what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 113 RSS Feed

Files Date: 2006-09-07 to 2006-09-08

Secunia Security Advisory 21801
Posted Sep 7, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for streamripper. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, gentoo
SHA-256 | 5891cf2949c3dde1aab6f4113d576467e7d1ce9ae696900567cb2bad41488522
Ubuntu Security Notice 339-1
Posted Sep 7, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-339-1 - Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 version 1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2006-4339
SHA-256 | f353aeb0d2f6e5450daa438299f434f33461047f6023cd7eeb31a4405527fa8e
grapagenda.txt
Posted Sep 7, 2006
Authored by Andries Bruinsma

GrapAgenda version 0.1 suffers from a remote file inclusion flaw.

tags | exploit, remote, file inclusion
SHA-256 | 1849af3436f09c980b7a19c07d7855555b1f40e68a66dcd083960873503979d7
EC2ND-2006-CFP.txt
Posted Sep 7, 2006
Authored by Dr. Andrew Blyth

Call For Papers for EC2ND. The 2nd European Conference on Computer Network Defense will take place in December 2006 at the School of Computing, University of Glamorgan. The theme of the conference is the protection of computer networks. The conference will draw participants from national and international organizations. The conference will comprise a number of tracks arranged according to the submissions received and interests expressed.

tags | paper, conference
SHA-256 | 8909ba729c517c39ccc0b172732e74b6a09a281e5ff847ad16d4e1b207a1b8b0
Ubuntu Security Notice 338-1
Posted Sep 7, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-338-1 - Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions' definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the definer of that function. Peter Gulutzan reported a potentially confusing situation of the MERGE table engine. If an user creates a merge table, and the administrator later revokes privileges on the original table only (without changing the privileges on the merge table), that user still has access to the data by using the merge table. This is intended behavior, but might be undesirable in some installations; this update introduces a new server option "--skip-merge" which disables the MERGE engine completely.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-4227, CVE-2006-4031
SHA-256 | 39b2534095845f961ec9fef7935d84281c4fe34a2f44878fbacbbc06abb7879c
Debian Linux Security Advisory 1169-1
Posted Sep 7, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1169-1 - Several local vulnerabilities have been discovered in the MySQL database server. Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.

tags | advisory, remote, local, vulnerability
systems | linux, debian
advisories | CVE-2006-4226, CVE-2006-4380
SHA-256 | 4037e89717a02092b41bc050048fed186c7ef990991d4d70c73933fd330d8b77
Debian Linux Security Advisory 1168-1
Posted Sep 7, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1168-1 - Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2006-2440, CVE-2006-3743, CVE-2006-3744
SHA-256 | e2522e88a1808ecbe65528b77300724864d1951d33a10a4085b442667021c676
softbbxss.txt
Posted Sep 7, 2006
Authored by ThE__LeO

SoftBB version 0.1 suffers from a cross site scripting flaw.

tags | exploit, xss
SHA-256 | e22c62efac22ab0af78510b4ef617bb7017db23ca2b14b04f81059e0452c9189
openssl-0.9.7k.tar.gz
Posted Sep 7, 2006
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: RSA Signature forgery security fix.
tags | encryption, protocol
advisories | CVE-2006-4339
SHA-256 | 9bbce75d55c03fad47f7ca5e6790facca4b203b28c6c33428d1a471ef73ee622
openssl-0.9.8c.tar.gz
Posted Sep 7, 2006
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: RSA Signature forgery security fix.
tags | encryption, protocol
advisories | CVE-2006-4339
SHA-256 | 896f7830c1921688f22c6fe4fb3d7b75189cefdd79acca5fb0cad2b599139048
secadv_20060905.txt
Posted Sep 7, 2006
Site openssl.org

OpenSSL Security Advisory - Daniel Bleichenbacher recently described an attack on PKCS #1 version 1.5 signatures. If an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 version 1.5 signature signed by that key. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. Since there are CAs using exponent 3 in wide use, and PKCS #1 version 1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 version 1.5. This includes software that uses OpenSSL for SSL or TLS. OpenSSL versions up to 0.9.7j and 0.9.8b are affected.

tags | advisory
advisories | CVE-2006-4339
SHA-256 | 59a33c2a45a20df8da2bc65f9fd698a4d6aa23493f9cf7320628b4071df05671
TTG0602.txt
Posted Sep 7, 2006
Authored by TTG | Site teklow.com

Alt-N WebAdmin version 3.2.5 running with MDaemon version 9.0.6 suffers from a flaw that allows Domain administrators within the default domain the ability to take over the MDaemon system account.

tags | advisory
SHA-256 | 49daca546bd5669665982a276cd4a7d2289a0ff3b5a1c24e3ce157138c26e127
eabweb.txt
Posted Sep 7, 2006
Authored by Revnic Vasile

Easy Address Book web server version 1.2 suffers from a denial of service condition.

tags | exploit, web, denial of service
SHA-256 | e2b6d30b4ac467af70622c26bb4c3022e88774ed2d08182c0f8fd4416862d180
flashchat.txt
Posted Sep 7, 2006
Authored by NeXtMaN

Two remote file inclusion flaws exist in Flashchat versions 4.5.7 and below.

tags | exploit, remote, file inclusion
SHA-256 | 84f1d96aa84d185d14f233854f7d55ec7dde0f7be8e3efa6868c0fbb8cbab3e5
Debian Linux Security Advisory 1167-1
Posted Sep 7, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1167-1 - Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web scripts. A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server. Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, debian
advisories | CVE-2005-3352, CVE-2006-3918
SHA-256 | e2e4e26e8c15671b25c8df4bd7452b838d010fd11f416ec7687a15a0c991a3a9
anywhereUSB.txt
Posted Sep 7, 2006
Authored by Itzik Kotler | Site safend.com

AnywhereUSB/5 version 1.80.00 drivers are susceptible to an integer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2006-4459
SHA-256 | 0c27a98db83f0a8a68090d1bd4c0d84e07621e5d1353df823c420b30be6aec6a
simpleblog0day.txt
Posted Sep 7, 2006
Authored by Vipsta, MurderSkillz

SimpleBlog versions 2.3 and below remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 3a761a2a7745e8c4d91313f0665ffdd6f3caa24af9b54d628a09147973dc6033
softbb01.txt
Posted Sep 7, 2006
Authored by DarkFig

SoftBB version 0.1 remote PHP code execution exploit.

tags | exploit, remote, php, code execution
SHA-256 | 3983b9494316ad00fd0e51d0cb405d702282e8d7f6b1fc6823a9c7881be3d47b
RCE_PDF.zip
Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

This paper is intended as an introduction to reverse engineering for someone who has no experience on the subject.

tags | paper
SHA-256 | b8caadda8d6c36dbf640925de6b437af651606ace7a3d4487b29fdb6cce2cd18
Taking_Back_Netcat.pdf
Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.

tags | paper, virus
SHA-256 | acfa9cdef5c30cd4848dccab719ac832c6ce65cf0aae70ef4dc41ad12ea37fd7
stacksmash.txt
Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

Modern whitepaper that is along the lines of 'Smashing The Stack For Fun And Profit' that also takes into account how the GNU C compiler has evolved since 1998.

tags | paper
SHA-256 | 3972ef78d5d378100d75cd0552c59ce31b25e4c886950965b6f1767fe95d3880
win_mod.zip
Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

This multi-part tutorial will present several ways in which you can add functionality to closed source Windows executables through DLLs, PE header modification, and good old assembly code. Adding code to existing code caves, modifying PE headers to create code caves and/or importing DLL functions, adding backdoors to programs, and adding plugin support to closed-source programs are all covered.

tags | paper
systems | windows
SHA-256 | addfbf9225a75334eb73fe19aa2b943d801118f73553f9dc431330aa37f87327
AS05081701.txt
Posted Sep 7, 2006
Site airscanner.com

Airscanner Mobile Security Advisory - IM+ version 3.10 suffers from a local plaintext password disclosure flaw.

tags | advisory, local
SHA-256 | a565539c6a3017f99a9043b356cc42d8dd162ce48ff02f51177479c4eb85e8e1
AS05081201.txt
Posted Sep 7, 2006
Site airscanner.com

Airscanner Mobile Security Advisory - PDAapps Verichat version 1.30bh suffers from a local password disclosure flaw.

tags | advisory, local
SHA-256 | 7c22edc0ebcc0fce181725247f5cee4a63c50a9df2446c1de4b9135bda30e8c6
inlink234.txt
Posted Sep 7, 2006
Authored by Saudi Hackrz | Site sehr.com

in-link versions 2.3.4 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | a5b526fa1c3a3bdf1d521daa26ec83829e57825a33278b78affbee39090046e3
Page 2 of 5
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close