exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 82 RSS Feed

Files Date: 2007-09-25 to 2007-09-26

Gentoo Linux Security Advisory 200709-15
Posted Sep 25, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200709-15 - An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Versions less than 1.5.0.11_p1 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3698, CVE-2007-3716, CVE-2007-3922, CVE-2007-4381
SHA-256 | 7fdb4e744b2a4eb445e22ef57bcd9e629f2d1b917854102595d6f84a97a47497
erne.txt
Posted Sep 25, 2007
Authored by ErNe | Site biyosecurity.net

New bypass shell for Linux servers. What you don't want to find lying around in your webroot.

tags | tool, shell, rootkit
systems | linux, unix
SHA-256 | 406bc0cd44ee8416796f2a5e638f43e920086a09ef3a7eed8c7939e13adc3115
greek-rfi.txt
Posted Sep 25, 2007
Authored by George Papandreou

It appears that the Greek Web Election System suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, web, vulnerability, code execution, file inclusion
SHA-256 | aabdc11833b1cc110827e42ff3b3f3ba808474f20075dc62e8d901c3587f6e60
windowslive-remote.txt
Posted Sep 25, 2007
Authored by Lostmon | Site lostmon.blogspot.com

The GDI engine in Windows Live Messenger suffers from a malformed file overflow when handling specially crafted JPG/WMF/GIF/DOC/ICO files. Details on remote exploitation included.

tags | exploit, remote, overflow
systems | windows
SHA-256 | bfc4c881be73b29f5578000f0b6ddc62a7a0e8d320bce7c318c403f6ec9ecd0b
wpregister-xss.txt
Posted Sep 25, 2007
Authored by PAgVac

Earlier versions of the Wordpress 2.0 branch are susceptible to two vanilla cross site scripting vulnerabilities in wp-register.php.

tags | exploit, php, vulnerability, xss
SHA-256 | 926d18fafb32a71ceede629f6854b332e6b8a3443676de42044243d4caab339d
Mandriva Linux Security Advisory 2007.187
Posted Sep 25, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670
SHA-256 | 01d42bfc7015b848897634663e966d52f46f75ad839abd6b538db6357c46f4f2
EEYE-ARCserve.txt
Posted Sep 25, 2007
Authored by Yuji Ukai, Andre Derek Protas, Matt Oh | Site eeye.com

eEye Digital Security has discovered multiple vulnerabilities within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900.

tags | advisory, remote, arbitrary, tcp, vulnerability
SHA-256 | 2c3fbc7b2a14abfd5c6627658fb14d28b20b7c63ec81bf6bcd5dcc180cd1adfc
iDEFENSE Security Advisory 2007-09-20.2
Posted Sep 25, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 09.20.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. The LGServer contains multiple vulnerable functions that handle network requests, several of which contain more than one vulnerability. All together there are nearly 60 buffer overflows in the LGServer. The majority of these are the result of copying remotely supplied strings into fixed-size buffers without validating that enough space is available. iDefense has confirmed the existence of these vulnerabilities in ARCServe Backup for Laptops and Desktops version 11.1 (Build 900) for Windows. Other versions may also be affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | windows
advisories | CVE-2007-5003, CVE-2007-3216
SHA-256 | 72c9521d69485fd2d5531c5609c4b4e539ccce5161f2e3b44db5b10798d90e23
iDEFENSE Security Advisory 2007-09-20.1
Posted Sep 25, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.20.07 - Remote exploitation of an authentication bypass vulnerability in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists since the command handlers that service network requests do not check to see if the peer is authenticated. iDefense has confirmed the existence of this vulnerability in ARCServe Backup for Laptops and Desktops version R11.1 Build 900. Other versions may also be affected.

tags | advisory, remote, arbitrary, bypass
advisories | CVE-2007-5006
SHA-256 | db8962587606f6d38f4340dd8301702ef16a85232946715121dda60d20bdfd7a
iDEFENSE Security Advisory 2007-09-19.4
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-4988
SHA-256 | f15006e42c189c3db2bf727e6128cafe43dfd9f11ab3e04f180f7aaa700c2726
iDEFENSE Security Advisory 2007-09-19.3
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2007-4985
SHA-256 | 0a5c70db502c3a5cf0ea526562f6fa2b0f92c51300e22a74037a7ad48f2d63fc
iDEFENSE Security Advisory 2007-09-19.2
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-4987
SHA-256 | 6e14652fd891c0ae053226ed97e3c1707acb9c431d9f1925d4a9ea997f01bbd4
iDEFENSE Security Advisory 2007-09-19.1
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2007-4986
SHA-256 | 5b1330bd7f39749529500cc92bdb0c3b934975d17ff694e3d5b0edf375532508
greensql-xss.txt
Posted Sep 25, 2007
Authored by laurent gaffie

GreenSQL is susceptible to a permanent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6ee0756407142504541c0f700584615598beaa3a0403bd66dae0a00a9a3793e4
CAID-backup.txt
Posted Sep 25, 2007
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup for Laptops and Desktops contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-3216, CVE-2007-5003, CVE-2007-5004, CVE-2007-5005, CVE-2007-5006
SHA-256 | 5454620d885de990b879969d7c8d672b34a987080f8b5bfd71c41320e3bc6593
Zero Day Initiative Advisory 07-053
Posted Sep 25, 2007
Authored by CIRT.DK, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to extract IP addresses visited through the SOCKS4 Proxy on vulnerable ISA Server installations. Authentication is not required to exploit this vulnerability. This specific flaw exists when an empty packet is sent to the SOCKS4. The server will return a packet containing the last IP address it proxied to.

tags | advisory, remote
advisories | CVE-2007-4991
SHA-256 | f30d0f1e2eb43b479f7d970aebd91125dc694b6b614b48a7bc103ad84491b0bc
Digital Defense VRT Advisory 2007.4
Posted Sep 25, 2007
Authored by Digital Defense | Site netsupportmanager.com

The NetSupport Manager client that listens on TCP port 5405 does not properly handle authentication sessions. It is possible to pose as the NetSupport Manager, associate to a client, and then issue commands without performing the authentication sequence. Both the basic and advanced authentication schemes can be bypassed in the same manner. When properly exploited, this flaw will results in a complete compromise of the target system. Version 10.20 is susceptible.

tags | advisory, tcp
SHA-256 | a7aa7a89ba82c8c08a48411e2af71abe65594cf6df8a1bfd651ca4314c53d9df
barracude-xss.txt
Posted Sep 25, 2007
Authored by Federico Kirschbaum | Site infobyte.com.ar

The Barracuda Spam Firewall with firmware version 3.4.10.102 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 73c210a75e96db9b0ef220f0c9d717f3b8fe755f378c8347463d89062fd2a53e
rkhunter-1.3.0.tar.gz
Posted Sep 25, 2007
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: The changelog for this release is packed listing over 30 new features, 47 changes and 16 bugfixes.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
SHA-256 | a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186
ebdesign-remote.txt
Posted Sep 25, 2007
Authored by shinnai | Site shinnai.altervista.org

EB Design Pty Ltd suffers from multiple remote vulnerabilities in EBCRYPT.DLL version 2.0.

tags | exploit, remote, vulnerability
SHA-256 | 64e9cfc0021a7f031209234997abfa4c823ce8ce2d3a653528c729abb2ce4d12
askjeeves-overflow.txt
Posted Sep 25, 2007
Authored by Joey Mengele

AskJeeves Toolbar version 4.0.2.53 ActiveX remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
SHA-256 | 0a3890122c69043fae4c5cc4605243b6dec0e894f55f72492fb37a47c1822c75
xitami-overflow.txt
Posted Sep 25, 2007
Authored by Krystian Kloskowski

Xitami Web Server version 2.5 remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, web, overflow
SHA-256 | 60660998d133283bc88a1ec5a304f2ebfe9239ed5de4ef86b8b7f70b2f86b6e5
rgod_em_msgprn_heap.txt
Posted Sep 25, 2007
Authored by rgod | Site retrogod.altervista.org

EasyMail MessagePrinter Object buffer overflow exploit that makes use of emprint.DLL version 6.0.1.0.

tags | exploit, overflow
SHA-256 | ef38c253e5f6159950c93daca6f0f601d24318dd711729c8dcbe93c1154b92d0
ipswitch80x-heap.txt
Posted Sep 25, 2007
Authored by axis | Site ph4nt0m.org

IPSwitch IMail Server version 8.0x remote heap overflow exploit with connect-back shellcode.

tags | exploit, remote, overflow, shellcode
SHA-256 | a5363271012a058fb9a6669c3d86455f5a9b0066909dd74798b8d10d90c59905
sklog-rfi.txt
Posted Sep 25, 2007
Authored by w0cker

sk.log versions 0.5.3 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | e83dfae8de90183d56fb0d14e9b13c0fb45ef971e4f6a2e8690734777a513adc
Page 2 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close