exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 193 RSS Feed

Files Date: 2004-03-01 to 2004-03-31

OpenPKG Security Advisory 2004.6
Posted Mar 13, 2004
Authored by The OpenPKG Project, OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - UUDeview versions 0.5.19 and below suffer from buffer overflows and insecure temporary file handling.

tags | advisory, overflow
SHA-256 | 35b2899d2b0e07cb9d100c68b4cec7d29aa763fda2a6efb61170d8727b6a1d5d
extcompose.txt
Posted Mar 13, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

Extcompose, a function of the metamail package, fails to properly verify a file exists prior to writing to it, and will accept symbolic links, leaving it open to being an attack vector.

tags | advisory
SHA-256 | ecb0d56a71d017b5a7e9ee58f1fd7f55abb82c34705174f94c74945fd4205bde
Adv-20040312.txt
Posted Mar 13, 2004
Authored by Nick Gudov | Site s-quadra.com

S-Quadra Advisory #2004-03-12 - The Dogpatch Software CFWebstore 5.0 shopping cart is vulnerable to both SQL injection and cross site scripting attacks in the index.cfm script.

tags | advisory, xss, sql injection
SHA-256 | 1c7ff362dc7ffadb306a13d097aaf4be167f49df0e94f977e162345e13c85b23
listener-0.4.tgz
Posted Mar 12, 2004
Authored by Folkert van Heusden | Site vanheusden.com

This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.

Changes: If the sound ends, one can now let an external script/program be executed. Samples can now be compressed with several compression schemes.
systems | linux
SHA-256 | 04cf289583b05882168daf3389154243157121ae87c09f2719deb24c322efbbc
os-sim-0.9.1.tar.gz
Posted Mar 12, 2004
Authored by Dominique Karg, David Gil, Fabio Ospitia Trujillo, Julio Casal, Jesus D. Munoz | Site sourceforge.net

Os-sim attempts to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security. Supported platform is Linux.

Changes: Bug fixes.
tags | system logging
systems | linux, unix
SHA-256 | 7e5a0f94190655f731d026d3e6a77d99340c84b8f759db1e3c04a8c272afbfda
eckbox-v0.9b2.tar.bz2
Posted Mar 12, 2004
Authored by Nick Rupert | Site eckbox.sourceforge.net

Eckbox is van Eck phreaking software. It interprets a radio signal emanating from a computer's monitor to recreate the image (in black and white) that is displayed on it. This could be used as a valuable security tool for testing otherwise secure computers, or for developing hardware and software to counter this type of remote shoulder-surfing.

tags | remote
systems | unix
SHA-256 | 8cffcc5c970467fe2414deedfdb0a9281ff8f7cfe8584a1398f8e9675585c3a8
Pegasi022.txt
Posted Mar 12, 2004
Authored by Donato Ferrante | Site autistici.org

Pegasi Web Server aka PWS version 0.2.2 is susceptible to cross site scripting and directory traversal attacks due to a lack of input validation.

tags | exploit, web, xss
SHA-256 | ccd71dc5d0be8fa6f24ab7dc8902149371dfd6778c4a2812f4af37674bae8aa3
MyProxy20030629.txt
Posted Mar 12, 2004
Authored by Donato Ferrante | Site autistici.org

Due to a lack of proper input validation, cross site scripting flaws exist in MyProxy version 20030629.

tags | advisory, xss
SHA-256 | 41078aa5f506cbca271a880e944289d5e7e8c02397ef7ddf52bcaf65a7a9f401
hushmail_09-03-04.txt
Posted Mar 12, 2004
Authored by Calum Power

Various cross site scripting vulnerabilties exist in the hushmail.com site.

tags | advisory, xss
SHA-256 | d73566f676dd22af7f5a456848424ab6e59187f352f2cd0df4f994f998c084bd
CPANEL-2004:01-01.txt
Posted Mar 12, 2004
Authored by J. Nick Koston | Site support.cpanel.net

cPanel Security Advisory - CPANEL-2004:01-01 - When trying to change a user password in cPanel 8.x.x, it is possible to execute commands as root. cPanel suggests that administrators disable this feature until a fixed version is released.

tags | advisory, root
SHA-256 | de07214fb14cedfac34abe7008de692d19d39c9a9c15972e2b70d9b2a04ff003
cpanelroot.txt
Posted Mar 12, 2004
Authored by Arab VieruZ

When trying to change a user password in Cpanel 8.x.x, it is possible to execute commands as root. Exploitation included.

tags | exploit, root
SHA-256 | b0fe35e9a94148384b318c44d5d223fd32ceb4ef21173dbdf28866c4156cc642
battlemagy.zip
Posted Mar 12, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Exploit for testing a specific server to see if it is susceptible to a denial of service vulnerability found in Battle Mages versions 1.0 for Windows.

tags | exploit, denial of service
systems | windows
SHA-256 | d2b584ade89590a754df4dbb854ff00858da8fc92a75afa919ef94377d3fc991
battlemages-adv.txt
Posted Mar 12, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Battle Mages versions 1.0 for Windows is vulnerable to a denial of service server freeze. It infinitely loops when trying to read an expected data block after being sent incomplete data.

tags | advisory, denial of service
systems | windows
SHA-256 | a1218e65d7cbe334c606426ef75b9583a74defddc3520cbb77e1caccfb06cab3
adore-ng-0.41.tgz
Posted Mar 12, 2004
Authored by teso, stealth | Site team-teso.net

Adore is a Linux LKM based rootkit for Linux v2.[246]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.

Changes: Ported to 2.6 and fixed a buffer overflow from version 0.32.
systems | linux
SHA-256 | f7f3132f7abb9f75bf1761c20916f778d3487efed3356124798ff769d61224c4
prismstumbler-0.7.1.tar.bz2
Posted Mar 11, 2004
Authored by Florian Boor | Site prismstumbler.sourceforge.net

Prismstumbler is software which finds 802.11 (W-LAN) networks. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. It is designed to be a flexible tool to find as much information about wireless LAN installations as possible. Because of its client-server architecture the scanner engine may be used for different frontends.

Changes: Major and minor bug fixes.
tags | tool, wireless
SHA-256 | 72713c29ba98a5edd5dd155d69d03c8aac5f83df2bdacc7135c9bdb215668f3e
RHSA-2004:093-01.txt
Posted Mar 11, 2004
Site redhat.com

Red Hat Security Advisory RHSA-2004:093-01 - Alan Cox discovered a vulnerability in the systat package where the post and trigger scripts insecurely created temporary filenames, allowing for a symlink attack using /tmp.

tags | advisory
systems | linux, redhat
advisories | CVE-2004-0107
SHA-256 | 7f35413d7406806fe9f4889a2af2a17ef8d1c07ba68514c7a19b918b236d1707
unrfs-poc.zip
Posted Mar 11, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Remote exploit for the Unreal game engine for Windows, MacOS, and Linux that makes use of a format string bug. This proof-of-concept is a proxy server able to modify the Unreal packets in real-time allowing the insertion of %n into the class names sent by the client to the server causing the remote crash. Games affected: America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, Tactical Ops, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, and XIII.

tags | exploit, remote
systems | linux, windows
SHA-256 | 87f327452ec46e6b01fe3b3812aa44923bf4c03bcf59360267ddca9d1b307e79
ap-utils-1.4.1pre3.tar.bz2
Posted Mar 11, 2004
Authored by roma | Site ap-utils.polesye.net

Access Point Utilities for Unix is a set of utilities that configure and monitor a Wireless Access Point under Unix. It is known to compile (with GCC and the IBM C compiler) and run under Linux, FreeBSD, OpenBSD, MacOS X, AIX, and QNX.

Changes: Now works on Sun Solaris, bigendian fixes, MacOS X build fixed, updated to work with SysV curses, Ukrainian translation and docs update.
tags | tool, wireless
systems | linux, unix, freebsd, openbsd, aix, osx
SHA-256 | 0389286b9521691014e34e17612c2dcfe8bd007f7ea4a673870e7418734fa223
anubisexp.c
Posted Mar 11, 2004
Authored by CMN

Remote root exploit for GNU Anubis 3.6.2.

tags | exploit, remote, root
SHA-256 | 3706cc19a90101297f16f0d876bb10fb413ee57eb509b253379de3d1b73e99e6
unrealEngine.txt
Posted Mar 11, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

The Unreal game engine for Windows, MacOS, and Linux has a format string bug that allows an attacker to remotely crash or execute malicious code on the server. Games affected: America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, Tactical Ops, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, and XIII.

tags | advisory
systems | linux, windows
SHA-256 | e0ba75525b76f3a8f0df41fe6ab0de28307f96f2564e4076dce7b1591c77c934
wMCam21348.txt
Posted Mar 11, 2004
Authored by Donato Ferrante | Site autistici.org

wMCam server version 2.1.348 is susceptible to a denial of service attack when in excess of 300 connections are made to it each supplying a small amount of non-standard data.

tags | advisory, denial of service
SHA-256 | 4655458b570f61dc784e7404370a9406fbf36e74b4e0c13b3c96c5752521fada
outlook032004.txt
Posted Mar 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

Microsoft Outlook contains a vulnerability which allows execution of arbitrary code when a victim user views a web page or an e-mail message created by an attacker. According to Microsoft the affected supported versions are Microsoft Office XP SP2 and Microsoft Outlook 2002 SP 2. Some earlier versions are vulnerable too, but not supported by the vendor.

tags | advisory, web, arbitrary
SHA-256 | a99f1c18ee04688594c6a52ed176afb519764b78f2f8e40fa19a9bee468e49b3
db2rmtcmd.txt
Posted Mar 11, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR09032004 - IBM's DB2 version 8.1 Enterprise Edition on Windows has a remote command server that runs as db2admin, but can have commands executed by a guest account, allowing for privilege escalation.

tags | advisory, remote
systems | windows
SHA-256 | 10520a56141855f73494c0672207628263e7a584f82ffe7e004331c3851054d9
chatanywhere.txt
Posted Mar 11, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Chat Anywhere versions 2.72 and below allow a remote attacker to add %00 before their nickname which keeps an administrator from being able to ban or kick the user from a room.

tags | advisory, remote
SHA-256 | 14185128d96eeea5b3852b9a09a83448b0516fa5957d6054b51ca837a5bf1d46
automake183.txt
Posted Mar 11, 2004
Authored by Stefan Nordhausen

GNU automake versions below 1.8.3 insecurely create temporary directories.

tags | advisory
SHA-256 | 4fe8ec255d16150836017807977251cf7d3bd4e1d16ae0888f7192f69264f718
Page 6 of 8
Back45678Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close