exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2008-07-28 to 2008-07-29

talldude-bypass.txt
Posted Jul 28, 2008
Authored by James Bercegay | Site gulftech.org

Jamroom versions 3.3.8 and below from Talldude Networks, LLC suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 0edf8afd7e9b2e3de2494cd401c1b994310121456fe06ad1d4bc1602e49444f1
Secunia Security Advisory 31231
Posted Jul 28, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2fb300e3d8c715ccd9ddbf0bf7dde6b674555ce574b66cf1163ae528afa9c820
isr-evilgrade-1.0.0.tar.gz
Posted Jul 28, 2008
Authored by Francisco Amato | Site infobyte.com.ar

ISR-evilgrade is a module framework that allows you to take advantage of poor upgrade implementations by injecting fake updates. This tool is especially useful for DNS cache poisoning attacks.

tags | exploit
advisories | CVE-2008-1447
SHA-256 | e76335e42f8a96170e521a354e344acbe972302a445d7803a8159c90337ad9c3
DSECRG-08-033.txt
Posted Jul 28, 2008
Authored by Digital Security Research Group | Site dsecrg.com

Pixelpost PhotoBlog version 1.7.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 005aeac44994ed5d89df09371670cda8a4f56ea9bbfbf9fe5d3872d4c3f043dc
Mandriva Linux Security Advisory 2008-155
Posted Jul 28, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
SHA-256 | dbca2c291e326b6ba9c90f4a0212519e0799cfb0cfa010fc788bf50a34fa8c40
talkback-lfi.txt
Posted Jul 28, 2008
Authored by NoGe

TalkBack version 2.3.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | bc2609204edd1cffc0db98243e3bfc764c015a03841e10e5f061f606d688110c
youtubeclone-sql.txt
Posted Jul 28, 2008
Authored by Hussin X | Site tryag.cc

Youtuber Clone suffers from a remote SQL injection vulnerability in ugroups.php.

tags | exploit, remote, php, sql injection
SHA-256 | 7f9929412be1c6c74d88d2477ec27307b41fa1cb9e3f088f6ca89121c249eaf7
pliggcms-sql.txt
Posted Jul 28, 2008
Authored by Hussin X | Site tryag.cc

Pligg CMS version 9.9.0 suffers from a remote SQL injection vulnerability in story.php.

tags | exploit, remote, php, sql injection
SHA-256 | 20f2f8683f6a290d30517db7edf0707bb7bd88dcbac491dfd39914bb833e0c2f
Debian Linux Security Advisory 1621-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1621-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
SHA-256 | d9e9b17ae430792b3892c2e8cc7aba7e6dc8661a98936f7ac20724829756f2a5
Debian Linux Security Advisory 1620-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
SHA-256 | 6e3e15e9e8b3836df02d4373a1b2c87302d63c013578893c8e1e739ccfe98812
Debian Linux Security Advisory 1619-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.

tags | advisory, udp, spoof, python
systems | linux, debian
advisories | CVE-2008-1447
SHA-256 | ebe12a113c6df6c042ef47a1dba8bec4c568a74767c16910863035f96e4a9dbf
Debian Linux Security Advisory 1618-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1618-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, ruby
systems | linux, debian
advisories | CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2376
SHA-256 | 18280e047380ecb31bcbcbd6d8fe8de6559af0e4692a69fa5ec3ea2352e79e79
Debian Linux Security Advisory 1616-2
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.

tags | advisory, virus
systems | linux, windows, debian
advisories | CVE-2008-2713
SHA-256 | 51275dc8498a1260ec4a99764c2986c3d3164b4dc36a15ff51cec45f58d14d6a
D3VS-0.2.tar.gz
Posted Jul 28, 2008
Authored by Gregory Duchemin, Heike

Die Eier Von Satan is a quick and dirty rewrite of the old ADMnog00d code. This version exploits the DNS cache poisoning vulnerability and discovered by Dan Kaminsky. This proof of concept makes use of a MX RR to spread its poisonous payload, a A RR, but can easily be adapted for other flavors.

tags | exploit, proof of concept
advisories | CVE-2008-1447
SHA-256 | 10620955e93ad4e6de3b0a1a937dfcfaa4e383b2965a6eb178c2bfd654baf6da
siteadmincms-sql.txt
Posted Jul 28, 2008
Authored by Cr@zy_King

SiteAdmin CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7cf273c08cd8ea451b102dd33b56aabb491887b4a265433aa24947081cf99ae9
webhack.pdf
Posted Jul 28, 2008
Authored by Nikolaos Rangos

Whitepaper discussing simple web hacking techniques.

tags | paper, web
SHA-256 | 0a432eb4f3a3bc68716128668d568024808926dd6b1509597f9ccf88b1ba8924
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jul 28, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Consistent logging of IKE and CHILD SAs at the audit (AUD) level. Various improvements, additions, and bug fixes.
tags | kernel, encryption
systems | linux
SHA-256 | 8e5717d47b32ff84d089138cb7aa088fdd833d6a1b780b01ed2a4afe902453a3
GNU SIP Witch Telephony Server
Posted Jul 28, 2008
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Default autoloading of available plugins, spec split to externalize plugins, and simplified library abi numbering.
tags | telephony, protocol
SHA-256 | 363726c40c8927cab74a666bef67082ee0b16740c41ea9c98c0838dc6ab2c799
gcauction-sql.txt
Posted Jul 28, 2008
Authored by Hussin X | Site tryag.cc

GC Auction Platinum suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 70470b5c82e294b05b26b8ee1c9fcee74805121b5f9c5d29336f701f94ad488c
getacoder-sql.txt
Posted Jul 28, 2008
Authored by Hussin X | Site tryag.cc

The Getacoder clone script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3396c7573fcfb059df20bfaed9ffb3734ffe690774fe4dc7b2d550712dcd82ec
cmscount-lfi.txt
Posted Jul 28, 2008
Authored by IRCRASH | Site ircrash.com

CMScout version 2.05 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 4a780a1186439aed71db3da375a208850161d4682f1ca12bd596b8bba22264d9
epshop-sql.txt
Posted Jul 28, 2008
Authored by mikeX | Site cyber-underground.net

EPShop versions below 3.0 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7d19228538373db262e62d6a4ae6162091a6527c4e9cb718824619720ab64e5c
mobius-sql.txt
Posted Jul 28, 2008
Authored by dun

Mobius versions 1.4.4.1 and below suffer from a remote SQL injection vulnerability in browse.php.

tags | exploit, remote, php, sql injection
SHA-256 | c9cb308f9ff4aa89f94878b3314ddbc6ba11944e1c52e22d3f6f858914bf3620
trio-sql.txt
Posted Jul 28, 2008
Authored by dun

TriO versions 2.1 and below suffer from a remote SQL injection vulnerability in browse.php.

tags | exploit, remote, php, sql injection
SHA-256 | 39ebad0b570430729345b00e2e83bb3169424e5785876aa9927c6d5bfc1c41da
phplinkat-sql.txt
Posted Jul 28, 2008
Authored by Encrypt3d.M!nd

phpLinkat version 0.1 suffers from insecure cookie handling and SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection, insecure cookie handling
SHA-256 | d0526916899c6eee806daad44e111d33b5674d899151e9f68410eee85c0e7141
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close