what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 193 RSS Feed

Files Date: 2004-03-01 to 2004-03-31

Posted Mar 17, 2004
Authored by James Bercegay | Site gulftech.org

Jelsoft vBulletin 3.0.0 RC4 and other releases and susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 9ba7da743e628349c8ee4a1a744b90aa09ff076bcd1c22b86689eb34a1126b4e
Posted Mar 17, 2004
Authored by Angelo Rosiello | Site rosiello.org

Local exploit for the Crafty game versions 19.3 and below that makes use of a buffer overflow vulnerability. Tested on Red Hat 9.0 and Slackware 8.0.

tags | exploit, overflow, local
systems | linux, redhat, slackware
SHA-256 | 82dbacb90891acc5cb1caec18b225e003314199535445fa71cd2de41626faf7d
Posted Mar 17, 2004
Authored by Debian | Site rosiello.org

A vulnerability exists in the Crafty game versions 19.3 and below that allows a local user to escalate privileges via a buffer overflow.

tags | advisory, overflow, local
SHA-256 | d713ebffde11218f34d8b01dc14e79a08b13899fd42c6dc9b3f2f306677c6691
Posted Mar 17, 2004
Authored by James Bercegay

Cross site scripting vulnerabilities exists in Phorum versions 5.0.3 Beta and below.

tags | exploit, vulnerability, xss
SHA-256 | 5b4e2faeef8fc7c76847ad3ef1332b7b89e7e904e4fcb3dad65ce3a6d8adb457
Posted Mar 17, 2004
Authored by Janek Vind aka waraxe

Both cross site scripting and SQL injection vulnerabilities exist in the 4nGuestbook version 0.92 module for PHP-Nuke versions 6.5 through 6.9.

tags | exploit, php, vulnerability, xss, sql injection
SHA-256 | f732ec2b913b6d095bd8180dac6ad638b87e3c15c8c333cfdacde98395e7fb6d
Posted Mar 17, 2004
Authored by Janek Vind aka waraxe

The 4nalbum module for PHP-Nuke versions 6.5 to 7.0 suffers from path disclosure, cross site scripting, remote file inclusion, and SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection, file inclusion
SHA-256 | b72910a8ea7f3795a3370ca420ebdd0d9f784cdcd93d78ee2fde747165559de9
Posted Mar 17, 2004
Authored by Janek Vind aka waraxe

PHP-Nuke 7.1.0 is susceptibel to multiple cross site scripting attacks.

tags | exploit, php, xss
SHA-256 | bf21be75eb9e862841810c4026922d4b2d10f41775f4e6120c0f1755aee6e9a2
Posted Mar 17, 2004
Authored by Amit Klein | Site SanctumInc.com

Multiple vendors suffer from a denial of service vulnerability in their SOAP servers. Products affected: Macromedia ColdFusion/MX 6.0 and 6.1, ColdFusion/MX 6.0 and 6.1 J2EE, all editions of Macromedia JRun 4.0, and Sun Java System Application Server 7 Update 2 Upgrade and prior releases.

tags | advisory, java, denial of service
SHA-256 | edfd88863f29ed6adcb5fa19d6baa42407918c5ba0a3e4f0296be2a21ea83fbd
Posted Mar 16, 2004
Authored by Chris Irvine | Site macromedia.com

Macromedia Security Bulletin MPSB04-03 - Macintosh versions of the Macromedia installers and e-licensing client install a service whose file permissions allow other users to write to the file. This may allow one local user to obtain the permissions of another local user, resulting in privilege escalation.

tags | advisory, local
SHA-256 | 06569fc73f56b134f1c6ccc379a1250b834fd97e8c4fbcb362ffbf3611186893
Posted Mar 16, 2004
Site support.novell.com

Novell has identified an issue with the default configuration of GroupWise 6 and 6.5 WebAccess that could allow unauthorized access to the WebAccess server. This issue affects only systems running GroupWise 6 or 6.5 WebAccess on NetWare using the Apache 1.3x web server and where Apache is loaded using the GWAPACHE.CONF file.

tags | advisory, web
SHA-256 | 3af321a0b71da464f106be0cbfd62b884c6d174fcc11563a1739cc9ed3673c13
Posted Mar 16, 2004
Site otn.oracle.com

Oracle Security Alert 66 - Security vulnerabilities have been discovered in Oracle Application Server Web Cache 10g ( and Oracle9i Application Server Web Cache.

tags | advisory, web, vulnerability
SHA-256 | 2265276da46e246bf16627f4b8bd512ba4c18a873a847af0740783b7284199f8
Posted Mar 16, 2004
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: Various bug fixes and feature enhancements.
tags | tool, integrity
systems | windows, unix
SHA-256 | 13c2dfdd859d8d5178d0d1ad9dcc054cee17dac78a9d3eafda495df62b259f65
Posted Mar 16, 2004
Authored by Corvus V Corax | Site motiontrack.sourceforge.net

Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.

systems | linux
SHA-256 | a6939f44565f5b1c0b8a867e6690d784222af761336425e7e8d7c2b506415bf4
Posted Mar 16, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

VocalTec Gateway version 8 has multiple vulnerabilities. Using an information disclosure vulnerability existant in this server, an attacker can then traverse directories when treating the file as a directory, and gain access to any file normally protected.

tags | exploit, vulnerability, info disclosure
SHA-256 | d2d7e12389fdeb8f5acccd3265801cd775e76256b88501a5b4d43b3d6ea8a296
Posted Mar 16, 2004
Authored by John Layman

WS_FTP Pro versions 8.02 and below suffer from a buffer overrun when ASCII mode directory data is passed to the client from the server. If the data exceeds 260 bytes without a terminating CR/LF, the application will crash. Arbitrary code execution is possible.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | 053fdbe09d3248b0bcb77193ec1300cfa9c274c9284e37fa1da31338c10879d8
Posted Mar 16, 2004
Authored by Dave Aitel | Site immunitysec.com

Immunity Security Advisory - The Compaq Web Management system (HP HTTP) has a bug in its validation system that allows an anonymous user to upload trusted certificates.

tags | advisory, web
SHA-256 | abd992377e84fc44d38444954b8896715b7619fe2c505a46a3639e73084980f2
Posted Mar 16, 2004
Authored by Dave Aitel | Site immunitysec.com

Immunity Security Advisory - Remotely exploitable stack overflows exist in Computer Associates Unicenter TNG Utilities awservices.exe. Successful exploitation elevates an attacker to SYSTEM privileges. All known versions of Unicenter TNG 2.4 are affected.

tags | advisory, overflow
SHA-256 | 1625a608ed26cffca06238ca193f1bde9f9b610f98606c2b6088043899bef4c8
Posted Mar 16, 2004
Authored by Angelo Rosiello, rosiello | Site rosiello.org

Remote exploit for MDaemon Mail Server versions 6.52 to 6.85 that makes use of a buffer overflow in its raw message handler. This exploit has only been tested on Windows XP Home and Pro Edition (Dutch) SP1.

tags | exploit, remote, overflow
systems | windows
SHA-256 | f2ad6f0382c6310f3658254e54ad15974683f2ce8e29ff239c7888bb1e7b02fd
Posted Mar 15, 2004
Authored by Vic Abell

Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It is useful for pinpointing which process is using each network socket. FAQ available here.

Changes: Supports reporting of TCP flags, socket options, and states. Adds support for OS X 10.3.2, improved POSIX support, added compatability with newer OS's, and fixed some bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | c23ef6493b89ac1e98a180640c4541f79189ca5c60c354f9a7c0ce4584e1b47a
Posted Mar 15, 2004
Authored by Pokleyzz | Site scan-associates.net

phpBB versions 2.0.6 and below suffer from a SQL injection vulnerability in the search.php file. Workaround included.

tags | advisory, php, sql injection
SHA-256 | 44c9e7e77f8b0035b663e5007df768b98d174db76143681916d252a11e5bef0a
Posted Mar 15, 2004
Authored by Cheng Peng Su

YaBB 1 Gold and YaBB SE 1.5.1 Final are both susceptible cross site scripting attacks.

tags | exploit, xss
SHA-256 | a7f9088dbb62d0ccaacc4cb36fbe64c2510ec07a174ee7239c8ac9e9139f9d0a
Posted Mar 15, 2004
Authored by d3thstar | Site rootthief.com

Opera version 7.23 on Linux and Windows is susceptible to a denial of service attack.

tags | exploit, denial of service
systems | linux, windows
SHA-256 | f1b8be232303b141d1bda5a5d7fdd2031d5d44123151705e76ac664178c83549
Posted Mar 15, 2004
Authored by James Bercegay | Site gulftech.org

phpBB versions 2.0.6d and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0f69c90c7244bc04e1403480f08e24c47a0ed84ae9e2d13eb580f312f385f800
Posted Mar 13, 2004
Authored by Brady Alleman, Douglas E. Warner | Site netmrg.net

NetMRG is a database-driven network monitoring and graphing tool for use on Linux systems. It offers an intuitive web-based configuration, customized monitoring capabilities for unusual situations, a fast multi-threaded polling application, and brilliant graphs rendered by RRDTOOL.

tags | web
systems | linux
SHA-256 | fdba0efe571d4bba7106954850a6c8ea4b787974a0ee66719ecf49f3937d9073
Posted Mar 13, 2004
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Various bug fixes and feature enhancements.
tags | web, imap
systems | cisco
SHA-256 | 913be04024b19d6c629e70b277350275d61d85481ff36af6ec37cf13454a998b
Page 5 of 8

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By