what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2009-05-24

IPT_PKD Iptables Port Knocking Detection
Posted May 24, 2009
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: This version adds support for libxtables, iptables 1.4.3.2, and Linux kernel 2.6.29. A port config option was added on the Python knock, so you don't have to have a bunch of UDP ports open on a firewall to pass a knock through to an internal client.
tags | tool, kernel, udp, firewall
systems | linux
SHA-256 | 5b042c182c7f4d1abb4ba5c65f008a56a8d223b186c847385863772e6c37ed45
PDFResurrect PDF Analyzer 0.6
Posted May 24, 2009
Authored by enferex | Site 757labs.com

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

Changes: No bugs were fixed. Some additions were made to the build system and a man page was added, but no tool functionality additions were made. The AUTHORS file was added. The install, uninstall, distclean, and .phony targets in Makefile.in were added or modified.
tags | tool, forensics
SHA-256 | cf35a2dbcc6076011b5ad1bf115619a109832b123bfa84ba7d96cdbb3dba42cf
Gentoo Linux Security Advisory 200905-3
Posted May 24, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-03 - Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. Versions less than 0.7.2 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2009-1574, CVE-2009-1632
SHA-256 | 79db0186e0cc0dc495c6259888fc48f6fb06ba32880bced4aca533b1b5782725
Gentoo Linux Security Advisory 200905-2
Posted May 24, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-02 - Multiple vulnerabilities in Cscope might allow for the remote execution of arbitrary code. James Peach of Apple discovered a stack-based buffer overflow in cscope's handling of long file system paths. Multiple stack-based buffer overflows were reported in the putstring function when processing an overly long function name or symbol in a source code file. Versions less than 15.7a are affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | linux, apple, gentoo
advisories | CVE-2009-0148, CVE-2009-1577
SHA-256 | 39a53c2338b13f7e41e4b96a38233fde0baf0ae4df73e52902baff339b347135
Saman Portal SQL Injection
Posted May 24, 2009
Authored by Securitylab Security Research | Site securitylab.ir

Saman Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5428235e71438689ffb30f246b45287125ad770b9f104b72d052cef0de7661f8
BASE Persistent / Reflective XSS
Posted May 24, 2009
Authored by Jabra

BASE, the Basic Analysis and Security Engine, suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d9a751bcb3f529c6b08274bfcd1ab03641b45d437840201bb3bc5afd38b94d4c
Mandriva Linux Security Advisory 2009-122
Posted May 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-122 - The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. The updated packages have been upgraded to the latest version of squirrelmail to prevent this.

tags | advisory, remote, arbitrary, shell, php
systems | linux, mandriva
advisories | CVE-2009-1381
SHA-256 | 4d625c059ac76fa426b4364168404a4461455a591f139796b5f4e3a268329ad9
phpWebFileManager 1.11 Bypass / Shell Upload
Posted May 24, 2009
Authored by Hakxer

phpWebFileManager version 1.11 suffers from bypass, cookie grabbing, and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, bypass
SHA-256 | dd155f183b061423052bbf10126792ce0e74ff908a82b2210b2ff665630e0e0f
Mole Group Restaurant Directory 3.0 Password Changer
Posted May 24, 2009
Authored by G4N0K

Mole Group Restaurant Directory Script version 3.0 remote administrative password changing exploit.

tags | exploit, remote
SHA-256 | dccfde3a29695d9c93d93aeffc0595b74c71e2e3b8b92ee71903ae0cc1ff217a
Mole Group Sky Hunter / Bus Ticket Scripts Password Changer
Posted May 24, 2009
Authored by G4N0K

Mole Group Sky Hunter / Bus Ticket Scripts administrative password changing exploit.

tags | exploit
SHA-256 | 83b97ddc7a2ac2965b842f762fed2eda5120fb46ecb4ee6913b02cc56a6ca755
Cute Editor File Disclosure
Posted May 24, 2009
Authored by Securitylab Security Research | Site securitylab.ir

Cute Editor suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | c0416e49862865db63c5af8fb10d9db7ca1a5292531384a0c8efbe01ce52e5e8
ZaoCMS Remote File Upload
Posted May 24, 2009
Authored by Qabandi

ZaoCMS suffers from an arbitrary remote file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
SHA-256 | 0a551ed3cf102bc00baf7514eb12c6829db4e8883ba13e9b9d5f88861d204ad5
ZaoCMS Remote Password Changer
Posted May 24, 2009
Authored by ThE g0bL!N | Site h4ckf0ru.com

ZaoCMS remote password changing exploit that leverages user_updated.php.

tags | exploit, remote, php
SHA-256 | a8a740733bcbe95cbcd6dd12891809e0d050c7d6c1bb3b87b4de55a63013ea0d
ZaoCMS SQL Injection
Posted May 24, 2009
Authored by Qabandi

ZaoCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 01e6368d79444139c6ef921da90c64d22062010ab22daca4eb23deee5c7b7da6
Debian Linux Security Advisory 1806-1
Posted May 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1806-1 - Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2009-0148
SHA-256 | 590b7b56f51b92b716841c881d2dc6ed98216cc086adc0ad81629be53ea6274b
Debian Linux Security Advisory 1805-1
Posted May 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2009-1373, CVE-2009-1375, CVE-2009-1376
SHA-256 | cbce861a8fc059dce0e2e207159753b832372c40084d4da5642331a83f7f5a29
IPFilter 4.1.31 Buffer Overflow
Posted May 24, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

IPFilter (ippool) version 4.1.31 suffers from a buffer overflow vulnerability in lib/load_http.c.

tags | advisory, overflow
advisories | CVE-2009-1476
SHA-256 | ea595d1447ea1af8e204d150f3cb9576525eeb7252cd579fb459959bd5be6114
Panda Generic Evasion
Posted May 24, 2009
Authored by Thierry Zoller

The Panda parsing engine can be bypassed by a specially crafted RAR archive.

tags | advisory
SHA-256 | 9ac3c241ee06ef07fe371b852889a42be9b6c33339e671ea7b19b30e46b88d46
Panda Generic Evasion
Posted May 24, 2009
Authored by Thierry Zoller

The Panda parsing engine can be bypassed by a specially crafted CAB archive.

tags | advisory
SHA-256 | fa9e2c473bbcd3968fb0d5ba3f2f9b5dadd39e366e25f2815a3d29269c8faac8
LxBlog XSS / SQL Injection
Posted May 24, 2009
Authored by Securitylab Security Research | Site securitylab.ir

LxBlog suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 9a14f7b147ef1b9cb6dee14dc66034e842d99d15f24258b7456ce71fbdbb387f
Debian Linux Security Advisory 1802-2
Posted May 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1802-2 - Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function.

tags | advisory, code execution
systems | linux, debian
advisories | CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581, CVE-2009-1381
SHA-256 | 427516df8ef9ab4b92105500b37d7a760f482163d4eb284532448ec29c628c7f
Tutorial Share 3.5.0 Insecure Cookie
Posted May 24, 2009
Authored by Evil-Cod3r | Site creativexploit.com

Tutorial Share versions 3.5.0 and below suffer from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
SHA-256 | e7b3b262c4c060c68005e85e157508577d8bca6e1c83ea1acde914acf3e7ed4e
WinAMP 5.551 MAKI Integer Overflow
Posted May 24, 2009
Authored by n00b

WinAMP version 5.551 MAKI parsing integer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 79a438459b02a79c54299b4afbcae5ffc93dd837c9066d555f9ce0a55365c530
WinAMP 5.55 Integer Overflow
Posted May 24, 2009
Authored by Encrypt3d.M!nd

WinAMP versions 5.55 and below MAKI script universal integer overflow exploit.

tags | exploit, overflow
SHA-256 | 90dc1c2c725ade3aabfe5ef8896bd4fcdc09660c242b7d05d47c760da0053e49
WinAMP 5.55 SEH Overwrite
Posted May 24, 2009
Authored by His0k4

WinAMP versions 5.55 and below MAKI script universal SEH overwrite exploit.

tags | exploit
SHA-256 | f94826f92efd36d62df6e4978119b9b375ea487e89205060f3e7030dcc2b3351
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close