exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 145 RSS Feed

Files Date: 2004-12-30 to 2004-12-31

iDEFENSE Security Advisory 2004-12-16.t
Posted Dec 30, 2004
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 12.16.2004 - Remote exploitation of an integer overflow vulnerability in all versions of Samba's smbd prior to and including 3.0.8 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

tags | advisory, remote, overflow, arbitrary, root
advisories | CVE-2004-1154
SHA-256 | 138d9500e13c893ec665521f664a535ca1a5a6e527fb3a590b49043fa95fbc09
sambaRemote.txt
Posted Dec 30, 2004
Site samba.org

Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

tags | advisory, remote, overflow, arbitrary, root
advisories | CVE-2004-1154
SHA-256 | d48d6ce83f07aa0e08150da03a915195c0ca7d699c4e2dd3133a069e13d12c7b
phpMeta.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.

tags | advisory, arbitrary, php
SHA-256 | 183b6826fc0c2ca99353a42baba5a113c56394fdc9b6de72752fccc716136314
djbrelease.txt
Posted Dec 30, 2004
Site tigger.uic.edu

Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of time to audit the applications they use and now a class of 25 students has discovered 44 vulnerabilities during a CS course.

tags | advisory, vulnerability
SHA-256 | cfa16c8c1dea95ca35a194517788b32a1c7fa31cb04418b42b6a91177ca432a8
lids-2.2.1pre1-2.6.9.tar.gz
Posted Dec 30, 2004
Authored by Xie Hua Gang | Site lids.org

The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs may access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

Changes: Minor bug fixes, feature enhancements.
tags | kernel, root
systems | linux
SHA-256 | 2b5da689d5dfb5157eff784fc08c8576d491276b71c2a014b87742ca6c8a313a
un-aftpd.c
Posted Dec 30, 2004
Authored by Dark Eagle, unl0ck | Site unl0ck.void.ru

Ability ftpd version 2.34 remote root exploit that spawns a shell.

tags | exploit, remote, shell, root
SHA-256 | f3dcc86ffb243abd894537e1156f9d5091e7711093275ba1b7a014f0936aa058
STG Security Advisory 2004-12-15.19
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: MediaWiki versions 1.3.8 and below have an input validation flaw that can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | advisory, arbitrary
SHA-256 | a211d8bcd02954e4890258259f6ac16e529279b265af5e6ae836ed39dc6da79e
STG Security Advisory 2004-12-15.18
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: phpBB Attachment Mod is file upload module for phpBB. However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Attachment module 2.3.10 and below is susceptible.

tags | advisory, arbitrary, file upload
SHA-256 | e74215b4efbc9c7dd61e59b553b9a89e735d2c4a129ac87223c14aba220f827e
STG Security Advisory 2004-12-15.17
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: JSBoard is one of widely used web BBS applications in Korea. However, an input validation flaw can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | advisory, web, arbitrary
SHA-256 | dfa643288ed2920fdb6fef57d24a79aa31187f308fa3d0b9a59bcc0add51b9fd
rpcl_icmpdos.c
Posted Dec 30, 2004
Authored by Kyong Joo

RICOH Aficio 450/455 PCL 5e printer ICMP remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | e73932313517def966eed3b58964c4ad1ef4968ba5160aeae717bf3525bdaf99
wgettrap.txt
Posted Dec 30, 2004
Authored by Jan Minar

Proof of concept exploit for the wget directory traversal vulnerability that affects versions 1.8 and below.

tags | exploit, proof of concept
SHA-256 | 4f69b0514c0819b845039ad1a0f2bd0421f909a68ea1db660bb1e9897cb59032
sec-consultPHP.txt
Posted Dec 30, 2004
Authored by Martin Eiszner

PHP 4.3.9 is susceptible to data segment memory corruption and information disclosure via memory dumping.

tags | advisory, php, info disclosure
SHA-256 | 695f5e2ddb59ab27d4aaf02ccff087cc6fec20fb4d0a965e314445bb8f24f829
Cisco Security Advisory 20041215-guard
Posted Dec 30, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Guard and Cisco Traffic Anomaly Detector software contains a default password for an administrative account. This password is set, without any user's intervention, during installation of the software used by the Cisco Guard and Traffic Anomaly Detector Distributed Denial of Service (DDoS) mitigation appliances, and is the same in all installations of the product. Software version 3.0 and earlier of the Cisco Guard and Traffic Anomaly Detector are affected by this vulnerability.

tags | advisory, denial of service
systems | cisco
SHA-256 | f0252a6cf6828d34c4d5d2870f892012a48b8cde6b3eb7a08cc4a76727eef30d
phpBB144.txt
Posted Dec 30, 2004
Authored by Gurjanov Ilia

phpBB versions 1.4.4 and below are susceptible to cross site scripting flaws.

tags | advisory, xss
SHA-256 | 914f1b472cfa122e40a3bf3a94173d2c67e0174583e07c4b89fffdcad6737345
012004.txt
Posted Dec 30, 2004
Authored by Stefan Esser | Site hardened-php.net

Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.

tags | advisory, remote, arbitrary, local, php, vulnerability
advisories | CVE-2004-1018, CVE-2004-1019, CVE-2004-1063, CVE-2004-1064
SHA-256 | ed1ef90ff012b77b27997a86a514190dac77644dc99eaeeab47035e716b3d0cf
Cisco Security Advisory 20041215-unity
Posted Dec 30, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange. The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages, and perform administrative functions on the Unity system.

tags | advisory
systems | cisco
SHA-256 | d5762826ec2069bf6f00b109064d483f4d1ea59a3a389d6cd45805314d3818b0
iDEFENSE Security Advisory 2004-12-15.t
Posted Dec 30, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.15.2004 - Local exploitation of an insecure permission vulnerability in Computer Associates eTrust EZ Antivirus allows attackers to escalate privileges or disable protection.

tags | advisory, local
advisories | CVE-2004-1149
SHA-256 | ffa8b6895c1c3315a09707ec00cbcc61c7f5fb710a63e447d19aa9f481aaa051
Barracuda_Evil.txt
Posted Dec 30, 2004
Authored by Ben Lentz

Short white paper discussing some questionable circumstances surrounding the Barracuda Spam Firewall appliances.

tags | paper
SHA-256 | e377627c8b875d81d5252b300f778362107dd0e56c83e2b4687e96dc8f2ba9f5
iwebnegar.txt
Posted Dec 30, 2004
Site karchack.com

iwebnegar, the farsi weblog software, is susceptible to SQL injection attacks.

tags | exploit, sql injection
SHA-256 | 16f36acaf87201ff2c6dce9f06012fadefa2bb974b6be0437ef7ea625ed9a13e
Gentoo Linux Security Advisory 200412-10
Posted Dec 30, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200412-10 - Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges.

tags | advisory, local, vulnerability
systems | linux, gentoo
SHA-256 | 6d8e021bb5ec68f7cfa809aaff6a8e0f9c0f5d3fe199ac04a68b76cb301eb9cc
Secunia Security Advisory 13448
Posted Dec 30, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in NetMail, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error within IMAPD and can be exploited to cause a buffer overflow via the 101_mEna script.

tags | advisory, overflow
SHA-256 | 534bb142889c2afbf05eebc28fd7a6f3c2fc5b3697139afdab8eaa102fc70890
STG Security Advisory 2004-12-15.1
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: MoniWiki is susceptible to a file upload flaw due to a mishandling of multiple file extensions.

tags | advisory, file upload
SHA-256 | 3ca80312447ed29f02629661ff17057cf7a3f50edd36ea11d5c666f427a22246
STG Security Advisory 2004-12-14.14
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: GNUBoard versions 3.39 and below suffer from a PHP injection vulnerability that allows for arbitrary command execution.

tags | exploit, arbitrary, php
SHA-256 | 0ffcfd1eab87df4c1f629489c1e22156727a7cf5c803d7dab49a4c9692d1dcd7
asanteFM2008.txt
Posted Dec 30, 2004

The Asante FM2008 switch appears to have hardcoded credentials.

tags | advisory
SHA-256 | 8b75cb4e05a9fc272b79cad73aa0aac446c6c306e37455e05215859183c67cd2
Secunia Security Advisory 13443
Posted Dec 30, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in isakmpd and can be exploited by setting ipsec credentials on a socket. Successful exploitation corrupts kernel memory and causes a system panic.

tags | advisory, denial of service, kernel, local
systems | openbsd
SHA-256 | 5fcf179f6150ec60c02cd123504de4512309f806099176b6b051bf905bf8a6ff
Page 4 of 6
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close