exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 762 RSS Feed

Files Date: 2006-01-01 to 2006-01-31

eterm-exploit.c
Posted Jan 27, 2006
Authored by Angelo Rosiello | Site rosiello.org

Eterm LibAST exploit for Ubuntu. Yields utmp GID.

tags | exploit
systems | linux, ubuntu
SHA-256 | 368fbf62bd1bd1c27f952c1154970ef9c400e0b7dae8aa841163e6e10ef4ebb6
evuln-mylittlehomepage.txt
Posted Jan 27, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

my little homepage v2004.04.20 is vulnerable to XSS

tags | advisory
SHA-256 | 1f4add3286c8cddc52e3bf32b4fb4eed5aed6a45025b94327903ae42cb12bf55
AndoNET-2004.09.02.txt
Posted Jan 27, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

AndoNET Blog v2004.09.02 suffers from SQL injection in comentarios.php via the "entrada" variable.

tags | advisory, php, sql injection
SHA-256 | 35de2be590011ca4ae3c5500ad351361ba23ea930ca874bfa319fda0c05cf41e
Cisco Security Advisory 20060126-vpn
Posted Jan 27, 2006
Authored by Cisco Systems, Cisco | Site cisco.com

Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

tags | advisory, web
systems | cisco
SHA-256 | 461ce98665d8f47f2c4e32ab8228adbebd8310fd525df37e500bbe1acc7a7692
vis.pl.txt
Posted Jan 27, 2006
Authored by spher3 | Site hackerscenter.com

Vis.pl is a perl script which manages files as part of e-cms. It suffers from a directory transversal vulnerability.

tags | exploit, perl
SHA-256 | 9fdc7050f5b45aecc2181212ddce45de932feeee80a7d300792bc90d14fede25
SUSE-SA-2006-004.txt
Posted Jan 27, 2006
Authored by Ludwig Nussel | Site suse.com

Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).

tags | advisory
SHA-256 | b64f32086896128a7524972310d015e83c678f8cf9b97ebf8fd1a79eba34f537
MyBB-search.txt
Posted Jan 27, 2006
Authored by imei addmimistrator

MyBB v1.0.2 updated suffers from XSS via search.php

tags | exploit, php
SHA-256 | 116d4114a3fb7272c653f7d5c5cfb9e02b998d25d0472457be86e3552be1fa79
Mandriva Linux Security Advisory 2006.021
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

tags | advisory, arbitrary
systems | linux, mandriva
SHA-256 | 897c333ce70a20c6f2d9149f352916147e4429b477261025fe5234bb08e37eaa
Mandriva Linux Security Advisory 2006.020
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

tags | advisory, remote, denial of service
systems | linux, mandriva
SHA-256 | ee52fbcb65d41969cad44c59a4feafd7aa491068d721040497fb1b1c9b92ccd9
Oracle-PLSQL.txt
Posted Jan 27, 2006
Authored by David Litchfield

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.

tags | advisory, web, sql injection
SHA-256 | 1065f3171e688a6943367c17316c3c189200259c4f1a0d62c3094f4eff89ca02
CheesyBlogXSS.txt
Posted Jan 27, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

CheesyBlog v1.0 suffers from XSS POC included.

tags | exploit
SHA-256 | 3fd4b2989d5054ff8d72e4f3c1575b5be04a57c50e2f2bd380fe097a6665e0da
XST Strikes Back - Cross Site Tracing Whitepaper
Posted Jan 27, 2006
Authored by AKsecurity

XST Strikes Back - A technical paper discussing Cross Site Tracing vulnerabilities in proxy servers.

tags | paper, web, vulnerability
SHA-256 | c934a83e625611f6470be7257fa46f16e64a415f899bccbeb6d42966dd6a3e9a
sami_ftp_poc.pl
Posted Jan 27, 2006
Authored by Critical Security | Site critical.lt

Sami FTP 2.0.1 Stack based buffer overflow exploit.

tags | exploit, overflow
SHA-256 | e922ab7c11cb52efd90f7621f905abb5f57668faa3fd428f54a4fadf7afa77bf
kapda-25.txt
Posted Jan 27, 2006
Authored by Roozbeh Afrasiabi | Site KAPDA.ir

MYBB 1.x does not properly sanitize user supplied input leading to a XSS vulnerability.

tags | exploit
SHA-256 | 49fc1d88d10eba01d4fbb0fc35e2604c60f21a490adc1e502b9a7a0247f2e0f9
HP Security Bulletin 2006-11.4
Posted Jan 27, 2006
Authored by Hewlett Packard, HP | Site hp.com

HPSBMA02094 SSRT061104 rev.1 - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).

tags | advisory, vulnerability
SHA-256 | a0f1d5ed058295d6c7d24747be59443842325f38f166c4c696c87f218a337a0d
HP Security Bulletin 2006-10.99
Posted Jan 27, 2006
Authored by Hewlett Packard, HP | Site hp.com

HPSBUX02091 SSRT061099 rev.1 - A potential security vulnerability has been identified with HP-UX systems where the vulnerability may be exploited to allow a local user to increase privilege.

tags | advisory, local
systems | hpux
SHA-256 | 8ae2a9fe12c13bb09e8e72758e7a76f068b102cce3084578f3b47ba6858efc77
Eterm-LibAST.txt
Posted Jan 27, 2006
Authored by Angelo Rosiello | Site rosiello.org

Eterm when built links to LibAST. A stack overflow vulnerability exists in LibAST that allows an attacker to execute commands with user group utmp.

tags | advisory, overflow
SHA-256 | 67f1218054724b40978a0903b78af822039d90aea5acfefee5b94f09deafab4c
BitCometURI.c
Posted Jan 27, 2006
Authored by nick58

A vulnerability in BitComet allows remote attackers to construct a special .torrent file and put it on any BitTorrent publishing web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary code on victims' host by specially crafted .torrent file.

tags | exploit, remote, web, arbitrary
SHA-256 | 4b077d331615c0b65e9f04f8ad621d424f9bac4b7f0011f69dc70fd696800984
Mandriva Linux Security Advisory 2006.025
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).

tags | advisory, arbitrary, local
systems | linux, mandriva
SHA-256 | 11579c0483d4d509e057942afed3ac8f037f22d6b816d70ff94eb1d07aafaa0d
Mandriva Linux Security Advisory 2006.024
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
SHA-256 | 910d914cd815f14e7de2f37a55752c9068d22431d6de852fd6ef74967dfd98c5
Mandriva Linux Security Advisory 2006.023
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content.

tags | advisory, perl
systems | linux, mandriva
SHA-256 | 62d3761f131bbe3c54e9726abae35a70c7ccda64f6b057a6c63b7ba7e6b3c488
Mandriva Linux Security Advisory 2006.022
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation.

tags | advisory, remote, overflow, arbitrary, perl
systems | linux, mandriva
SHA-256 | 59cef922e333f30a590f435910e8a784fba46f9e75af3e838ad9402bfcdf1680
Debian Linux Security Advisory 957-1
Posted Jan 27, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 957-1 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.

tags | advisory, shell
systems | linux, debian
SHA-256 | 2a5172ff5fdbf831edd4e378fc7dbeaf856412e4ea840c9dee36d8163f9273f6
Debian Linux Security Advisory 956-1
Posted Jan 27, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 956-1 - Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.

tags | advisory, shell, local, protocol
systems | linux, debian
SHA-256 | 3d3b94a323e19f3f68cf7df9f7a10ceb1451be1ebe25578966ee8a4aec0a3d88
Gentoo Linux Security Advisory 200601-12
Posted Jan 27, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200601-12 - Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Versions less than 0.9.3 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 946808015c29402c4c324ed44bc6c7182c42193d76f77e71e75fd6c64d5de559
Page 3 of 31
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close