Cisco PSIRT's response to the privilege escalation vulnerability in multiple Linux based Cicso products including: Cisco Wireless LAN Solution Engine (WLSE), Cisco Hosting Solution Engine (HSE), Cisco User Registration Tool (URT), Cisco Ethernet Subscriber Solution Engine (ESSE), CiscoWorks2000 Service Management Solution (SMS)
5fed5f29f98f68d37f4b0e34a99ad89ec73549e4955eedd56cf3633347bb56beAssurance.com.au - Vulnerability Advisory: Multiple vulnerabilities in Linux based Cisco products. the "show" application has several vulnerabilities which allow an attacker to "break out" of the shell and execute commands (including /bin/sh) as the root user.
ffd7ec925a08321578c4606c7b0a6bde0583a426858c95a75515779c416b030aThe package SYS.DBMS_LOGMNR_SESSION contains a SQL injection vulnerability in the procedure DELETE_FROM_TABLE. Oracle fixed this problem by using the package DBMS_ASSERT.
1eb412d989006bda131499a0f77fe151a8bbbc7dc287b8e0d7be3dc8c7bd297fSome components of Symantecs LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.
a36f19d2a6ed11d0ffb67d60451dbbfebd2b4a55d7432dc8a62f16c20cc2b9fcphpLister v. 0.4.1 suffers from XSS.
8b1f1255e539096abf589d91e29f48549f7c3a9af76ed4ba68514c56be5bde95A paper discussing the various vulnerabilities in Ad-Aware.
4b6a28f895b49f29af11ab0ad13559dae263a936ed19aedc7e28d7ca632b9ba8proxytest.pl is a perl script that reads in a list of proxies from a text file and checks their state.
6ee7234a27bb8276b190e57089ec9fe6039dd9086a9ef97adaf4240fcfd66ed9wnetstat.pl is a small perl wrapper script to hide IPs from netstat.
02bc906fe5883774a8295c8c29a77175963ce43fbd71869d1fef8126325afe45An introductory paper for would-be hackers. It could also prove useful for network admins and hackers that want to improve themselves. Chapters include: The OS, Understanding TCP/IP, Becoming a Hacker, WHOIS Databases, Basic Tracerouting and Path Analysis, Mapping with DNS and Geolocation and more.
b4e91f313fa1cce8a5f8538e82a63ea7ab2d08cf63b8afe5a744d2e88801afa3libShellCode is a library that can be included when writing Linux and BSD i386 based exploits by providing functions that generate shellcode with user given parameters during runtime.
62dc05ebdc7b74df8811246fb68046d2fcd9f998a5c37747b2183c8dd2035545open security advisory #16 - Xine Media Player Format String Bug - There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.
d4f570c418c920fa2ace268f9e01803444655bf73c95bb1f9a806e7168cb8848An example of a return into libc exploit that possibly works though grsecurity patch protection.
3d52d2bc3578ca63d91d157654640485e25d9bb02f962aa6d3f5f5cfb99a6f01Linpha 1.1.0 suffers from a XSS vulnerability.
f7e3f5d7e4eb3b1bc3ee23685ee770c5e7307dd23fd9a66a2f4042defa1f53b3FlexBB 0.5.5 remote SQL login bypass exploit.
8ec957f077965343b237cb624658ab727dbed83ca28cd9460e3a4489e4d2e1b8Neon Responder 5.4 for Windows suffers from a DOS - sending it a specially crafted "Clock Synchronization" packet causes it to crash. POC included.
00308f6b50521d1c774a89502ee9de291b104713e6c78d55efed7ad64f9478bdRechnungsZentrale v2 suffers from SQL Injection and Remote File inclusion Vulnerabilities.
199f60d5a50ae67e551c0a6e37b12a5cd7446cbdbfe0fa75e2ffcebfaec62501Findnot.com DNS Privacy Breach, DNS Spoofing Exposure, and ISP Monitoring Vulnerability - Several vulnerabilities have been reported in Findnot.com's SSH Proxy Service which can cause all DNS requests for lookup of sites visited to be resolved using local DNS servers.
a31794b9b3bd88d68a780c393eeb2de80a451637e98988ab84f8fef14ed66b8cFindnot.com IP Address Privacy Breach and Unencrypted Data Vulnerability - Several vulnerabilities have been reported in Findnot.com's Microsoft PPTP VPN Service Client, which can cause intermittent immediate loss of anonymity and privacy while using the service.
c0752cb8fe102e220a572433d2dce33f44c4db45a14e50386da67dfd2e8bc542SnmShred Mail Shredder - A perl script designed to exploit the RCPT function of sendmail to flood a mail server.
cce6ffec509ff19248173998ae0f248d9ec996a9de28ed4954b65b709b198d89Defacing The Art Of Hijacking Spamming And EMail Viruses - A paper analyzing the methodology of hijacking a users web browser focusing mainly on Internet Explorer.
a19d8c74cf6da99ca80f6b3a1494254c3e49702f0a7e4c81583dd174eeb52bf6Web Management Port Scanner - a portscanner written in perl to find open web management ports.
8cad85f4aa0349fabc4af990c1d5409313e9fa2e773e2125d265b5db72cf634cNetProx Proxy Redirector - a proxy redirector written in PERL for connection redirection between remote machines.
7bb571bfb44fe6f5af0880fd8cc2ca70bcb72f15d7bc2483d40bae54f239f0f2phpMyAgenda 3.0 Final suffers from a Remote File Include Vulnerability in agenda.php3.
0127ffa3f68c50522dd1e30f8420f3e869bbb31c79e98814dd7ee96be5025be1bloggage suffers from a SQL injection vulnerability. POC included.
7a2ffb82807a4c80dfb88bf703c3f20e81c36ea5204da378e2d297a46d82a022Mini-NUKE v2.3 suffers from a SQL injection vulnerability.
114b0a0ebc035da9aeb614dc226952c5976517fc0db78b6fd4b1da9be7fdc486
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed