exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 786 RSS Feed

Files Date: 2007-12-01 to 2007-12-31

Linux IPTables Firewall 1.4.0
Posted Dec 29, 2007
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: Various fixes in this release.
tags | tool, firewall
systems | linux
SHA-256 | fd9a978035e6a8f73344f986c84a222dc4ac3706b901e0c1ecae9647db5e5d52
sptrace-1.4.1.tar.gz
Posted Dec 29, 2007
Authored by Krzysztof Burghardt | Site underground.org.pl

sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace().

systems | linux
SHA-256 | 5b12b0751d6b446ffc9e5227b0c97bbcef5ba151fe0717c374a2e204b1422aa5
mihalism-rfi.txt
Posted Dec 29, 2007
Authored by GolD_M | Site tryag.cc

Mihalism Multi Forum Host versions 3.0.x and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 3eaf2408324a0c7362a2a776ceb71910d16610fa65b6b27d983daeb7cb96757f
jportal-exec.txt
Posted Dec 29, 2007
Authored by irk4z

jPORTAL version 2.3.1 and UserPatch remote PHP code execution exploit that makes use of forum.php.

tags | exploit, remote, php, code execution
SHA-256 | f1f404bfaf6b1bdfc028ac9b9544e99fd78ead0a6caa30a34cc7047ea73fd196
Gentoo Linux Security Advisory 200712-21
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.

tags | advisory, web, protocol
systems | linux, gentoo
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 244d0fd277ba8fac81e13a718b0d70f27593de6f68f4ffcc21be93c9017b2b37
Gentoo Linux Security Advisory 200712-20
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6335, CVE-2007-6336, CVE-2007-6337
SHA-256 | e3b7501c28f682a4dae876bbf5d70640402854f24b4eafc3f39148e015a7fbba
Gentoo Linux Security Advisory 200712-19
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-6437
SHA-256 | af2a73ce617ca3e2591566523a16dc39a1f737309c21751694645e09489caf12
Gentoo Linux Security Advisory 200712-18
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.

tags | advisory, web, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5824, CVE-2007-5825
SHA-256 | f6dc6d5291323beb2d64c29038b1d0c5f7ed88fdf9ce6318f7c6354fb9927501
Gentoo Linux Security Advisory 200712-17
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356
SHA-256 | f30846d92920feb64cca0600f08f57d830e4f7c5ad70f386131e9e96d25cbe72
Gentoo Linux Security Advisory 200712-16
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6353
SHA-256 | 0838f951a07633804d7f72dd5eb43d96f4126b11750c435467e868103e40c792
Gentoo Linux Security Advisory 200712-15
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6351, CVE-2007-6352
SHA-256 | 548c9365116cd57441912256c386abd5de38d4e909eeeb81d347df3bf442698a
Debian Linux Security Advisory 1442-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-4974
SHA-256 | 62cfe9ae74d16a5aab70897bf8b2abb6d67747b06cb8f5bd3fba49913d6e685e
DIMVA-2008.txt
Posted Dec 29, 2007
Site dimva.org

Call For Papers for DIMVA 2008, the Fifth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment; which is to be held in Paris, France, July 10-11, 2008.

tags | paper, conference
SHA-256 | 86a0e3f1ff9fd43387815de96c38db4aa36ee3259786486c1f042b76ae136368
phcdownload-xss.txt
Posted Dec 29, 2007
Authored by Lostmon | Site lostmon.blogspot.com

PHCDownload suffers from a cross site scripting vulnerability in search.php.

tags | exploit, php, xss
SHA-256 | 78ee081c37ed4dc5d4e7ad45726e94fdf7680d4ceeb5258fa1613e0cc38c5453
makale-xss.txt
Posted Dec 29, 2007
Authored by GeFORC3

Makale Scripti suffers form a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9533aba270705fb7e21fe7e4d4b82399dcd4fd5040bb0cf3f1807b0af0f4091e
seclog-2007-001.txt
Posted Dec 29, 2007
Authored by Felix Groebert | Site seclog.de

NoseRub versions 0.5.2 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 7c617a7f9d210fa4e8f41f2fa44f88c98fe59506a94b0cf1242e2c03c391e787
coolplayer-overflow.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.

tags | advisory, overflow
SHA-256 | 66d3dadb5060e1f3cc0214890a623a21f31de96d30f8f1d23645f759ad9e7d5d
Debian Linux Security Advisory 1441-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-6454
SHA-256 | cef02df841d0e0ba4f8993f029faa88f08ee953355da568361615eb6b6162f13
Debian Linux Security Advisory 1440-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-5037
SHA-256 | c0807820bbc047f24c6961c701a657264d69fe62c7a0dd11c5dfabc0fdc7710b
Debian Linux Security Advisory 1439-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.

tags | advisory, web, sql injection
systems | linux, debian
advisories | CVE-2007-6381
SHA-256 | ce580dc6399b167f7d677f0988c8fc1bf688e4ac1d63898af524add50e100dd3
Debian Linux Security Advisory 1438-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.

tags | advisory, overflow, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2007-4131, CVE-2007-4476
SHA-256 | cdb091cdc7a22e2e70fc77812d2d98bb673e8958c2eb906c42c3d283d52a525e
hp-snmp.txt
Posted Dec 29, 2007
Authored by uncleron

The HP Photosmart C6280 network printer ships with unchangeable insecure default settings.

tags | advisory
SHA-256 | 3f8d822d389123e6a71204604895e1acf082a7d436552de278b7e6c6e771cd87
2zproject-multi.txt
Posted Dec 29, 2007
Authored by Alexandr Polyakov, Stas Svistunovich

2z project version 0.9.6.1 suffers from cross site scripting and disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a0ec19357f22d28af67d23b22d541023cf8a0a2e6b2e1c052b35ec02d9164937
hellsing-0.2.tar.gz
Posted Dec 29, 2007
Authored by Ben

Hellsing is a utility designed for attacking web applications. It supports multiple vulnerabilities through the use of a configuration file.

tags | tool, web, scanner, vulnerability
systems | unix
SHA-256 | fa12112c421352c6709b3bd8f058ca8e74db0f717e92ecfe0d1a694c9a5ff494
faqmaster-multi.txt
Posted Dec 29, 2007
Authored by Juan Galiana Lara

FAQMasterFlexPlus suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | d15bc96986c91951c4905a25dcdfa25651961bb2671251caa8477328798c98d2
Page 1 of 32
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close