what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 73 RSS Feed

Files Date: 2005-08-31 to 2005-08-31

Secunia Security Advisory 16635
Posted Aug 31, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Slackware has issued an update for php. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, php, vulnerability
systems | linux, slackware
SHA-256 | f6c90550f97977d476fa62861d1af6837ce1b4bb4e3109d073754f4f45ca267f
Secunia Security Advisory 16637
Posted Aug 31, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Slackware has issued an update for gaim. This fixes a vulnerability and two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

tags | advisory, denial of service
systems | linux, slackware
SHA-256 | 5ceecea2b4fe7421213cfb60c409411fee62ce15f04eef34f48e204dc7b6c61a
0508-exploits.tgz
Posted Aug 31, 2005
Authored by Todd J. | Site packetstormsecurity.com

New Packet Storm exploits for August, 2005.

tags | exploit
SHA-256 | 737daa99baadbd33fa0079ca279b5b2fde17b2f7baa25312812167df7bab73cf
snortsms-1.0.0.tar.gz
Posted Aug 31, 2005
Authored by SmithJ108 | Site snortsms.servangle.net

SnortSMS is a highly configurable sensor management system that provides the ability to remotely administer Snort [and Barnyard] based Intrusion Detection Systems (IDS), push configuration files, add/edit rules, and monitor system health and statistics, all from a simple and clean Web interface console. Whether you have one or multiple Snort sensors, it can help unify and synchronize all sensor configurations.

Changes: First official production release.
tags | tool, web, sniffer
SHA-256 | 65b253904558b664c09cf110a319274d6b48ca373b50ad12de98da2d83972918
Samhain File Integrity Checker
Posted Aug 31, 2005
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 353814e8aa9c797c80d6d97d711344c29f8dad56ab9af3cfbd9f2836fed3588a
Fwknop Port Knocking Utility
Posted Aug 31, 2005
Authored by Michael Rash | Site cipherdyne.org

fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.

Changes: Various additions and bug fixes.
tags | tool, scanner
systems | linux, unix
SHA-256 | f02236fc30cbe288fd42dbfa3aaf09934b181da64e3cb5b345617760a0ca29a1
lssocks.c
Posted Aug 31, 2005

A small utility that shows all connections by reading open inodes and will even show related PIDs. Very useful for backdoor detection when you cannot trust other binaries.

systems | unix
SHA-256 | e0f17c5b2fc829a001738b7b5d94113d2a5e8aa07f9c76d21ead02ae2514efff
flat256.html
Posted Aug 31, 2005
Authored by rgod | Site retrogod.altervista.org

FlatNuke version 2.5.6 suffers from remote command execution, cross site scripting, and path disclosure flaws. Detailed exploitation provided.

tags | exploit, remote, xss
SHA-256 | acd8a3dbf0ed55c669e06c2ab4803e49531560cd1dbf89d73564346bb8eee69f
fud.html
Posted Aug 31, 2005
Authored by rgod | Site retrogod.altervista.org

Remote code execution exploit for FUD Forum versions 2.7 and below.

tags | exploit, remote, code execution
SHA-256 | 68a63805a860c1ee120af420819c0ab4d12a5942b56e21c9e07b5373a6c5856e
Gentoo Linux Security Advisory 200508-20
Posted Aug 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-20 - phpGroupWare improperly validates the mid parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially vulnerable XML-RPC library. Versions less than 0.9.16.008 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2498, CVE-2005-2600
SHA-256 | d33de08c4298350651ca1c385fd6272325c50069a0e5c4e6069ba07eeb7605fd
Gentoo Linux Security Advisory 200508-19
Posted Aug 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-19 - Javier Fernandez-Sanguino Pena has discovered that lm_sensors insecurely creates temporary files with predictable filenames when saving configurations. Versions less than 2.9.1-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2672
SHA-256 | 31b4d798b9de178a17a1c9460c42068a441d78e850787dc18cf3a51cb443e327
MassiveEnumerationToolset-0.5.tar.gz
Posted Aug 31, 2005
Authored by Petko Petkov | Site gnucitizen.org

MASSIVE Enumeration Toolset, or MET, is a small tool that helps mine information from google.com. It supports Johnny's GHDB (Google Hacking Database XML Format) and Google's SOAP and Mobile APIs. Written in Python.

tags | web, python
SHA-256 | c13f808f8bd74252be28b00f47a212b8773406cbf65cdf62fb4dbda979590c31
HP_OV_NNM_RCE.c
Posted Aug 31, 2005
Authored by Lympex | Site l-bytes.net

Remote command execution exploit for HP OpenView Network Node Manager versions 6.2, 6.4, 7.01, and 7.50.

tags | exploit, remote
SHA-256 | 35f6fb2bbbf9a319cca337f6e91aa2660874027de25e497f6c79ccace01bedc0
Debian Linux Security Advisory 791-1
Posted Aug 31, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 791-1 - Max Vozeler discovered that the lockmail program from maildrop, a simple mail delivery agent with filtering abilities, does not drop group privileges before executing commands given on the commandline, allowing an attacker to execute arbitrary commands under with group mail privileges.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2005-2655
SHA-256 | 584cfb606501f55a12f62374974c15e0a1de581a87b4f136e5a4aa5a0d9d4e73
e107post.txt
Posted Aug 31, 2005
Authored by Marc Ruef | Site computec.ch

e107 version 0.6 has an input validation flaw in forum_post.php that allows attackers the ability to create topics in non-existing forums.

tags | advisory, php
SHA-256 | 54ebb505ef7de3a47c44cc973d59da1fe31893292a35300fb1af1a1046ebe05e
AD20050830.txt
Posted Aug 31, 2005
Authored by Sowhat | Site secway.org

BNBT EasyTracker is susceptible to a remote denial of service vulnerability when accepting a malformed HTTP request. Demonstration exploit provided. Versions 7.7r3.2004.10.27 and below are affected.

tags | exploit, remote, web, denial of service
SHA-256 | f9291b23377db55f3b2c53e515326c7b8ac550f848e8a637eecb137eee6a7662
portcheck.pl.txt
Posted Aug 31, 2005
Site rst.void.ru

Simple and efficient port scanning utility to audit what ports are open on a machine. Works much like netstat without having to trust netstat.

systems | unix
SHA-256 | d82b6fbf527183bbc75ad70635488c19834d003b841acb9c88a06612ff13c43f
phpldap.html
Posted Aug 31, 2005
Authored by rgod | Site retrogod.altervista.org

phpLDAPadmin versions 0.9.6 through 0.9.7/alpha5 suffer from directory traversal, remote code execution and cross site scripting vulnerabilities. Detailed exploitation provided.

tags | exploit, remote, vulnerability, code execution, xss
SHA-256 | 72a0a1106d2ca25cc4bbd9000f4fc9071da5e7057f2e5999d828b382dd4ebcc1
iDEFENSE Security Advisory 2005-08-29.3
Posted Aug 31, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory - Local exploitation of a design error in the Symantec AntiVirus 9 Corporate Edition may allow a user to gain elevated privileges. Exploitation can occur when a user chooses the right click Scan for viruses option. The Symantec scan file interface allows the user to launch a help window through the use of a toolbar icon. If the user then right clicks the help window title bar they can choose the Jump to URL menu option, which will then allow them to browse the local file system and execute files as the SYSTEM user.

tags | advisory, local
advisories | CVE-2005-2017
SHA-256 | 4c4c53312ff3be87fe0e66e5f442ebce8f831cd5fb132dd1575a49517cbbc92b
iDEFENSE Security Advisory 2005-08-29.2
Posted Aug 31, 2005
Authored by vade79, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory - Local exploitation of a design error in Adobe Systems, Inc. Version Cue allows local attackers to gain root privileges. Version Cue includes a setuid root application named VCNative which is vulnerable to a symlink attack. The vulnerability specifically exists due to the use of predictable log file names. VCNative uses a format such as VCNative-[pid].log for the filename and stores the file in the current working directory. Attackers can easily predict the created filename and supply user-controlled data via the -host and - port options. A carefully supplied value can cause a crafted log file to be written. Crafted strings written to root-owned files can lead to arbitrary code execution with root privileges.

tags | advisory, arbitrary, local, root, code execution
advisories | CVE-2005-1842
SHA-256 | 411dc375de7e880373b5415079f07e6ba80c1cdda2a6b6a1c38e1aa35c6407ac
iDEFENSE Security Advisory 2005-08-29.1
Posted Aug 31, 2005
Authored by vade79, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory - Local exploitation of a design error in Adobe Systems, Inc. Version Cue allows local attackers to gain root privileges. Version Cue includes a setuid root application named VCNative which contains a design error that allows local attackers to gain root privileges. The vulnerability specifically exists due to an unchecked command line option parameter. The -lib command line option allows users to specify library bundles which allows for the introduction of arbitrary code in the context of a root owned process. The init function in a shared library is executed immediately upon loading. By utilizing the -lib argument to load a malicious library, local attackers can execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
advisories | CVE-2005-1843
SHA-256 | 4df7fce995e778869fe2e236a60a050ada95134690b5bfce30b5fc73c86389d1
bfccown.zip
Posted Aug 31, 2005
Authored by Luigi Auriemma | Site aluigi.altervista.org

Proof of concept exploit for the flaws relating to BFCC versions 1.22_A and below and BFVCC versions 2.14_B and below.

tags | exploit, proof of concept
SHA-256 | 70ecdd7e1df36c0385865b76a03635b0e68125f1fd65081f4b00062b965a23bd
bfccown.txt
Posted Aug 31, 2005
Authored by Luigi Auriemma | Site aluigi.altervista.org

BFCommand and Control Server Manager are both susceptible to multiple bugs. BFCC versions 1.22_A and below and BFVCC versions 2.14_B and below are susceptible to full anonymous login bypass and various manipulation flaws.

tags | advisory
SHA-256 | 82d511d1562e6896e98ab485a7698bc6c3577ea5c73c093677372f083c030e8c
lduSQL.txt
Posted Aug 31, 2005
Authored by matrix killer | Site h4cky0u.org

Land Down Under versions 801 and below suffer from multiple SQL injection vulnerabilities. Full details provided.

tags | exploit, vulnerability, sql injection
SHA-256 | d2b508373b14a63e311f6bd4f062bb809fa0835d4ab70151cad0ae5ebf03a0ed
Debian Linux Security Advisory 788-1
Posted Aug 31, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 788-1 - Several security related problems have been discovered in kismet, a wireless 802.11b monitoring tool.

tags | advisory
systems | linux, debian
advisories | CVE-2005-2626, CVE-2005-2627
SHA-256 | 2da369bca44b6d64e712261b8e7bfd3eda1b78c5bc20947a4d194f98a54d4914
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close