exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2005-12-15 to 2005-12-16

limbo1042_xpl.txt
Posted Dec 15, 2005
Authored by rgod | Site retrogod.altervista.org

LIMBO CMS versions 1.0.4.2 and below suffer from blind SQL injection, cross site scripting, local file inclusion, remote code execution, and other fun flaws. Exploit provided.

tags | exploit, remote, local, code execution, xss, sql injection, file inclusion
SHA-256 | 4d7f73b2b9ce04212d8673ee53a09e830c0b56830ddc389c64f6db002b24cbb4
iDEFENSE Security Advisory 2005-12-14.5
Posted Dec 15, 2005
Authored by Pedram Amini, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a denial of service vulnerability in Trend Micro Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the target process to consume 100% of available CPU resources. The problem specifically exists within ServerProtect EarthAgent in the handling of maliciously crafted packets transmitted with the magic value \x21\x43\x65\x87 targeting TCP port 5005. A memory leak also occurs with each received exploit packet allowing an attacker to exhaust all available memory resources with repeated attack. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.

tags | advisory, remote, denial of service, tcp, memory leak
systems | windows
advisories | CVE-2005-1928
SHA-256 | 9bfc7d11f02284f37766b9dc9b287113f0e17149f9dbd9f529e9d3d436cff490
iDEFENSE Security Advisory 2005-12-14.4
Posted Dec 15, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the relay.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2005-1929
SHA-256 | 0df4d6d0dffdc1cfc7d0952eba709daad134991e21afdae77b6d36b19010895a
iDEFENSE Security Advisory 2005-12-14.3
Posted Dec 15, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the isaNVWRequest.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2005-1929
SHA-256 | 2b7f7561dc295bc1cfe3e20219662ae750c9bb92cf1486276a5ed8b07010d923
iDEFENSE Security Advisory 2005-12-14.2
Posted Dec 15, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of an input validation vulnerability in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to view the contents of arbitrary files on the underlying system. The problem specifically exists within the handling of the IMAGE parameter in the script rptserver.asp.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2005-1930
SHA-256 | 1b01155d4ea95e1c1d0ae336bc10735c394b99ac36b81cfe1486db6a0e63ae9b
iDEFENSE Security Advisory 2005-12-14.1
Posted Dec 15, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.14.05 - Local exploitation of an insecure permission vulnerability in multiple Trend Micro Inc. products allows attackers to escalate privileges or disable protection. The vulnerabilities specifically exist in the default Access Control List (ACL) settings that are applied during installation. When an administrator installs an affected Trend Micro product, the default ACL allows any user to modify the installed files. Due to the fact that some of the programs run as system services, a user could replace an installed Trend Micro product file with their own malicious code, and the code would be executed with system privileges. iDefense has confirmed the existence of this vulnerability in Trend Micro PC-Cillin Internet Security 2005 version 12.00 build 1244. It is suspected that previous versions are also vulnerable. It has been reported that InterScan VirusWall, InterScan eManager and Office Scan are also vulnerable.

tags | advisory, local, vulnerability
advisories | CVE-2005-3360
SHA-256 | 90d5c18f790c3db8f59c97c8aa2fd77510a1660e46cdc941387c55ec47cd3e76
Gentoo Linux Security Advisory 200512-6
Posted Dec 15, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200512-06 - iDEFENSE reported a possible overflow due to the lack of bounds checking in the dissect_ospf_v3_address_prefix() function, part of the OSPF protocol dissector. Versions less than 0.10.13-r2 are affected.

tags | advisory, overflow, protocol
systems | linux, gentoo
SHA-256 | bdf1a35b27e80eb7840f35797133cb81563158c685223504485da7c07c8f8b52
ibm_css.txt
Posted Dec 15, 2005
Authored by Dr. Insane

IBM Websphere 6 sample scripts are susceptible to cross site scripting vulnerabilities. Details provided.

tags | exploit, vulnerability, xss
SHA-256 | 9e09a3297b7ac63c5723f042e60e68336089ae1baa79a68fb8a0de87ed180f05
Gentoo Linux Security Advisory 200512-5
Posted Dec 15, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200512-05 - iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the -t command line option. Versions less than 1.22 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | 9ef88f8e3529e22b523d7ad7b4a80b577d4001132c7f26a692dfbaf90746585f
bypassXSSnuke.txt
Posted Dec 15, 2005
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHPNUKE versions 7.9 and below suffer from a cross site scripting filter bypass vulnerability. Details provided.

tags | exploit, xss, bypass
SHA-256 | b822066411260c1bad7f9ab633bb20601f987a203ef129643115c960a7336b8c
Ubuntu Security Notice 230-1
Posted Dec 15, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-230-1 - Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-4048
SHA-256 | b80943c261371e1d737af6d134e09523ffd5802941ba4dc837e952cce27b7468
DMA-2005-1214a.txt
Posted Dec 15, 2005
Authored by Kevin Finisterre | Site digitalmunition.com

The Widcomm BTW suffers from a remote audio eavesdropping issue.

tags | advisory, remote
SHA-256 | 866ef0aaf005e2d1e28227c8b6a9b0360290e3611a675df0bb6706bd1d5e5344
csc-BizObj.txt
Posted Dec 15, 2005
Site csc.com

The CSC has discovered an issue that could impact upon the availability and security of servers operating Business Objects WebIntelligence software. If a remote malicious attacker is able to access authentication mechanisms, they can lock out and effectively disable user accounts, including General Supervisor (admin) users leading to system unavailability.

tags | advisory, remote
SHA-256 | b04f16318bc6045d878d2029c48aaa390cb9fd1f5c26e302bb222b453b0c09ad
rlaExploit.txt
Posted Dec 15, 2005
Authored by Justin M. Wray

Interesting write up that revisits the LanD attack where ICMP is spoofed to a host with the source IP being set the same as the destination IP. Various modem and router vendors appear affected.

tags | paper, spoof
SHA-256 | dfd0bae10cbeed7e6ae5a22bb3e7ff1b1aeebf8064dfd7d6846ee4edad6906f5
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close