exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 138 RSS Feed

Files Date: 2007-01-27 to 2007-01-28

aspnews3-sql.txt
Posted Jan 27, 2007
Authored by ajann

ASP NEWS version 3 suffers from a remote SQL injection vulnerability in news_detail.asp.

tags | exploit, remote, sql injection, asp
SHA-256 | 5380209fc780ce1991271b20465815ce050a987bc39d0d1b6f274e6a381e5fb0
gps12-sql.txt
Posted Jan 27, 2007
Authored by ajann

GPS version 1.2 suffers from a remote SQL injection vulnerability in print.asp.

tags | exploit, remote, sql injection, asp
SHA-256 | cc591995364d5b916d837484b9841b6e9f180e6df2b57d4cbae3773daeeb406f
ezdatabase213-xss.txt
Posted Jan 27, 2007
Authored by DoZ | Site hackerscenter.com

ezDatabase version 2.1.3 suffers from a cross site scripting flaw.

tags | advisory, xss
SHA-256 | a7fa504bccd4e44d7729e5dcef6de939133465ed8cce68a14795bed38e1c9f37
xero-rfi.txt
Posted Jan 27, 2007
Authored by XORON

Xero Portal version 1.2 local file inclusion exploit.

tags | exploit, local, code execution, file inclusion
SHA-256 | 09941014a410f6135b305eac88986452312c2ec5889f5ff03454e1e137392e9b
honeytrap-0.6.4.tar.gz
Posted Jan 27, 2007
Authored by Tillmann Werner | Site honeytrap.sourceforge.net

Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.

Changes: PoC plugin for locality sensitive hashing, Clean solution for giving packet control back to the kernel when using the ip_queue connection monitor, Fixed a segfault in the bpf filter string assembling routine, Failed mirror connections did not fall back to normal mode sometimes due to wrong return value handling for a non-blocking connect(). Fixed. The dynamic server code was redesigned. UDP support added.
tags | tcp, system logging
systems | unix
SHA-256 | 80a60ac18ba93c286463134386f029d6e79638b38dcf42d91acf268429230586
ike-scan-1.9.tar.gz
Posted Jan 27, 2007
Authored by Roy Hills | Site nta-monitor.com

ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

Changes: Multiple bug fixes and enhancements.
tags | tool, scanner
systems | unix
SHA-256 | 05d15c7172034935d1e46b01dacf1101a293ae0d06c0e14025a4507656f1a7b6
snortalog_v2.4.1.tgz
Posted Jan 27, 2007
Authored by Jeremy Chartier | Site jeremy.chartier.free.fr

Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.

Changes: Modify an correct the graph color for high, medium and low alert, PIX log detection enhancement (Spoofing), Add CISCO PIX message codes, Add JUNIPER NetScreen log detection (testing period), Add Japanese language, Add new reports for firewall logs, GUI improvements.
tags | tool, perl, sniffer
SHA-256 | 5521df472e8397ed31f51ba5f8a98c1157b3d2261def3fcf6d3f54840a1da347
Samhain File Integrity Checker
Posted Jan 27, 2007
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | c03df8d5659271944d6ce3934e87262e930bd8785c0db1f0d069e41c0d100475
Technical Cyber Security Alert 2007-24A
Posted Jan 27, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-024A - Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | cisco
SHA-256 | 1e882ffa7476ddb71296283bf6c3b20cf7b7c2a37f7f29f5e5c5109c4fc8345f
Ubuntu Security Notice 414-1
Posted Jan 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 414-1 - David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0247, CVE-2007-0248
SHA-256 | 05210acf30d32a3b4a39c289d9ae82b48d3d9d89152c390630910a8209fa56ff
oracle-6.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_CAPTURE_ADM_INTERNAL package that is used internally by the Streams Change Data Capture component. This package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ABORT_TABLE_INSTANTIATION that are vulnerable to buffer overflow attacks.

tags | advisory, overflow
SHA-256 | 13538ccabf660c81f53dfb2d42c7cad29f99e731ac69e7dcb1fd851a3f925551
oracle-5.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_LOGREP_UTIL package that is used internally by Oracle. This package contains the procedure GET_OBJECT_NAME which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
SHA-256 | 98ee7512923ba6f8306133b4b86e6bb0bf484150eaa87f3f660d18ea08ff78fe
CA Security Advisory 34818
Posted Jan 27, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.

tags | advisory, local, vulnerability
advisories | CVE-2006-6952
SHA-256 | 02589667c3f2bd1a0335ba0b442c8b18de4508cda0b0bb4a915da330839058a7
oracle-4.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_REPCAT_UNTRUSTED package that can be used to administer a replicated environment. This package contains the procedure UNREGISTER_SNAPSHOT which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
SHA-256 | a392fdb02aae2a3ce368ffd2dc987213ab8b22238449f0692db6ce0aa9ca1ba8
oracle-3.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.

tags | advisory, denial of service, overflow
SHA-256 | 61e73af128a5adcf9fa0b5295b8716fca90befba1286b6fa42341d2a70ec58b8
oracle-2.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_LOGMNR package that contains procedures used to initialize the LogMiner tool. This package contains the procedure ADD_LOGFILE which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
SHA-256 | 94c3b5b7a2b9a89fd3b80c6f253c713c91bb7c62b8c29d45d798dae9fb409f0b
oracle-1.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
SHA-256 | 338ef26acb4cd543f77b5f823a224c7aa43741f80ad756df9f64c043b8b61066
4tphi-sa-20070111-communityserver.txt
Posted Jan 27, 2007
Authored by Blake Matheny

The Telligent Community Server versions 2.1 and below suffer from a remote denial of service condition.

tags | advisory, remote, denial of service
SHA-256 | 30756b0ff294be7893973f5180bd331f38fea4cfb494c0b915bd65b133f4e937
4tphi-sa-20070111-wordpress.txt
Posted Jan 27, 2007
Authored by Blake Matheny

WordPress suffers from a resource consumption issue.

tags | advisory
SHA-256 | 8d8ca3188d446157a931ac44281f6d0146fe368d015478fb80cc7d01e81a4397
4tphi-sa-20070111-pingback.txt
Posted Jan 27, 2007
Authored by Blake Matheny

The pingback specification suffers from a weakness.

tags | advisory
SHA-256 | 71050c341fe917226455b3eae8c60ce77efbae50ade987a188bcf110e53e0c17
HP Security Bulletin 2007-12.99
Posted Jan 27, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969
SHA-256 | fb34fe32681e54ea1b2ae027c31fa571dc9e387af2e91bbce978f3e237b581d4
Zero Day Initiative Advisory 07-06
Posted Jan 27, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability.

tags | advisory, remote, arbitrary
advisories | CVE-2007-0444
SHA-256 | afd56ece701613819d3036a1647a06eefabdb65ef4e246ca3dd11d993a844138
Gentoo Linux Security Advisory 200701-21
Posted Jan 27, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-21 - The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Versions less than 1.5.2 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 42956f68c8513aed3de4b757be6e8b27b40c9a7e9b8c4d57360cb4d883a4bf53
Cisco Security Advisory 20070124-crafted-ip-option
Posted Jan 27, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco routers and switches running Cisco IOS\256 or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.

tags | advisory, denial of service, arbitrary, code execution, protocol
systems | cisco, osx
SHA-256 | ce57524847e83d7482bc8e420b9dbb9e787fa20de112c186a3841b558a674089
Cisco Security Advisory 20070124-IOS-IPv6
Posted Jan 27, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

tags | advisory
systems | cisco
SHA-256 | 696980d0085a820ddb8b1c1413f1abf3258d882ba19edba8b76a1042e118b3bb
Page 2 of 6
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close