what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 53 RSS Feed

Files Date: 2004-09-09 to 2004-09-10

ez.txt
Posted Sep 9, 2004
Authored by Dr. Insane

Opening up more than 600 connections to Ezmeeting versions 3.4.0 causes the application to crash.

tags | exploit
SHA-256 | 8d02261244cd0b5b551e2dd67611dc663d9b71ffd4e54f331ea6687ebd5f8f5f
CODEBUG Labs Security Advisory 1
Posted Sep 9, 2004
Authored by Pierquinto Manco, CODEBUG Labs | Site mantralab.org

PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker administrative access.

tags | advisory, php, xss
SHA-256 | 86c460faff45056828d58aa969a49ccf5f3b3db094aa0e72ad5e081b85ebc211
alph-0.1.tar.bz2
Posted Sep 9, 2004
Authored by Corcalciuc V. Horia | Site sourceforge.net

alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to acheive transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.

tags | encryption
SHA-256 | d06038d9852279b8cd48005fde0191d6996aab1d65e6217949e9a60e95dbe2c8
ackergaul-1.0.tar.gz
Posted Sep 9, 2004
Authored by Bernd Leitner

Distributed denial of service tool that spoofs SYNs to consume bandwidth of a host by flooding it with SYN-ACKs.

tags | denial of service, spoof
SHA-256 | 29f5d3d94b63c9625d7ec37ca99f7a180bcc06628f5ff22df203fb0db9c07a66
dynalink.Backdoor.txt
Posted Sep 9, 2004
Authored by fabio

Dynalink RTA 230 ADSL router has a hardcoded backdoor account with root privileges.

tags | exploit, root
SHA-256 | 7888d29430f1cb91a785acb2c0d4d3ec7cda2bd7ae14e1f533411ae05ccc9153
qnx-pppoed-multiple-flaws.txt
Posted Sep 9, 2004
Authored by Julio Cesar Fort

rfdslabs security advisory - QNX PPPoEd is susceptible to multiple local root vulnerabilities. QNX RTP 6.1 is affected.

tags | exploit, local, root, vulnerability
SHA-256 | 9ede65eb6707ad4a2815b517a4730417e97987b4d3aa5d8a08f8199ad3e32c5b
Gentoo Linux Security Advisory 200409-4
Posted Sep 9, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200409-04 - Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset o for negative values. A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled.

tags | advisory, remote, denial of service
systems | linux, gentoo
SHA-256 | 37ad8ea0eca8fc282782f4e7b3c6eec6fcad6254abf2c27267ceae3fb1035f74
Gentoo Linux Security Advisory 200409-3
Posted Sep 9, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200409-03 - Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().

tags | advisory, python
systems | linux, gentoo
SHA-256 | 177f5ccf92bb608f2771880bea78dd429a1ffbd96bb3cd080b2a47990c72e425
Samhain File Integrity Checker
Posted Sep 9, 2004
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Bug fixes.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 9d11da76c90c98b94dd8d9ada6f25a18187ccce988ea84f6db9c1f16564bec4a
openssh-3.7.1p2+SecurID_v1.3.1.patch
Posted Sep 9, 2004
Site omniti.com

This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.

Changes: Updated to newer rev.
tags | encryption
SHA-256 | 64c5d7cba4847825fb19528f11732d34ef91d5ce3ec90e46d6659bef929724e3
Hackgen Security Advisory 2004.1
Posted Sep 9, 2004
Authored by Exoduks, Hackgen | Site hackgen.org

A non-critical cross site scripting bug has been discovered in CuteNews version 1.3.6 and below.

tags | advisory, xss
SHA-256 | 0fe245dc2c17699367420e2d3fe240f00b7384f77b4369a372b5f0eaef38f8fd
DB2vulns.txt
Posted Sep 9, 2004
Site nextgenss.com

NGSSoftware Insight Security Research Advisory - Two vulnerabilities in DB2 Universal Database versions 7.x through 8.x allow for arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution
SHA-256 | 026475af011ebb1056e82cd129f77484649512a9b16f74f9e66e30b18c739da5
kerioPF4.txt
Posted Sep 9, 2004
Authored by Tan Chew Keong | Site security.org.sg

Kerio Personal Firewall's Application Launch Protection can be disabled by Direct Service Table Restoration. Tested against Kerio Personal Firewall 4.0.16 on Win2K SP4, WinXP SP1, SP2.

tags | advisory
systems | windows
SHA-256 | 67d4011d11c36f885399b20a133ddbac999ca016d4951bde14a9c135a00a1d66
AntiExploit-1.3b2-hotfix.tar.gz
Posted Sep 9, 2004
Authored by Enrico Kern | Site hzeroseven.org

AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.

Changes: Skipping zero length files, Log shows real exploit count without dups, Fixed double kill of the main thread.
tags | kernel, local, virus
systems | unix
SHA-256 | f8dadb3e5ed88eeefb3eb6ea3da3ad17516a8c985d7443680ab4b3199549a4ee
elf-0.5.4p1.tar.gz
Posted Sep 9, 2004
Authored by Samy | Site kerneled.org

elf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more.

systems | linux
SHA-256 | ba504141b5e785fc1d7f12e8239b05346b36be25671c0ad626f1baa248ad8791
AppSecInc.Oracle.txt
Posted Sep 9, 2004
Authored by Cesar Cerrudo, Esteban Martinez Fayo | Site appsecinc.com

AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.

tags | advisory, denial of service, overflow, local, vulnerability
systems | windows
SHA-256 | 36977a3722720f6c3f2f1e3bbe50f6af68d1a8103afc604a75caff18382bb344
torrent_exp.php.txt
Posted Sep 9, 2004
Authored by aCiDBiTS

Proof of concept PHP exploit that makes use of a SQL injection vulnerability in TorrentTrader version 1.0 RC2.

tags | exploit, php, sql injection, proof of concept
SHA-256 | 9dce80108f836bd4eddb0de491a4df30d5452b7e1a68e5c6138b0452f93c7280
RHSA-2004-349.txt
Posted Sep 9, 2004
Site rhn.redhat.com

Red Hat Security Advisory RHSA-2004:349 - An input filter bug in mod_ssl was discovered in Apache httpd version 2.0.50 and earlier. A remote attacker could force an SSL connection to be aborted in a particular state and cause an Apache child process to enter an infinite loop, consuming CPU resources.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2004-0748
SHA-256 | 6917e68ba90990e3fcc7205b3c3a733d478842bb4c63def4c1ea559e59e38dc3
MailWorks.txt
Posted Sep 9, 2004
Authored by Paul Craig

MailWorks Pro has a rather trivial session check that is easily bypassed within a cookie. The exploit allows an attacker to have full control over the administration section, without the need to authenticate and allowing the attacker to spoof the admin user functions.

tags | exploit, spoof
SHA-256 | 64f806d87188174506bf5d339c345a68c771bfbe066bd831ff2d52d093ddbc90
SUSE-SA-2004-028.txt
Posted Sep 9, 2004
Site suse.com

SUSE Security Announcement - Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6.

tags | advisory, overflow, kernel
systems | linux, suse
SHA-256 | 789006c85c3d0b558196befb1cb11b55ef004ed849e708cd56ae54aa0b068116
Technical Cyber Security Alert 2004-245A
Posted Sep 9, 2004
Authored by US-CERT | Site cert.org

Technical Cyber Security Alert TA04-245A - Several vulnerabilities exist in the Oracle Database Server, Application Server, and Enterprise Manager software. The most serious vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Oracle's Collaboration Suite and E-Business Suite 11i contain the vulnerable software and are affected as well.

tags | advisory, remote, arbitrary, vulnerability
SHA-256 | 4cffbe1c57be5e1a63021320a804ca7f79b244d28a5a9f221df2058eacd0823a
Gentoo Linux Security Advisory 200409-2
Posted Sep 9, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200409-02 - The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.

tags | advisory
systems | linux, gentoo
SHA-256 | 9a683d82de2f02dc8564ac30afb2552a474a979be6c726a25438fb1198a14eb4
Gentoo Linux Security Advisory 200409-1
Posted Sep 9, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200409-01 - vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary, sql injection
systems | linux, gentoo
SHA-256 | e79e1034bc682205aa18419ab903f7dd39023aec67d8d131fccf49f2e8abc6e9
Secunia Security Advisory 12422
Posted Sep 9, 2004
Authored by Secunia, Ziv Kamir | Site secunia.com

Secunia Security Advisory - A vulnerability in Cerbere Proxy Server 1.x can be exploited to cause a denial of service.

tags | advisory, denial of service
SHA-256 | c8cfdb3946c0234b595ba012f54404a02b1a0a52e7a62cf981f985dfa67f6dff
pLog.txt
Posted Sep 9, 2004
Authored by Jason Thistlethwaite

pLog version 0.3.2 is susceptible to cross site scripting attacks in the register.php script.

tags | advisory, php, xss
SHA-256 | 5c082a2eaf11815b1b99b9760c6946d0863d78c0e25bf6e67ac3bd581767e018
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close