what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2008-04-24

Debian Linux Security Advisory 1558-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.

tags | advisory, arbitrary, javascript
systems | linux, debian
advisories | CVE-2008-1380
SHA-256 | 54cd69b61e3be148c0982afc1ffa91bcd8480dcbf5b5e98263078fe15b23f17a
GNU SIP Witch Telephony Server
Posted Apr 24, 2008
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Introduction of system and anon user identifiers. Support for SMS message generation. Various other additions.
tags | telephony, protocol
SHA-256 | f89eab83455e2b396fc7450f39661af10d39cf4db79c3be9fec0c57d83687f73
HP Security Bulletin 2008-00.31
Posted Apr 24, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code.

tags | advisory, remote, arbitrary, activex
systems | windows
advisories | CVE-2008-0712
SHA-256 | d2c68d01d7d92218a04bd8dd7296a771503451b1a1c38220ecb64fbb76f638f7
Debian Linux Security Advisory 1534-2
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1534-2 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Second advisory released as a regression in mailnews handling has been fixed.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-4879, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241
SHA-256 | 0fb2b2835fb14979cbfd88d025ebea806c302f1580c57ee600cbdbb0f2011131
Debian Linux Security Advisory 1557-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.

tags | advisory, remote, web, arbitrary, local, php, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2008-1149, CVE-2008-1567, CVE-2008-1924
SHA-256 | b57bb9f9b51c75c5e6ff94c19c7379b4494471845ff2dd9879887fcc61ccf135
Debian Linux Security Advisory 1556-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.

tags | advisory, overflow, arbitrary, perl, code execution
systems | linux, debian
advisories | CVE-2008-1927
SHA-256 | 1799df7be8f51f594bdabae4c05cd39abaec64f61706fc8f035aaafe951cdbb4
nicelog-1.0.tgz
Posted Apr 24, 2008
Authored by xi4oyu

logtamper is a modified version of wtmpclean that also modifies UTMP and lastlog related entries.

tags | tool, rootkit
systems | unix
SHA-256 | 5dbf4006c99bb31134bc547b72082e90998cd71495487da8ef3897aefd71d69f
blindmysql.pdf
Posted Apr 24, 2008
Authored by ka0x

Blind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.

tags | paper, sql injection
SHA-256 | 8d89853d9dcac5bc068947c4c9f8c470ec5a392d5d24061e64d5913b14a15aaf
lotus-exec.txt
Posted Apr 24, 2008
Authored by Thomas Pollet

Lotus Symphony Expeditor suffers from an arbitrary code execution vulnerability via the handling of URIs with rcplauncher.

tags | exploit, arbitrary, code execution
SHA-256 | 8cf216c4e59a70e55502fe7fec3941d9c033cef86142adc1d1d5de3cff318816
lateral-sql-injection.pdf
Posted Apr 24, 2008
Authored by David Litchfield | Site ngssoftware.com

Lateral SQL Injection: A New Class of Vulnerability in Oracle.

tags | paper, sql injection
SHA-256 | 0db673b33010a9aa5626bc5198e1ef07be87e36a1d9a04d25e9c098c2c211bbe
Gentoo Linux Security Advisory 200804-28
Posted Apr 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.14 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | 2f2fde87331690075ed924224ebebe60af79ae25ffe3b980ec59bd262f2e8538
Gentoo Linux Security Advisory 200804-27
Posted Apr 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-1227, CVE-2008-1429, CVE-2008-1552
SHA-256 | c557c30f29c0f4d1061cf1d2c155c8d080bd5855a83bc9d1cbe8d1d1f91c09da
Digital Defense VRT Advisory 2008.11
Posted Apr 24, 2008
Authored by Digital Defense | Site digitaldefense.net

BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.

tags | advisory, web, root
advisories | CVE-2007-6378
SHA-256 | f2c9ac8b86a9e0d33d4b53388eda5237c00d9cc5ea5ae06886e22a0cf1505756
T208-CFP.txt
Posted Apr 24, 2008
Authored by T2 | Site t2.fi

T2'08 Call For Papers - Announcing the annual T2'08 conference, which will take place in Helsinki, Finland, from October 16 to 17, 2008. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.

tags | paper, conference
SHA-256 | 0e6b1a7b55856088a3234d7b563519e9a6c49eca693a26a51abc5a6911f08a56
joomlajpad-sql.txt
Posted Apr 24, 2008
Authored by His0k4

The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | b72317489536afc47cd10404a792d0fa9c885d3a63245b45330c76c26cf8b92f
divx-Exploit.cpp.txt
Posted Apr 24, 2008
Authored by Luong Anh Hoang

DivX Player versions 6.7 and below .SRT subtitle parsing exploit. Spawns calc.exe.

tags | exploit
SHA-256 | 5fd3b0737df96bea702a551de019800d022f49bf0b4c1a37e70f5693b5ad009e
W01-0408.txt
Posted Apr 24, 2008
Authored by Ruben Santamarta | Site wintercore.com

Wintercore Advisory - Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. RTKVHDA.sys versions below 6.0.1.5605 and RTKVHDA64.sys signed versions below 6.0.1.5605 are affected.

tags | advisory, local
SHA-256 | a6fc2d5582e8a71c4fed62361743ae6f26030ad35992614a9525a578ae75632c
ProCheckUp Security Advisory 2007.44
Posted Apr 24, 2008
Authored by ProCheckUp | Site procheckup.com

RSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services.

tags | exploit, web, xss
SHA-256 | 5a5d9dea5b1f25761e00eb31cbd27c0bbc1985757d23d7db73ef2b3ac1f40262
ProCheckUp Security Advisory 2007.43
Posted Apr 24, 2008
Authored by ProCheckUp, Richard Brain | Site procheckup.com

A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11.

tags | exploit, remote, web
SHA-256 | 68fa1ad35fc6aa8f665119119b0250479e6e7a337c5f298e8a27980b5aa6d42a
joomlaprofiler-sql.txt
Posted Apr 24, 2008
Authored by $hur!k'n

The Joomla Profiler component is susceptible to a blind SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 13d2bc848e882cd514adbbacb85a61bd31db139a20b27fe8177fddb0cc5e6c3d
youtubeclone-exec.txt
Posted Apr 24, 2008
Authored by Inphex

YouTube Clone Script remote code execution exploit that makes use of spages.php.

tags | exploit, remote, php, code execution
SHA-256 | aa1da564d6c430a3eb32b2b5363013467abab6ada4b8f3eecb09154851b8fcbf
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close