927
MD5 | 301dc75bc63005c52eccfcb3ffbdb515
nicelog-1.0.tgz
Posted Apr 24, 2008
Authored by xi4oyu

logtamper is a modified version of wtmpclean that also modifies UTMP and lastlog related entries.

tags | tool, rootkit
systems | unix
MD5 | b70dede37a1971929702af7eecaba7a5
blindmysql.pdf
Posted Apr 24, 2008
Authored by ka0x

Blind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.

tags | paper, sql injection
MD5 | d65de87d85c546df9cc62800d3f03c0c
lotus-exec.txt
Posted Apr 24, 2008
Authored by Thomas Pollet

Lotus Symphony Expeditor suffers from an arbitrary code execution vulnerability via the handling of URIs with rcplauncher.

tags | exploit, arbitrary, code execution
MD5 | 75febdef7a73a4c6e21c145294d9f0ff
lateral-sql-injection.pdf
Posted Apr 24, 2008
Authored by David Litchfield | Site ngssoftware.com

Lateral SQL Injection: A New Class of Vulnerability in Oracle.

tags | paper, sql injection
MD5 | d7b2c8e9e07fd070e5775af0e397dd1b
Gentoo Linux Security Advisory 200804-28
Posted Apr 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.14 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
MD5 | 8adfd9b3fcb5d2b592286e4eb4c68173
Gentoo Linux Security Advisory 200804-27
Posted Apr 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-1227, CVE-2008-1429, CVE-2008-1552
MD5 | 22e5a4d1c293c8e431da1d01bd9d9ee2
Digital Defense VRT Advisory 2008.11
Posted Apr 24, 2008
Authored by Digital Defense | Site digitaldefense.net

BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.

tags | advisory, web, root
advisories | CVE-2007-6378
MD5 | 97b22c9a16c638ad5d8a3727cfad7bfb
T208-CFP.txt
Posted Apr 24, 2008
Authored by T2 | Site t2.fi

T2'08 Call For Papers - Announcing the annual T2'08 conference, which will take place in Helsinki, Finland, from October 16 to 17, 2008. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.

tags | paper, conference
MD5 | 288304309a434e5331cc0170809f3c47
joomlajpad-sql.txt
Posted Apr 24, 2008
Authored by His0k4

The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | d19044c095683d24f39446363319e738
divx-Exploit.cpp.txt
Posted Apr 24, 2008
Authored by Luong Anh Hoang

DivX Player versions 6.7 and below .SRT subtitle parsing exploit. Spawns calc.exe.

tags | exploit
MD5 | 37d09fac44506ded108e7ed7c1f9e49e
W01-0408.txt
Posted Apr 24, 2008
Authored by Ruben Santamarta | Site wintercore.com

Wintercore Advisory - Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. RTKVHDA.sys versions below 6.0.1.5605 and RTKVHDA64.sys signed versions below 6.0.1.5605 are affected.

tags | advisory, local
MD5 | 47a309b2daf808a41f1509b4c34eb2bc
ProCheckUp Security Advisory 2007.44
Posted Apr 24, 2008
Authored by ProCheckUp | Site procheckup.com

RSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services.

tags | exploit, web, xss
MD5 | 235b73c9ce5e7d2b972b90fb6dc75713
ProCheckUp Security Advisory 2007.43
Posted Apr 24, 2008
Authored by ProCheckUp, Richard Brain | Site procheckup.com

A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11.

tags | exploit, remote, web
MD5 | ddc424c80bd593c395ae868dd66bb6e6
joomlaprofiler-sql.txt
Posted Apr 24, 2008
Authored by $hur!k'n

The Joomla Profiler component is susceptible to a blind SQL injection vulnerability.

tags | exploit, sql injection
MD5 | eacb279cfeaca40e231660078aecf4a9
youtubeclone-exec.txt
Posted Apr 24, 2008
Authored by Inphex

YouTube Clone Script remote code execution exploit that makes use of spages.php.

tags | exploit, remote, php, code execution
MD5 | ac115a8046e28aedc28b0e54b7b0ff7a
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close