exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2008-04-24

Debian Linux Security Advisory 1558-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.

tags | advisory, arbitrary, javascript
systems | linux, debian
advisories | CVE-2008-1380
SHA-256 | 54cd69b61e3be148c0982afc1ffa91bcd8480dcbf5b5e98263078fe15b23f17a
GNU SIP Witch Telephony Server
Posted Apr 24, 2008
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Introduction of system and anon user identifiers. Support for SMS message generation. Various other additions.
tags | telephony, protocol
SHA-256 | f89eab83455e2b396fc7450f39661af10d39cf4db79c3be9fec0c57d83687f73
HP Security Bulletin 2008-00.31
Posted Apr 24, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code.

tags | advisory, remote, arbitrary, activex
systems | windows
advisories | CVE-2008-0712
SHA-256 | d2c68d01d7d92218a04bd8dd7296a771503451b1a1c38220ecb64fbb76f638f7
Debian Linux Security Advisory 1534-2
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1534-2 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Second advisory released as a regression in mailnews handling has been fixed.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-4879, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241
SHA-256 | 0fb2b2835fb14979cbfd88d025ebea806c302f1580c57ee600cbdbb0f2011131
Debian Linux Security Advisory 1557-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.

tags | advisory, remote, web, arbitrary, local, php, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2008-1149, CVE-2008-1567, CVE-2008-1924
SHA-256 | b57bb9f9b51c75c5e6ff94c19c7379b4494471845ff2dd9879887fcc61ccf135
Debian Linux Security Advisory 1556-1
Posted Apr 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.

tags | advisory, overflow, arbitrary, perl, code execution
systems | linux, debian
advisories | CVE-2008-1927
SHA-256 | 1799df7be8f51f594bdabae4c05cd39abaec64f61706fc8f035aaafe951cdbb4
Posted Apr 24, 2008
Authored by xi4oyu

logtamper is a modified version of wtmpclean that also modifies UTMP and lastlog related entries.

tags | tool, rootkit
systems | unix
SHA-256 | 5dbf4006c99bb31134bc547b72082e90998cd71495487da8ef3897aefd71d69f
Posted Apr 24, 2008
Authored by ka0x

Blind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.

tags | paper, sql injection
SHA-256 | 8d89853d9dcac5bc068947c4c9f8c470ec5a392d5d24061e64d5913b14a15aaf
Posted Apr 24, 2008
Authored by Thomas Pollet

Lotus Symphony Expeditor suffers from an arbitrary code execution vulnerability via the handling of URIs with rcplauncher.

tags | exploit, arbitrary, code execution
SHA-256 | 8cf216c4e59a70e55502fe7fec3941d9c033cef86142adc1d1d5de3cff318816
Posted Apr 24, 2008
Authored by David Litchfield | Site ngssoftware.com

Lateral SQL Injection: A New Class of Vulnerability in Oracle.

tags | paper, sql injection
SHA-256 | 0db673b33010a9aa5626bc5198e1ef07be87e36a1d9a04d25e9c098c2c211bbe
Gentoo Linux Security Advisory 200804-28
Posted Apr 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than are affected.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | 2f2fde87331690075ed924224ebebe60af79ae25ffe3b980ec59bd262f2e8538
Gentoo Linux Security Advisory 200804-27
Posted Apr 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-1227, CVE-2008-1429, CVE-2008-1552
SHA-256 | c557c30f29c0f4d1061cf1d2c155c8d080bd5855a83bc9d1cbe8d1d1f91c09da
Digital Defense VRT Advisory 2008.11
Posted Apr 24, 2008
Authored by Digital Defense | Site digitaldefense.net

BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.

tags | advisory, web, root
advisories | CVE-2007-6378
SHA-256 | f2c9ac8b86a9e0d33d4b53388eda5237c00d9cc5ea5ae06886e22a0cf1505756
Posted Apr 24, 2008
Authored by T2 | Site t2.fi

T2'08 Call For Papers - Announcing the annual T2'08 conference, which will take place in Helsinki, Finland, from October 16 to 17, 2008. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.

tags | paper, conference
SHA-256 | 0e6b1a7b55856088a3234d7b563519e9a6c49eca693a26a51abc5a6911f08a56
Posted Apr 24, 2008
Authored by His0k4

The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | b72317489536afc47cd10404a792d0fa9c885d3a63245b45330c76c26cf8b92f
Posted Apr 24, 2008
Authored by Luong Anh Hoang

DivX Player versions 6.7 and below .SRT subtitle parsing exploit. Spawns calc.exe.

tags | exploit
SHA-256 | 5fd3b0737df96bea702a551de019800d022f49bf0b4c1a37e70f5693b5ad009e
Posted Apr 24, 2008
Authored by Ruben Santamarta | Site wintercore.com

Wintercore Advisory - Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. RTKVHDA.sys versions below and RTKVHDA64.sys signed versions below are affected.

tags | advisory, local
SHA-256 | a6fc2d5582e8a71c4fed62361743ae6f26030ad35992614a9525a578ae75632c
ProCheckUp Security Advisory 2007.44
Posted Apr 24, 2008
Authored by ProCheckUp | Site procheckup.com

RSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent for Web for Internet Information Services.

tags | exploit, web, xss
SHA-256 | 5a5d9dea5b1f25761e00eb31cbd27c0bbc1985757d23d7db73ef2b3ac1f40262
ProCheckUp Security Advisory 2007.43
Posted Apr 24, 2008
Authored by ProCheckUp, Richard Brain | Site procheckup.com

A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent for Web for Internet Information Services in conjunction with Mozilla Firefox

tags | exploit, remote, web
SHA-256 | 68fa1ad35fc6aa8f665119119b0250479e6e7a337c5f298e8a27980b5aa6d42a
Posted Apr 24, 2008
Authored by $hur!k'n

The Joomla Profiler component is susceptible to a blind SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 13d2bc848e882cd514adbbacb85a61bd31db139a20b27fe8177fddb0cc5e6c3d
Posted Apr 24, 2008
Authored by Inphex

YouTube Clone Script remote code execution exploit that makes use of spages.php.

tags | exploit, remote, php, code execution
SHA-256 | aa1da564d6c430a3eb32b2b5363013467abab6ada4b8f3eecb09154851b8fcbf
Page 1 of 1

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By