exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 719 RSS Feed

Files Date: 2006-12-01 to 2006-12-31

Posted Dec 22, 2006
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: More flexible detection of the LZO libraries when compiling. Fixed a bug where broadcasts in switch and hub modes sometimes would not work anymore when part of the VPN had become disconnected from the rest.
tags | encryption
SHA-256 | 0985993a0465b30c8b6c4ef50ec03fd810f520b1e344875e51df3db5bd18c538
TOR Virtual Network Tunneling Tool
Posted Dec 22, 2006
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Added async dns code, new dirport behavior, added a man page, and various other minor changes.
tags | tool, remote, local, peer2peer
SHA-256 | 3be8c89be5b927e73b77a82ca3d83f0f162fceea2d6a14ce1c0cf5333b36cd1c
Posted Dec 22, 2006
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Added the host to LogLevel 2. Added support for tcmalloc. Fixed problem with the initialisation of host_mut.
tags | web
SHA-256 | 316545c126f11be95deab5fb60d6a26e1aa644f9a8b5972219062ce6521e1491
Posted Dec 22, 2006
Authored by DarkFig

Ixprim version 1.2 remote blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | aec29fc93d3d359b2ff53e290036f5098f53c7fa9975ee28b67553cea97daac1
Netragard Security Advisory 2006-12-06
Posted Dec 22, 2006
Authored by Netragard | Site netragard.com

Netragard, L.L.C Advisory - @Mail version 4.51 does not properly sanitize email allowing for cross site scripting attacks.

tags | advisory, xss
SHA-256 | 39e68d57bada5a83cf9b09964668a0c6d5d4d57328013bb0836d4cd7e2938ac1
Posted Dec 22, 2006
Authored by Metaeye SG | Site sqid.rubyforge.org

SQL injection digger is a command line program that looks for SQL injections and common errors in websites.

tags | tool, scanner, sql injection
systems | unix
SHA-256 | 44417028b879d6d4fbf9915ad1cc1b82f2f4c92abdec94ba485af2b138092d0b
Posted Dec 22, 2006
Authored by GomoR | Site gomor.org

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. It only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3.

Changes: SinFP has now 140 signatures. Now works under big-endian architectures.
tags | tool, scanner, tcp
systems | unix
SHA-256 | b331059034af9107a5337cf0610c72d0451724675b3bc870cfbdbf7ae99ffe20
Posted Dec 22, 2006
Authored by Sergio Alvarez | Site nruns.com

NOD32 Antivirus software versions prior 1.1743 suffer from an arbitrary code execution flaw.

tags | advisory, arbitrary, code execution
SHA-256 | dcc3ac0483403c98b5780d90539d0fc3e3f9ac428aed9e62ae4ad4c049d3f440
Debian Linux Security Advisory 1240-1
Posted Dec 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1240-1 - Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.

tags | advisory, web, arbitrary, shell
systems | linux, debian
advisories | CVE-2006-5925
SHA-256 | 2fb87b3e15f1f071ef980b8d812b18f940443fa77e4eaea8cb13734a864200cd
CA Security Advisory 34876
Posted Dec 22, 2006
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CAID 34876 - CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability.

tags | advisory
SHA-256 | 0f54412beb75b544d797f6a6475238fc984c6235fe7678318bc1b6e2c236672c
Technical Cyber Security Alert 2006-354A
Posted Dec 22, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert - Mozilla has released new versions of Firefox, Thunderbird, and SeaMonkey to address several vulnerabilities. Further details about these vulnerabilities are available from Mozilla and the Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user to view a specially-crafted HTML document, such as a web page or HTML email message.

tags | advisory, web, vulnerability
SHA-256 | e107062e328dbd419858acefe8e2fad607022adda52781c93e6a34a0be90d649
Mandriva Linux Security Advisory 2006.234
Posted Dec 22, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-234 - XSP (the Mono ASP.NET server) is vulnerable to source disclosure attack which allow a malicious user to obtain the source code of the server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic.

tags | advisory, web, asp
systems | linux, mandriva
advisories | CVE-2006-6104
SHA-256 | 8a127f50798d6860d450a586a8af3b0175981db6294bc0df3a14b9c3c9dfd77c
Ubuntu Security Notice 397-1
Posted Dec 22, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 397-1 - Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2006-6104
SHA-256 | 94419be4f07c7c1769569c844a7f0de39d524d4f3ae40d536ad18d6482417771
HP Security Bulletin 2006-12.88
Posted Dec 22, 2006
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.

tags | advisory, vulnerability
SHA-256 | 5242bb67e4081b1f7e9f9ee63a21f4f1a19532ea06823226a4b41a89f43ae3f2
Gentoo Linux Security Advisory 200612-21
Posted Dec 22, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-21 - The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12. Versions less than 1.8.5_p2 are affected.

tags | advisory, cgi, ruby
systems | linux, gentoo
SHA-256 | 9b5880e8331459d98744c8c54e9c6c1f39c8fc5f0f33c650d9602d9ce86f86c4
Gentoo Linux Security Advisory 200612-20
Posted Dec 22, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-20 - M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. Versions less than 1.3.0 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | e28a5f46fd2cb63fa0d448c8c20cfe45f25c0fc0d77f910d130e27f8453c964e
Gentoo Linux Security Advisory 200612-19
Posted Dec 22, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-19 - Steve Rigler discovered that pam_ldap does not correctly handle PasswordPolicyResponse control responses from an LDAP directory. This causes the pam_authenticate() function to always succeed, even if the previous authentication failed. Versions less than 183 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | e64895cba6cea263dea3c75b42533b05a9f6df284ba411224f20bcd3856675f7
Posted Dec 22, 2006
Authored by Jose Ramon Palanco | Site eazel.es

The Mono XSP ASP.NET server allows for source code disclosure when a %20 is appended to a URI. Version 1.2.1 is affected.

tags | advisory, asp
SHA-256 | 35a0a5a28f626206a9628043116c7c862cab25d293bacf607501c972dd0dfa16
Posted Dec 22, 2006
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from a arbitrary code execution vulnerability. Versions prior to 1.1743 are affected.

tags | advisory, arbitrary, code execution
SHA-256 | 68c8e00a070400f31b4f79d8fd1f5ed916dc36dd5153dcfabf13efd85383835a
Posted Dec 22, 2006
Authored by D. Fabian, J. Greil | Site sec-consult.com

SEC-CONSULT Security Advisory - Typo3 CMS versions 4.0.0 through 4.0.3 (along with other variants) suffer from a remote command execution flaw. Proof of concept included.

tags | exploit, remote, proof of concept
SHA-256 | 855559bf26aa89e08a42b32a4a13e9d2151e9b5cca1e5cb32c2673a8d897c507
Zero Day Initiative Advisory 06-051
Posted Dec 22, 2006
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected versions are Mozilla Firefox and Mozilla Firefox through

tags | advisory, remote, arbitrary
advisories | CVE-2006-6504
SHA-256 | 6c930915441d7aeff70bc73318e30776dc3e210ca3f2808e3a1360ebca8e497c
Posted Dec 22, 2006
Authored by Linux_Drox

Mini Web Shop version 2.1.c suffers from a cross site scripting flaw.

tags | exploit, web, xss
SHA-256 | 970873219107890b1946642cf65764cbf57ed2a3ecf4f22de9e3d32e36d4e031
Posted Dec 22, 2006
Authored by Marco Ivaldi

Oracle 9i and 10g file system access via utl_file exploit.

tags | exploit
SHA-256 | 6a855c171229fa36b67fcac3d0b5386b14c748ade5343c12a88b8cf49a41e5f0
Posted Dec 22, 2006
Authored by Marco Ivaldi

This PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user. All versions of Oracle 9i are susceptible. Oracle 10g versions prior to are susceptible.

tags | exploit, arbitrary
advisories | CVE-2004-1364
SHA-256 | a20687baa07c822bd25b99c3cf83c52490637e73c8ad269208f88421d3667d01
Posted Dec 21, 2006
Authored by ShaFuck31

Burak Yilmaz Download Portal suffers from a SQL injection vulnerability in down.asp.

tags | exploit, sql injection, asp
SHA-256 | 232bf4511ed710d75dcf4e2107d1a0f12dd68cfad98c046d6e17f5efc754481a
Page 6 of 29

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By