what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 683 RSS Feed

Files Date: 2007-09-01 to 2007-09-30

Secunia Security Advisory 26956
Posted Sep 25, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in ELinks, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | accbb6ea1753aa38d6dd762f7a61ec47468a7c6178c6598a4b140bf0e5b9bd5d
Secunia Security Advisory 26959
Posted Sep 25, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - shinnai has discovered a vulnerability in ebCrypt, which can be exploited by malicious people to overwrite arbitrary files.

tags | advisory, arbitrary
SHA-256 | cc0098d048b547cdcf8466cf559fbc847c1f5d59d93b4bd3995ecbc9b415f231
Secunia Security Advisory 26960
Posted Sep 25, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Joey Mengele has discovered a vulnerability in Ask Toolbar, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 24740ed6f534acc152376e872d1189bd37f33062ef248d7e87e16c8197d19f65
Secunia Security Advisory 26963
Posted Sep 25, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - r0t has reported a vulnerability in Freeside, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 0608a9de3df8731660f1c79785870fdce01607bf0c3c68f5113405979cbd69ed
Zero Day Initiative Advisory 07-054
Posted Sep 25, 2007
Authored by Tipping Point, Sebastian Apelt | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw exists in the dsmcad.exe process bound by default on TCP port 1581. During HTTP header parsing, a host parameter of sufficient length will trigger an overflow through a call to vswprintf(). The call overflows into imported function pointers which are later called. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, overflow, arbitrary, tcp, code execution
advisories | CVE-2007-4880
SHA-256 | 41dc7af910d285e035e2db4b24819dddbe485c420937ecb6759edbce15736510
Ubuntu Security Notice 517-1
Posted Sep 25, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 517-1 - It was discovered that KDM would allow logins without password checks under certain circumstances. If autologin was configured, and "shutdown with password" enabled, a local user could exploit the problem and gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2007-4569
SHA-256 | 2e499c39af92314ba00ebfd200df3e288acfad726cd2c6476eb83f94de02fa4b
hackflatnuke.txt
Posted Sep 25, 2007
Authored by darkbunny91

FlatNuke version 2.6 suffers from account modification and privilege escalation vulnerabilities. Exploitation details provided.

tags | exploit, vulnerability
SHA-256 | b190e0ecbb89e79058226232d13f1bb03dc952d1505d6db5ab6ed2305da2cb60
googleurchin-xss.txt
Posted Sep 25, 2007
Authored by PAgVac

There is a trivially exploitable cross site scripting vulnerability on Google Urchin Web Analytics 5's login page. The vulnerability has been tested on versions 5.6.00r2, 5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely affected as well.

tags | advisory, web, xss
SHA-256 | ce3274e7eb56501ab425cb2bd6f2fdb2ee07e64757d3163190677f1bb8761e3f
HP Security Bulletin 2007-14.49
Posted Sep 25, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been reported with HP OpenVMS when running BIND version 9.2.1 or BIND version 9.3.1. The vulnerability could be exploited remotely to cause DNS cache poisoning.

tags | advisory
advisories | CVE-2007-2926
SHA-256 | a09bb19b0c9c8af48d1806be27cd1696888c513b5a7c7255717f872f8899b441
phpbbplusrbt-rfi.txt
Posted Sep 25, 2007
Authored by Rbt-4 Crew

phpBB Plus suffers from a remote file inclusion vulnerability in lang_admin_album.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 3db115fede6f2e754b24773d279e3a245c98df46983db5e5425fd1bff288efa7
linuxkernel-validation.txt
Posted Sep 25, 2007
Authored by Wojciech Purczynski

Insufficient validation of the general-purpose register in IA32 system call emulation code may lead to local system compromise on x86_64 platform for Linux kernels in the 2.4 and 2.6 series.

tags | advisory, kernel, local
systems | linux
SHA-256 | 582a5c2d939e68c0d571198a813a2719f83439bc4ef3e77a22f493ad41e5defa
Gentoo Linux Security Advisory 200709-15
Posted Sep 25, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200709-15 - An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Versions less than 1.5.0.11_p1 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3698, CVE-2007-3716, CVE-2007-3922, CVE-2007-4381
SHA-256 | 7fdb4e744b2a4eb445e22ef57bcd9e629f2d1b917854102595d6f84a97a47497
erne.txt
Posted Sep 25, 2007
Authored by ErNe | Site biyosecurity.net

New bypass shell for Linux servers. What you don't want to find lying around in your webroot.

tags | tool, shell, rootkit
systems | linux, unix
SHA-256 | 406bc0cd44ee8416796f2a5e638f43e920086a09ef3a7eed8c7939e13adc3115
greek-rfi.txt
Posted Sep 25, 2007
Authored by George Papandreou

It appears that the Greek Web Election System suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, web, vulnerability, code execution, file inclusion
SHA-256 | aabdc11833b1cc110827e42ff3b3f3ba808474f20075dc62e8d901c3587f6e60
windowslive-remote.txt
Posted Sep 25, 2007
Authored by Lostmon | Site lostmon.blogspot.com

The GDI engine in Windows Live Messenger suffers from a malformed file overflow when handling specially crafted JPG/WMF/GIF/DOC/ICO files. Details on remote exploitation included.

tags | exploit, remote, overflow
systems | windows
SHA-256 | bfc4c881be73b29f5578000f0b6ddc62a7a0e8d320bce7c318c403f6ec9ecd0b
wpregister-xss.txt
Posted Sep 25, 2007
Authored by PAgVac

Earlier versions of the Wordpress 2.0 branch are susceptible to two vanilla cross site scripting vulnerabilities in wp-register.php.

tags | exploit, php, vulnerability, xss
SHA-256 | 926d18fafb32a71ceede629f6854b332e6b8a3443676de42044243d4caab339d
Mandriva Linux Security Advisory 2007.187
Posted Sep 25, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670
SHA-256 | 01d42bfc7015b848897634663e966d52f46f75ad839abd6b538db6357c46f4f2
EEYE-ARCserve.txt
Posted Sep 25, 2007
Authored by Yuji Ukai, Andre Derek Protas, Matt Oh | Site eeye.com

eEye Digital Security has discovered multiple vulnerabilities within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900.

tags | advisory, remote, arbitrary, tcp, vulnerability
SHA-256 | 2c3fbc7b2a14abfd5c6627658fb14d28b20b7c63ec81bf6bcd5dcc180cd1adfc
iDEFENSE Security Advisory 2007-09-20.2
Posted Sep 25, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 09.20.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. The LGServer contains multiple vulnerable functions that handle network requests, several of which contain more than one vulnerability. All together there are nearly 60 buffer overflows in the LGServer. The majority of these are the result of copying remotely supplied strings into fixed-size buffers without validating that enough space is available. iDefense has confirmed the existence of these vulnerabilities in ARCServe Backup for Laptops and Desktops version 11.1 (Build 900) for Windows. Other versions may also be affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | windows
advisories | CVE-2007-5003, CVE-2007-3216
SHA-256 | 72c9521d69485fd2d5531c5609c4b4e539ccce5161f2e3b44db5b10798d90e23
iDEFENSE Security Advisory 2007-09-20.1
Posted Sep 25, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.20.07 - Remote exploitation of an authentication bypass vulnerability in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists since the command handlers that service network requests do not check to see if the peer is authenticated. iDefense has confirmed the existence of this vulnerability in ARCServe Backup for Laptops and Desktops version R11.1 Build 900. Other versions may also be affected.

tags | advisory, remote, arbitrary, bypass
advisories | CVE-2007-5006
SHA-256 | db8962587606f6d38f4340dd8301702ef16a85232946715121dda60d20bdfd7a
iDEFENSE Security Advisory 2007-09-19.4
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-4988
SHA-256 | f15006e42c189c3db2bf727e6128cafe43dfd9f11ab3e04f180f7aaa700c2726
iDEFENSE Security Advisory 2007-09-19.3
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2007-4985
SHA-256 | 0a5c70db502c3a5cf0ea526562f6fa2b0f92c51300e22a74037a7ad48f2d63fc
iDEFENSE Security Advisory 2007-09-19.2
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-4987
SHA-256 | 6e14652fd891c0ae053226ed97e3c1707acb9c431d9f1925d4a9ea997f01bbd4
iDEFENSE Security Advisory 2007-09-19.1
Posted Sep 25, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2007-4986
SHA-256 | 5b1330bd7f39749529500cc92bdb0c3b934975d17ff694e3d5b0edf375532508
greensql-xss.txt
Posted Sep 25, 2007
Authored by laurent gaffie

GreenSQL is susceptible to a permanent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6ee0756407142504541c0f700584615598beaa3a0403bd66dae0a00a9a3793e4
Page 5 of 28
Back34567Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close