exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 35 of 35 RSS Feed

Files Date: 2004-06-22 to 2004-06-23

0406211.txt
Posted Jun 22, 2004
Authored by Paul Kurczaba | Site kurczaba.com

A user can deny access to the web-based administration by establishing 7 connections to the web-based administration port (80) in the Netgear FVS318 VPN Router. Until the 7 connections are closed, the router administrator cannot access the web-based administration.

tags | advisory, web
SHA-256 | 77be9a97404a9717378c0f2ab65614511596841eee00cf9f40135e461979c75c
iss7bypass.txt
Posted Jun 22, 2004
Authored by Chris Hurley | Site assureddecisions.com

Users of Internet Scanner 7 from ISS can bypass license restrictions due to a key bypass flaw.

tags | advisory
SHA-256 | bb3871b4ccbc9d65dd1ff8985c5fc1269a333b4183fe4611dc028efc5f5a0b58
code.zip
Posted Jun 22, 2004
Authored by Jelmer Kuperus | Site jelmer.homedns.org

Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.

tags | exploit
SHA-256 | 969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530
ircd-hybrid.txt
Posted Jun 22, 2004
Authored by Erik Sperling Johansen

Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.

tags | exploit
SHA-256 | 55974cc18c7257c5e90e2f3887ac897970b45e11380ca3ee193ebdcf9304a993
dnsone.txt
Posted Jun 22, 2004
Authored by Gregory Duchemin

It has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.

tags | advisory, arbitrary, code execution
SHA-256 | 834a3a0d683b2f180754f7d96f8cbc06c96db82fa7ecf2da5fe00ff2985869ab
eEye.ibm.txt
Posted Jun 22, 2004
Authored by Drew Copley, http-equiv | Site eeye.com

eEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed eGatherer activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. This is installed by default on many popular IBM PC models.

tags | advisory, web, activex
SHA-256 | 6599862e14320181a6e068e3cea972c1e37c7c9c9660660f00865030c0c1566a
dsa-521.txt
Posted Jun 22, 2004
Authored by jaguar | Site debian.org

Debian Security Advisory DSA 521-1 - A format string vulnerability has been discovered in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2004-0451
SHA-256 | c97c96287dc17e80c241ce806844485d5301d9292c2078a15e158a669306eb14
wasabi-0.2.tgz
Posted Jun 22, 2004
Authored by Andrea Barisani | Site gentoo.org

Wasabi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: Added multiple files support, big performance improvements, better signal handling, new smtp code, see the Changelog for full details.
tags | system logging
systems | unix
SHA-256 | 2dc461abd6fca9f0892cd556b8e002aed7647d73572150960e754c28c150de68
elfrape2.c
Posted Jun 22, 2004

Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid. New version works on both Linux and the BSDs .

tags | exploit, overflow, shell, proof of concept
systems | linux
SHA-256 | 21103ace980bf29abaf0743ed5d8816533999653245d3642f709e758b76ba991
elfrape.c
Posted Jun 22, 2004

Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid.

tags | exploit, overflow, shell, proof of concept
SHA-256 | 15a084aac71ca804bb1ff97e1ca230d473228271616ff4493d50b4b2a3d11cd4
Page 2 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close