what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 404 RSS Feed

Files Date: 2004-10-01 to 2004-10-31

Gentoo Linux Security Advisory 200410-27
Posted Oct 28, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-27 - Buffer overflow vulnerabilities have been found in mpg123 which could lead to execution of arbitrary code. The flaws in the getauthfromURL() and http_open() functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
SHA-256 | d19d6e2e8821630d25f060dd2f72168a82e6d3ea1d05826d920fdab0dc15ee52
quakeII.txt
Posted Oct 28, 2004
Authored by Richard Stanway | Site r1ch.net

Quake II version 3.2.x is susceptible to multiple vulnerabilities. Due to unchecked input at various stages in the server, remote users are able to cause the server to crash, reveal sensitive information or potentially execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
SHA-256 | aa196318fd4b9fd59881cfb79f905894a3974095c8a461f630b3f2b9e115a018
realplayer105.txt
Posted Oct 28, 2004
Authored by John Heasman

Realplayer 10.5 permits execution of arbitrary code via a malformed skin.

tags | advisory, arbitrary
SHA-256 | b743a1d74b44fe7d8b975d6c7165caf91b93e5cc4d1f958f6e38c90fd2fdf13d
putty056.txt
Posted Oct 28, 2004

PuTTY 0.56 fixes a serious security hole which can allow a server to execute code of its choice on a PuTTY client connecting to it.

tags | advisory
SHA-256 | 6665e8ecfa2ead715a3f5e65e4d4b2a25432c9051dca08b0ede08eb93fe32630
SSRT3526.txt
Posted Oct 28, 2004
Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard running on HP-UX and Linux that may allow remote unauthorized privileges.

tags | advisory, remote
systems | linux, hpux
SHA-256 | 167d3c96e47585657c43ad7ec8d457955e1ad58f13124eb4596f791458793fdb
zgv-55.txt
Posted Oct 28, 2004
Authored by infamous41md

zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. There are a total of 11 overflows that are exploitable to execute arbitrary code.

tags | advisory, overflow, arbitrary
SHA-256 | 384321769122fcd48526d6ca52ea357c6591e42351db86b1769e1b9d247e3dd5
wvftpd.c
Posted Oct 28, 2004
Authored by infamous41md

Remote root exploit for a heap buffer overflow in wvftp-0.9.

tags | exploit, remote, overflow, root
SHA-256 | 9593f0c5fd5fd0c44d00731d177d4bc57c6937f84780bfbf1801854b65e8faf1
Ubuntu Security Notice 8-1
Posted Oct 28, 2004
Authored by Ubuntu

A buffer overflow and two remote crashes were recently discovered in gaim's MSN protocol handler. An attacker could potentially execute arbitrary code with the user's privileges by crafting and sending a particular MSN message.

tags | advisory, remote, overflow, arbitrary, protocol
advisories | CVE-2004-0891
SHA-256 | 5ead7fe65eb992502164d98f2cb1d6f08423b64da5fe0968ece2c4f0d90cbba7
Gentoo Linux Security Advisory 200410-23
Posted Oct 28, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-23 - Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
SHA-256 | b256226a83965d14697803beec897d977d3ec16e6b7268e3ec242dcef463c93f
Gentoo Linux Security Advisory 200410-22
Posted Oct 28, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-22 - Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
SHA-256 | cdb0f44d0524e37e30082459865f425df28bbf2c625b573398daf63046b7ad0f
wx-01.tar.gz
Posted Oct 27, 2004
Authored by nemo | Site neil.slampt.net

New Macintosh OS-X rootkit that is roughly based off of adore. It hides itself from kextstat, netstat, utmp and wtmp. Further revisions to include a reverse shell triggered by ARP and DNS packets.

tags | shell
systems | apple, osx
SHA-256 | cf7423b74f6d5920cebbf766912f5ecca0db3ada2792d9264af8fd6b9f44d996
ieee1394.txt
Posted Oct 27, 2004
Site pacsec.jp

IEEE1394 Specification allows client devices to directly access host memory, bypassing operating system limitations. A malicious client device can read and modify sensitive memory, causing privilege escalation, information leakage and system compromise.

tags | advisory
SHA-256 | 5908ecd32dc1bc51bdc80887e043a5b00259a45eb5d176b1d23bc4137217fdfd
mailcarrier.txt
Posted Oct 27, 2004
Authored by muts

MailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.

tags | exploit, overflow, shell, python
SHA-256 | 9cdcfa966f1b52e3db88669267c30a79a0da90da60a10ee65048a42219f21e53
Secunia Security Advisory 12853
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpCodeGenie, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | a8a79c04fa825747cfb508cb1d5e3ffec13f2093c2e567b747abef37119800b3
Trustix Secure Linux Security Advisory 2004.50
Posted Oct 27, 2004
Site trustix.org

Trustix Secure Linux Bugfix Advisory #2004-0050 - This bug fix discusses vulnerabilities in the packages gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, and postgresql. Previously unreleased information for groff exists here.

tags | advisory, perl, vulnerability
systems | linux
SHA-256 | 991400e8913bef9106afed4542a76f9ed6d97a07370475f2d4bb959770271d4d
841713.html
Posted Oct 27, 2004
Site uniras.gov.uk

NISCC Vulnerability Advisory 841713/Hummingbird - The first issue with Hummingbird Inetd32 allows a user to run an application in the context of the Local System user. The second issue is a buffer overflow in XCWD that causes a denial of service condition and requires valid user credentials to invoke.

tags | advisory, denial of service, overflow, local
SHA-256 | 917086275ba1d2c89ca5afe883b49b9b4c8f189b32333a5e8b203194a8ba074c
Secunia Security Advisory 12969
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell ZENworks for Desktops, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Remote Management Agent invoking the ZENworks Remote Control Help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs with escalated privileges.

tags | advisory, remote, arbitrary, local
SHA-256 | fa638d7bcd0cbe854d12bf37d11298bcd4c5967a712f1355bf790c5ad8632abc
Secunia Security Advisory 12980
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Positive Technologies has reported some vulnerabilities in Phorum, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 314d2ddedf10f6e165abb968d396b7328cbcc982f621ca7e65ae2d109e27ad80
Secunia Security Advisory 12973
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the der_chop script creating temporary files insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user executing the vulnerable. The vulnerability has been reported in versions 0.9.6m, 0.9.7d, and 0.9.7e. Other versions may also be affected.

tags | advisory, arbitrary, local
SHA-256 | 4ba3df854334f73dec4c8753362c6d7d67833f8583d312a71cf15cf2cfe759ea
gnutftp.txt
Posted Oct 27, 2004
Authored by infamous41md

The GNU tftp client in the inetutils-1.4.2 is susceptible to buffer overflow attacks. Due to untrusted data from DNS resolved hostname being copied into finite static buffers without any bounds checking, several buffers can be overflowed in the .bss. Arbitrary code execution is possible.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | 5eb3d155894c1cfde68846c89bedeb4204bb3d8d2f781339cec732d062d962a0
pppdDoS.txt
Posted Oct 27, 2004
Authored by infamous41md

Improper verification of header fields lets an attacker make the pppd server from ppp-241 access memory it isn't allowed to, resulting in a crash of the server. There is no possibility of code execution, as there is no data being copied, just a pointer dereferenced.

tags | advisory, code execution
SHA-256 | 574ce2da45902592be233f5fc4f8dac25e1f63f317486c8767787082f1cd1486
libxmlSploit.c
Posted Oct 27, 2004
Authored by infamous41md

Local exploit tested against libxml2-2.6.12 and libxml2-2.6.13 that makes use of libxml remotely exploitable buffer overflows.

tags | exploit, overflow, local
SHA-256 | df45b66cae305c03efbb5a88fba4a7f4c1d037611a3521f385486026caaff373
gd-graphics.c
Posted Oct 27, 2004
Authored by infamous41md

There is an integer overflow when allocating memory in the routine that handles loading PNG image files with the GD graphics library versions 2.0.28 and below. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Exploit to create a working PNG for this enclosed.

tags | exploit, overflow, arbitrary
SHA-256 | 24283338134ab68e16c03983a163ba4627ec59ad549edd928b9c4c5688c6f6e6
csis2004-5.txt
Posted Oct 27, 2004
Authored by Peter Kruse | Site csis.dk

CSIS Security Advisory [CSIS2004-5) - Mozilla Firefox, Web-browser built for 2004, advanced e-mail and newsgroup client, IRC chat client, and HTML editing made simple. The Mozilla Firefox ships with several bugs, making it possible to crash the browser, eat up virtual memory, simply by hosting a binary renamed as html, on a remote website.

tags | advisory, remote, web
SHA-256 | 163f29c64acae2506c9dff29c09f7010060dd4fd8a815aff852ebc2480f8b3c2
Gentoo Linux Security Advisory 200410-25
Posted Oct 27, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-25 - The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

tags | advisory, arbitrary, local
systems | linux, gentoo
SHA-256 | 6751b9182f2910d984ae262c099a1e467f2699ac7a49f28fba4220035e799b81
Page 2 of 17
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close