what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 754 RSS Feed

Files Date: 2007-01-01 to 2007-01-31

Secunia Security Advisory 23981
Posted Jan 29, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Lucas Bartholemy has reported a vulnerability in WebGUI, which can be exploited by malicious users to delete assets.

tags | advisory
SHA-256 | 8e87e152c1b1ecdc422a03c7e849fc900cdb70153e9831c21017b89646b12aa2
Secunia Security Advisory 23984
Posted Jan 29, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, cause a DoS (Denial of Service), or gain escalated privileges; by malicious users to manipulate data, disclose sensitive information, or compromise a vulnerable system; and by malicious people to cause a DoS.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | 91aa6affd4dda6f513800af751e50027bba54172c8f56e8d0b8ffc09ba94c56b
iDEFENSE Security Advisory 2007-01-26.t
Posted Jan 27, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

CHM files contain various tables and objects stored in "pages." When parsing a page of objects, CHMlib passes an unsanitized value from the file to the alloca() function. This allows an attacker to shift the stack pointer to point to arbitrary locations in memory. Consequently it is possible to write arbitrary data from the file to arbitrary memory locations. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the permissions of the user viewing the file. An attacker would have to first convince the user to view the CHM file through some type of social engineering. iDefense has confirmed the existence of this vulnerability in CHMlib version 0.38.

tags | advisory, arbitrary
SHA-256 | 74680a0ac82f6ab9112f2baf2c1524efe089c3ad40b596afccd34cfe22c19e28
s21sec-034-en.txt
Posted Jan 27, 2007
Authored by David Barroso, Alfredo Andres Omella | Site s21sec.com

The Cisco Catalyst switch suffers from a denial of service vulnerability related to VTP.

tags | advisory, denial of service
systems | cisco
SHA-256 | 0f9bb8c8c7b5e234ea5320969317bf70ea0f63174091b38c82e5721e6cb32d88
phpmm-xss.txt
Posted Jan 27, 2007
Authored by DoZ | Site hackerscenter.com

PHP Membership Manager version 1.5 suffers from a cross site scripting condition.

tags | advisory, php, xss
SHA-256 | fac36d1f2ed29e1cdedc82f2e2a09a13bbe2a121df4ec98f45f4dbe93d27caf6
yim-xss.txt
Posted Jan 27, 2007
Authored by Hai Nam Luke

Yahoo! Messenger versions 8.1.0.29 and below suffer from a javascript injection flaw.

tags | advisory, javascript, xss
SHA-256 | 4b364470e048ac46853af776177c87a93533e952fea81b7179eb21d20ccdf21b
MOAB-25-01-2007.rb.txt
Posted Jan 27, 2007
Authored by LMH | Site projects.info-pull.com

Month of Apple Bugs - Ruby exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.

tags | exploit, web, denial of service, ruby
systems | apple
advisories | CVE-2007-0464
SHA-256 | f7406daaadebb8a416333b8bedaa7f1ba60dc4e0d60fe455f34deb18ee74e296
MOAB-25-01-2007.c
Posted Jan 27, 2007
Authored by LMH | Site projects.info-pull.com

Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.

tags | exploit, web, denial of service
systems | apple
advisories | CVE-2007-0464
SHA-256 | 3199da9edd031aaa3b4b089d6910159ef30dde29e74ba47226c79241f26f3d3f
Mandriva Linux Security Advisory 2007.027
Posted Jan 27, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.

tags | advisory, remote, denial of service, arbitrary, udp
systems | linux, mandriva
advisories | CVE-2007-0254, CVE-2007-0255
SHA-256 | d77cb1e58db4017a23d5119f570e069e15b83bbf49749d066985883c4d7796bb
Gentoo Linux Security Advisory 200701-24
Posted Jan 27, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-24 - Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Versions less than 0.8.6-r1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 4db9d6a033b851b61a909b7dca5d8db1695ff1b8a8f8bff12098cc358018bb1a
intel-dos.txt
Posted Jan 27, 2007
Authored by Breno Silva

The Intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote memory corruption flaw. Malformed disassociation packets can be used to corrupt internal kernel structures, causing a denial of service (BSOD). Proof of concept exploit included.

tags | exploit, remote, denial of service, kernel, proof of concept
SHA-256 | 96c1c5bf7fd32a53f660b0d112ab257bb65b17df4bb6322e76691519e7c61735
Gentoo Linux Security Advisory 200701-23
Posted Jan 27, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-23 - rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php and copy_cacti_user.php URLs. Further, the results from the injected SQL query are not properly sanitized before being passed to a command shell. The vulnerabilities require that the register_argc_argv option is enabled, which is the Gentoo default. Also, a number of similar problems in other scripts were reported. Versions less than 0.8.6i-r1 are affected.

tags | advisory, shell, php, vulnerability, sql injection
systems | linux, gentoo
SHA-256 | d7c555a36f1c81a20d475dec900dd864703e67805460f47bbdafa3430ea716ff
Ubuntu Security Notice 410-2
Posted Jan 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 410-2 - USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-0104
SHA-256 | 08ee482c20f46c68cd6cf2d08234745c81378dc1bc923d29ae15446df5fa4630
bluebugger-0.1.tar.gz
Posted Jan 27, 2007
Authored by Martin J. Muench | Site codito.de

bluebugger is an implementation of the bluebug technique which was discovered by Martin Herfurt from the Trifinite Group. It was tested with the Nokia 6310i, Nokia N72 and Sony Ericsson T68i.

tags | tool, wireless
SHA-256 | 6879a83826bef64ce9e446f98f0308b7d0cc69f9126d6391a9636f797967e936
ngs-pgp.txt
Posted Jan 27, 2007
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a medium risk vulnerability in PGP Desktop versions prior to 9.5.1 which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.

tags | advisory, remote, arbitrary
SHA-256 | 5061c9fe73a58597f1bf1e699331bbcdc95539889e7c38b2915728e608977c3c
tmvwall381v3_adv.txt
Posted Jan 27, 2007
Authored by Sebastian Wolfgarten

A local buffer overflow vulnerability in the VSAPI library in Trend Micro VirusWall version 3.81 on Linux allows arbitrary code execution and leads to privilege escalation.

tags | advisory, overflow, arbitrary, local, code execution
systems | linux
SHA-256 | 2c17540c6c33d93e818379d4381bc07d96560541c42d1a823b05b1f8a97aec8a
tmvwall381v3_exp.c
Posted Jan 27, 2007
Authored by Sebastian Wolfgarten

Local root exploit for vscan/VSAPI in Trend Micro VirusWall version 3.81 on Linux.

tags | exploit, local, root
systems | linux
SHA-256 | 9d755b5bafb1a729d747106a19b5bdf4cf329021970131996e1098b977f41310
Gentoo Linux Security Advisory 200701-22
Posted Jan 27, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-22 - Squid fails to correctly handle ftp:// URI's. There is also an error in the external_acl queue which can cause an infinite looping condition. Versions less than 2.6.7 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | b31d0c08a6602e121b269b53458495f45390f11a89b52e6792d5e2cad12ac663
php520-bypass.txt
Posted Jan 27, 2007
Authored by Maksymilian Arciemowicz | Site securityreason.com

In PHP 5.2.0 it is possible to bypass safe_mode using writing mode.

tags | advisory, php, bypass
advisories | CVE-2007-0448
SHA-256 | 146c4e06b2914516d79cb83afd2fb7356244433c4db5e34e399e6cdc488eaca4
Netragard Security Advisory 2006-12-18
Posted Jan 27, 2007
Authored by Netragard | Site netragard.com

Netragard, L.L.C Advisory - It is possible to take control of an @Mail webmail email account by exploiting a Cross Site Request Forgery (XRSF) vulnerability in the @Mail webmail product. An attacker can send a specially crafted email to any @Mail webmail user with a forged "img" tag. This forged tag, if crafted properly, will inject new settings into the @Mail webmail users account. Version 4.51 is susceptible.

tags | advisory, csrf
SHA-256 | b627e59c9804ad47e3a14c93ce12874b3658b67c476646c57f75d4949ef620ce
siteman1111-disclose.txt
Posted Jan 27, 2007
Authored by CorryL | Site x0n3-h4ck.org

Siteman version 1.1.11 suffers from a remote password disclosure flaw.

tags | exploit, remote, info disclosure
SHA-256 | 9c34460266ceba58da69e99b79c232f3c39a1cc84eb51b847fc0de7f563f296a
earthlink-activex.txt
Posted Jan 27, 2007
Authored by Ethan Hunt

Earthlink TotalAccess suffers from an unsafe method call that allows remote attackers to add entire individual e-mail addresses or entire domains to the spam whitelist.

tags | advisory, remote, activex
SHA-256 | 0405f9239c0763a98ed9173ab89281faae30dfcb72a6ba684a122482250dc4f4
aztek41-sploit.txt
Posted Jan 27, 2007
Authored by DarkFig

Aztek Forum version 4.1 exploit that demonstrates multiple vulnerabilities including SQL injection and filter bypas flaws.

tags | exploit, vulnerability, sql injection
SHA-256 | 981c779961031b5c76898596d2e11fac06d836924f262d6e6ce915897ad516eb
siteman-pass.txt
Posted Jan 27, 2007
Authored by CorryL | Site x0n3-h4ck.org

Siteman version 2.0.x2 suffers from a remote password disclosure flaw.

tags | exploit, remote
SHA-256 | a0d7d79440348673ae6422980fe047110b731c64082359ca4df99be982eddc89
uniforum4-sql.txt
Posted Jan 27, 2007
Authored by ajann

uniForum versions 4 and below suffer from a remote SQL injection vulnerability in wbsearch.aspx.

tags | exploit, remote, sql injection
SHA-256 | 23c084a4125a16749509ba6ca1d0cf5d4ea29a32d0580a2a8cf6a9088e60e593
Page 3 of 31
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close