exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 58 RSS Feed

Files Date: 2007-02-24 to 2007-02-25

oracleaj-perm.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba permission exploit.

tags | exploit
SHA-256 | be5a7a117a5a7138a5af86ccc0c243dccb203c6067e135b0be15cdfa6f512e7f
oracledmgd-sql.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g DBMS_METADAT.GET_DDL SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 22c37030fed27531bd03cd47fbf64604291cb410a853d7c205fbe3c52718599f
oracleas-sql.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g ACTIVATE_SUBSCRIPTION SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 63a34d4339cc73a678fd778fd38273ebf49cc26f0f23ea869cf27b25d83b7500
newsbin-local.txt
Posted Feb 24, 2007
Authored by Marsu

News Bin Pro version 5.33 local buffer overflow exploit for .NBI files.

tags | exploit, overflow, local
SHA-256 | 8aba7334b89fe40eeb725e4af83382b7b7a283b8cf978741119330a896e0bb9f
nortel-sh.txt
Posted Feb 24, 2007
Authored by Jon Hart

Nortel SSL VPN Linux Client versions 6.0.3 and below local privilege escalation exploit.

tags | exploit, local
systems | linux
SHA-256 | 9c95beab9a1a6800137bcdbd9e39045411aaf4de0ddea50b74e4cab410e371e1
fcring-rfi.txt
Posted Feb 24, 2007
Authored by kezzap66345

FCRing versions 1.3 and below suffer from a remote file inclusion vulnerability in fcring.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 2ca777c25926fd1a771c059cdfbeedcd92a3197f42bfddd250467349a24cd37e
sinapis2-rfi.txt
Posted Feb 24, 2007
Authored by kezzap66345

Sinapis 2.2 Gastebuch suffers from a remote file inclusion vulnerability in sinagb.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 6e6e28f6a33f4d1b2e6762923990c9a2fe6c1264c02a3695a54f0bea04850836
sinapis-rfi.txt
Posted Feb 24, 2007
Authored by kezzap66345

Sinapis Forum version 2.2 suffers from a remote file inclusion vulnerability in sinapis.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | d4f73e1e7ef3e9c85f034078ce4c2a0767cb0cf4b037222e444097258dd8c1fc
efiction-rfi.txt
Posted Feb 24, 2007
Authored by ThE dE@Th

eFiction versions 3.1.1 and below suffer from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | b84f9bc1af3543e29c87352aa8e38c44310c9e8a42a12648dae281476d637eb8
webspell-sql.txt
Posted Feb 24, 2007
Authored by DNX

webSPELL versions 4.01.02 and below remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 7c807c519d7546a867aa112ace64dccde86e27c9a74c12c96c1630f57b2f037c
snort-py.txt
Posted Feb 24, 2007
Authored by Trirat Puttaraksa

Snort version 2.6.1 DCE/RPC Preprocessor remote buffer overflow denial of service exploit.

tags | exploit, remote, denial of service, overflow
advisories | CVE-2006-5276
SHA-256 | da1bc87a6c602c32578a4597492e36d27fd77a4063f944c9e22bf11fdc35da81
jbrofuzz-win32-05.zip
Posted Feb 24, 2007
Site owasp.org

JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. This version is the source code release.

Changes: Generators are read from file, Removed the jbrf1 file format and using a single txt file, TCP Sniffing gives the ability to launch a browser while sniffing traffic, updated a number of user interface components including the MenuBar, added copy-paste functionality within the application. This version is the executable release.
tags | web, protocol, fuzzer
SHA-256 | de302e09f1d8a0aa5d3fa554801d2cc354e65d09cf41bf79b57a9fa465675582
jbrofuzz-jar-05.zip
Posted Feb 24, 2007
Site owasp.org

JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. This version is the source code release.

Changes: Generators are read from file, Removed the jbrf1 file format and using a single txt file, TCP Sniffing gives the ability to launch a browser while sniffing traffic, updated a number of user interface components including the MenuBar, added copy-paste functionality within the application.
tags | web, protocol, fuzzer
SHA-256 | 2831a13b234e323bfa47bf6adacf11934e18aae6d474ab9f88f7ad32982b3aac
pics-traverse.txt
Posted Feb 24, 2007
Authored by sn0oPy

Pics Navigator is susceptible to a directory traversal flaw.

tags | exploit, file inclusion
SHA-256 | 22365dcfa2b91457530a4cdf15d896a826c758cbf6841b973dff2018ecca8527
firefox-bookmark.txt
Posted Feb 24, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites.

tags | advisory
SHA-256 | 21a72e3c2e3f73ba1fa951e5bf911498d17a63954a83b0046a2309ac71528a4b
iDEFENSE Security Advisory 2007-02-16.1
Posted Feb 24, 2007
Authored by iDefense Labs, Damian Put | Site idefense.com

iDefense Security Advisory 02.16.07 - TrendMicro's ServerProtect product uses a web interface which runs on port TCP 14942 to configure the product. This interface is protected with a user configurable password. Upon successful login, a cookie is set with the name 'splx_2376_info' and a valid session id as its value. The ServerProtect web application suffers from a design error vulnerability in its authorization checking routines. Attackers can gain full access to the web application by requesting any internal page while supplying their own 'splx_2376_info' cookie with an arbitrary value. iDefense has confirmed this vulnerability in Trend ServerProtect v1.3 for Linux. This vulnerability is not present in the Windows based versions of Server protect.

tags | advisory, web, arbitrary, tcp
systems | linux, windows
SHA-256 | 7526f737f4d486bbd52cceb0d0f0278593c220859fda585bc67acd98645d1085
magicnews-rfixss.txt
Posted Feb 24, 2007
Authored by HACKERS PAL | Site soqor.net

Magic News version 1.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | 4384582c0cd6afca897b34ba556c67c60dfd534b237664b61bde5139c572ac62
Mandriva Linux Security Advisory 2007.047
Posted Feb 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors that will trigger a null dereference. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2006-5701, CVE-2006-5823, CVE-2007-0006
SHA-256 | fa3164508ead23714d065780c1d3952998280e75fa1b5ed525adc60dabceb4f8
phptraffic-lfi.txt
Posted Feb 24, 2007
Authored by Hamid Ebadi | Site bugtraq.ir

phpTrafficA version 1.4.1 is susceptible to a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | c827b707796dd41d1881da032e4f9795fe1176fa2625f3f6eb0b81e46293e1cc
ccs-xss.txt
Posted Feb 24, 2007
Authored by CorryL

Call Center Software version 0.93 is susceptible to a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 22f055d083af87eb36eefdc65c30e70c2ac66974c838440895210d0c279c1baf
simbin.txt
Posted Feb 24, 2007
Authored by Luigi Auriemma | Site aluigi.org

Games developed by SimBin suffer from a denial of service flaw where a UDP packet of zero bytes sent to the server disconnects all clients.

tags | advisory, denial of service, udp
SHA-256 | fa5e287f5b93583af9eab52af614b8dc703f1025f7cf7aec03ff410c09fbf9f7
connectix-multi.txt
Posted Feb 24, 2007
Authored by DarkFig

Connectix Boards versions 0.7 and below privilege escalation and remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 8742c336adf7d155a3f10103baaf50e551901f676c5f3fbd554cce9517ea8658
Cisco Security Advisory 20070221-supplicant
Posted Feb 24, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Secure Services Client (CSSC) is a software client that enables customers to deploy a single authentication framework using the 802.1X authentication standard across multiple device types to access both wired and wireless networks. A lightweight version of the CSSC client is also a component of the Cisco Trust Agent (CTA) within the Cisco Network Admission Control (NAC) Framework solution. These products are affected by multiple vulnerabilities including privilege escalations and information disclosure.

tags | advisory, vulnerability, info disclosure
systems | cisco
SHA-256 | eb78c56a832abfabd061e6ef8eea55e0f5e27cfc9bf39f65d5b4f45509d7cd8b
Cisco Security Advisory 20070221-phone
Posted Feb 24, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Certain Cisco Unified IP Conference Station and IP Phone devices contain vulnerabilities which may allow unauthorized users to gain administrative access to vulnerable devices.

tags | advisory, vulnerability
systems | cisco
SHA-256 | d727a0e3104991ebda241524fa3aaa7e93e4e5eb96e8a4ff615cf9e870411a6c
Ubuntu Security Notice 424-1
Posted Feb 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 424-1 - Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script.

tags | advisory, remote, web, overflow, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
SHA-256 | 197e3fe41c3837aae3b310eebfbc6f6a0ad763a435fd4e78c72519ae8cd351f0
Page 2 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close