what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 162 RSS Feed

Files Date: 2004-01-01 to 2004-01-31

012004.gaim.txt
Posted Jan 26, 2004
Authored by Stefan Esser | Site security.e-matters.de

GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.

tags | advisory, remote, overflow
advisories | CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008
SHA-256 | 69198b878df83c96f86ad50feb5e689f19d7e2d127dade49757b71dc6062227c
Beltane Web-Based Management For Samhain
Posted Jan 26, 2004
Site la-samhna.de

Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.

Changes: Various bug fixes.
tags | tool, web, intrusion detection
systems | unix
SHA-256 | 20540173a5520bc1553ddd8caea1575a4f9692b2f89f940be0c01977f4d0d8b3
servu.c
Posted Jan 26, 2004
Authored by mslug, kkqq

Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.

tags | exploit, remote, overflow
SHA-256 | 6de0ca83361dce52c08b5b33a10843f9f30d275a37f278cc1b412a7f0b524d08
nextplace.txt
Posted Jan 26, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

NextPlace.com E-Commerce ASP engine is susceptible to a cross site scripting vulnerability.

tags | exploit, xss, asp
SHA-256 | 2f8af53e9dfea6fe76abccd8960b5ec38f7d3444654525851e6ed78612f36c2e
inrtra.txt
Posted Jan 26, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

Inrtra Forum is susceptible to a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ca0e46d20d49830a841e047a4df9766b3d3bd389d20c6872a8d8aeb7d6bf63c8
BWStraversal.txt
Posted Jan 26, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

BWS or Borland Web Server, which is used as the Corel Paradox relational database interface, lacks input validation and is subject to directory traversal attacks. Versions 1.0b3 and below are affected.

tags | exploit, web
SHA-256 | 8aa1c69b7c9c73d721abc38cc5f94f0d8119336e8aaff6c08fbd7a4b4880b3b7
reptile.txt
Posted Jan 26, 2004
Authored by Donato Ferrante | Site autistici.org

Reptile, the web server written completely in Python, has a flaw that allows for completely CPU resource consumption which results in a denial of service.

tags | advisory, web, denial of service, python
SHA-256 | a93f3311cb6315dce56853e60c9cb0e50ed262ea0e036374fa50343fe062f00a
tinyServer1.1.txt
Posted Jan 26, 2004
Authored by Donato Ferrante | Site autistici.org

Tiny HTTP Server versions 1.1 and 1.0.5 are vulnerable to directory traversal, denial of service, and cross site scripting bugs. Examples provided.

tags | exploit, web, denial of service, xss
SHA-256 | 94d202695ed7e71eeb74c905557c9600d4fab98f445abaea4f073aba55c6bc8a
servu.txt
Posted Jan 26, 2004
Authored by kkqq | Site 0x557.org

Serv-U FTP server versions 4.2 and below have an internal memory buffer that may be overrun while handling the site chmod command with a filename containing excessive data.

tags | advisory, overflow
SHA-256 | 84037bdd2e889eb4c304d27f52b7dc0aa43b1fdf201d847e3046010337287090
Samhain File Integrity Checker
Posted Jan 26, 2004
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: See documentation.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 68345407cba1f09274d48ec3d1f9b56fb49df168927a103018da433acb4f756f
Adv-20040123.txt
Posted Jan 24, 2004
Authored by Nick Gudov

S-Quadra Advisory #2004-01-23 - QuadComm Q-Shop ASP Shopping Cart Software has multiple SQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection, asp
SHA-256 | f1b225be449f443f70ea6b3605dee7d993e92086915c6e0a6b3e035f1ba4755d
finjanSurfinGate.txt
Posted Jan 23, 2004
Authored by David Byrne

When running in proxy mode, properly crafted requests sent to Finjan SurfinGate versions 6 and 7 can mimic control commands. Known vulnerabilities include viewing log data and causing the service to restart, potentially resulting in a DoS situation. The architecture for this application suggests there is a potential for modifying the filtering policy as well. The vendor has ignored the problem for over a year.

tags | exploit, vulnerability
SHA-256 | 572f4e17a711d98d530166340377eea87699bc44b226915bbaab6ea14b6fba74
novellNetware.txt
Posted Jan 23, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

Novell Netware Enterprise web server versions 5.1 and 6.0 are vulnerable to various cross site scripting, path dislosure, and directory listing attacks.

tags | exploit, web, xss
SHA-256 | 6fa6232eddd35425923014566186261bae4069faaff0f01545f187bf7e4f140e
netbusWeb.txt
Posted Jan 23, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

The NetBus web server that comes as part of the trojan is susceptible to a directory listing and remote file upload vulnerability when a trailing / or ./ is appended to the URL.

tags | exploit, remote, web, trojan, file upload
SHA-256 | a6237e6da8ad8b78741dec936856ce7e954fdb332dab3a0e635e29a581aafeca
freesco.txt
Posted Jan 23, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

Version 2.05 of the Freesco thttpd server is susceptible to a cross site scripting attack.

tags | exploit, xss
SHA-256 | 7586f60c26ce3791038b0f784a97cbdca327bb195524fa1e6f30051b6a45b9f4
geoHTTP.txt
Posted Jan 23, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

GeoHttpServer is vulnerable to an authentication bypass and a denial of service attack.

tags | exploit, denial of service
SHA-256 | faae912330fa19a378bed24073e7eb019129f317801a1925873ee8dc480e0be3
nfshp2cbof.zip
Posted Jan 23, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Need for Speed Hot Pursuit 2 remote exploit that makes use of a vulnerable client that is susceptible to a buffer overflow attack by a hostile server.

tags | exploit, remote, overflow
SHA-256 | 41b60c7f18b4a9ed723e56c839d1b5d8fdd42fbaa041b262da167f206486b356
nfshp2cbof-adv.txt
Posted Jan 23, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Need for Speed Hot Pursuit 2 has a vulnerable client that is susceptible to a buffer overflow attack by a hostile server. The buffer overflow occurs when too long of a string is sent back to the client during an information query. Electronic Arts has not bothered to even return e-mails regarding this problem.

tags | advisory, overflow
SHA-256 | 88337ed5ab04b4df56e133195ed4bc9fac508d02013e72364ab9d389beedd45e
tbeBanner.txt
Posted Jan 22, 2004
Authored by Ed J. Aivazian

Native Solutions TBE Banner Engine is vulnerable to allowing an attacker to embed code to be executed by the server when text for a banner is added.

tags | advisory
SHA-256 | 43999b685c90f211882d78c44839bf9cf8756ab84c83b7fca7f5e6504434fef9
Nmap Scanning Utility 3.50
Posted Jan 21, 2004
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.

Changes: Integrated a ton of service fingerprints, increasing the number of signatures more than 50%. Various bug fixes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | dffa36ef20f7434a230e466f79f58755fb2ea3a9c673b2bd21810a595f14d06a
Cisco Security Advisory 20040121-voice
Posted Jan 21, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory 20040124 - The default installation of Cisco voice products on the IBM platform will install the Director Agent in an unsecure state, leaving the Director services vulnerable to remote administration control and/or Denial of Service attacks. The vulnerabilities can be mitigated by configuration changes and Cisco is providing a repair script that will close the vulnerable ports and put the Director agent in secure state without requiring an upgrade.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
SHA-256 | b014c3dae8a8c72af048e37ac74be6fdee1da91c923dba8d3a96583cfee56393
honeyd-2004-001.txt
Posted Jan 21, 2004
Authored by Niels Provos | Site honeyd.org

Honeyd is vulnerable to remote detection via a simple probe packet. All versions up to 0.8 are susceptible.

tags | advisory, remote
SHA-256 | cde958c21a34416d46b6613084575197d925bacde71a75b0abc1b5d2e44574f6
WebcamXP.txt
Posted Jan 21, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

WebcamXP versions 1.06.945 is susceptible to a cross site scripting attack.

tags | advisory, xss
SHA-256 | 6f7ddb9ae2a81dc995c905640c0b63ca8f6977f311391f05756247ab0490786c
SRT2004-01-17-0425.txt
Posted Jan 21, 2004
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations Advisory SRT2004-01-17-0425 - Ultr@VNC, the client/server software that allows you to remotely control a computer over any TCP/IP connection, has a faulty ShellExecute() statement that allows a local attacker to gain SYSTEM access.

tags | advisory, local, tcp
SHA-256 | f28f3ed6c815915416535420f36bf7ce30645cb63ebc9a1df339d53450bf5b4b
SCSA026.txt
Posted Jan 21, 2004
Authored by frog-man | Site Security-Corp.com

Security Corporation Security Advisory [SCSA-026]: A vulnerability has been discovered in DUWARE Products, which allows malicious users to become administrators. It affects approximately 15 different products in all.

tags | exploit
SHA-256 | 0c960411e961d7e65a618c303917edb4acbe482261e21a68ece0032a7e326fb9
Page 2 of 7
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close