what you don't know can hurt you
Showing 1 - 25 of 59 RSS Feed

Files Date: 2008-11-24

mp3nema-v0_2.tar.gz
Posted Nov 24, 2008
Authored by enferex | Site 757labs.com

MP3nema is a tool aimed at analyzing and capturing data that is hidden between frames in an MP3 file or stream, otherwise noted as "out of band" data. This utility also supports adding data between frames and capturing streaming audio.

Changes: Added wording to usage statement. Flushes out of band data file pointer when saving out of band data. Various other improvements.
tags | tool, forensics
MD5 | e337a7d716549a648a8986c0aa251b78
squid-nufw-helper-1.1.3.tar.gz
Posted Nov 24, 2008
Authored by Vincent Deffontaines

squid-nufw-helper is an external ACL helper for Squid that provides Single Sign On capabilities. It uses the NuFW firewall suite and supports the NuFW users SQL logging scheme. The module allows for strict SSO identification and authentication of users on any Squid proxy, including transparent proxies.

Changes: -a switch now useless. Handles automatic reconnection to MySQL sever.
tags | web
MD5 | cca0d60557dacbde89a68c7aeb0dad29
tcpip_lib51.zip
Posted Nov 24, 2008
Authored by Barak Weichselbaum | Site komodia.com

This is an open source TCP/IP library with asynchronous BlowFish and SSL support.

tags | tcp, library
MD5 | d6087fee246c6c42bc4ec3c0b3d481c2
googlechrome-obfuscate.tgz
Posted Nov 24, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome versions 0.2.149.30, 0.2.149.29, and 0.2.149.27 all suffer from a metacharacter URI obfuscation vulnerability. Proof of concept html included.

tags | exploit, proof of concept
MD5 | f26473051cd14f19ff80806f58c603dd
w3camayaid-overflow.txt
Posted Nov 24, 2008
Authored by r0ut3r

The W3C Amaya web browser version 10.1 remote stack overflow exploit that relates to the id tag.

tags | exploit, remote, web, overflow
MD5 | 77897fb9645b636d36a8b02e6af13e52
w3camayaurl-overflow.txt
Posted Nov 24, 2008
Authored by r0ut3r

The W3C Amaya web browser version 10.1 remote stack overflow exploit that relates to the URL bar.

tags | exploit, remote, web, overflow
MD5 | 1eec223521ad030ba7b2df70ef8184c8
Ubuntu Security Notice 676-1
Posted Nov 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-676-1 - It was discovered that WebKit did not properly handle Cascading Style Sheets (CSS) import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-3632
MD5 | 8a5e5897d00eb93d9617fef391c6490f
Ubuntu Security Notice 675-2
Posted Nov 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-675-2 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2008-2927
MD5 | ea94d1b091bd8ea5261270fa7ee60c66
Ubuntu Security Notice 675-1
Posted Nov 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532
MD5 | 0098420282844427f88f652caa74059f
Ubuntu Security Notice 674-2
Posted Nov 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-674-2 - USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to an internal archive problem, the updates for Ubuntu 7.10 would not install properly. This update provides fixed packages for Ubuntu 7.10. We apologize for the inconvenience. Original advisory details: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.

tags | advisory, denial of service, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-2940, CVE-2008-2941
MD5 | 170c37b69df0b3ced14308124d8d61aa
SVRT-05-08.txt
Posted Nov 24, 2008
Authored by SVRT | Site security.bkis.vn

SVRT-Bkis has detected a serious buffer overflow vulnerability in ffdshow which affects all available internet browsers. Taking advantage of the flaw, hackers can perform remote attack, inject viruses, steal sensitive information and even take control of the victim's system. Versions below rev2347 20081123 are affected.

tags | advisory, remote, overflow
MD5 | b6a3dd8bece7b239ec00f39b7876c1e8
videoscript-unofficialshell.txt
Posted Nov 24, 2008
Authored by G4N0K

VideoScript versions 3.0 through 4.1.5.55 unofficial shell injection exploit.

tags | exploit, shell
MD5 | 495c6bf1401fa706a308c8a068e82f93
videoscript-officialshell.txt
Posted Nov 24, 2008
Authored by G4N0K

VideoScript versions 3.0 through 4.0.1.50 official shell injection exploit.

tags | exploit, shell
MD5 | 770dae6a8b6447d112dc65413ab59d61
gooplecms-upload.txt
Posted Nov 24, 2008
Authored by X0r

Goople CMS version 1.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 73f52ace9ad2e5c032f14727795b0be0
pgjobsite-sql.txt
Posted Nov 24, 2008
Authored by ZoRLu

PG Job Site suffers a blind SQL injection vulnerability.

tags | exploit, sql injection
MD5 | fda66e74ab6f9575645589c981c0a6fa
pgroommate-sql.txt
Posted Nov 24, 2008
Authored by ZoRLu

PG Roomate Finder Solution suffers a SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
MD5 | 04f960a4e6e3b271fa22df0353b7f4c0
pgrealestate-sql.txt
Posted Nov 24, 2008
Authored by ZoRLu

PG Real Estate suffers a SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
MD5 | b900980ffcc6ee1c67c41b759c62626e
ms08-069.txt
Posted Nov 24, 2008
Authored by Jerome Athias

Microsoft XML Core Services DTD cross-domain scripting proof of concept exploit that makes use of the vulnerability noted in MS08-069.

tags | exploit, proof of concept
MD5 | 8441d49b0a83622e2aaabb81dfad45c2
linuxrsa-shellcode.txt
Posted Nov 24, 2008
Authored by XenoMuta | Site xenomuta.tuxfamily.org

295 bytes of Linux/x86 shellcode that appends a RSA key to /root/.ssh/authorized_keys2.

tags | x86, root, shellcode
systems | linux
MD5 | 7f6fd8532537a3a53db31db20e2d1c2e
linuxcb-shellcode.txt
Posted Nov 24, 2008
Authored by XenoMuta | Site xenomuta.tuxfamily.org

151 bytes of Linux/x86 connect-back shellcode that uses UDP port 54321 and executes tcpdump.

tags | x86, udp, shellcode
systems | linux
MD5 | 4596448404a8dcbee0473119c419a33e
openssh-cbc-adv.txt
Posted Nov 24, 2008
Site openssh.com

The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, they are unable to properly assess its impact.

tags | advisory, protocol
MD5 | d2688c59ac428caddd0526bb0979ec68
coms-xss.txt
Posted Nov 24, 2008
Authored by Pouya Server

COMS, or Contents and Object Management System, suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ecfa6892ab159ecc02bb956ef668bb0a
prozillahi-sql.txt
Posted Nov 24, 2008
Authored by Snakespc | Site snakespc.com

Prozilla Hosting Index suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a20129e7cd230281fc1d520c69f55ff6
netartblog-sql.txt
Posted Nov 24, 2008
Authored by Snakespc | Site snakespc.com

NetArtMedia Blog System suffers from a remote SQL injection vulnerability in image.php.

tags | exploit, remote, php, sql injection
MD5 | b38290c6dc247c3b877dee36f22304c4
netartcars-sql.txt
Posted Nov 24, 2008
Authored by Snakespc | Site snakespc.com

NetArtMedia Cars Portal suffers from a remote SQL injection vulnerability in image.php.

tags | exploit, remote, php, sql injection
MD5 | fd6bcbb00ba646fdcf10d6249e0922e0
Page 1 of 3
Back123Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close