exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 61 RSS Feed

Files

safer.000317.EXP.1.5
Posted Apr 20, 2000

S.A.F.E.R. Security Bulletin 000317.EXP.1.5 - Remote user can obtain list of directories on Netscape. Netscape Enterprise Server with 'Web Publishing' enabled can be tricked into displaying the list of directories and subdirectories, if user supplies certain 'tags'.

tags | remote, web
SHA-256 | 28a1f7d9a52e29f7b6c7169a7703161db67a48f4e7b0b0a67e10192242dcf897

Related Files

Mandriva Linux Security Advisory 2014-076
Posted Apr 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-076 - Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0466
SHA-256 | 31ae81767a1e79a18c421fe27db83de0a7d1fe84b2ad1d46c4714f7af4ce6540
Secunia Security Advisory 50365
Posted Aug 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in MarkAny Content SAFER, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | c1e434a3bf3f027f82f99198c030bf7c6734837b0e4f72ce71445d7bf2a57cb2
Safer-networking.org SQL Injection
Posted Dec 13, 2009
Authored by VMw4r3

Safer-networking.org (Spybot) suffers from a blind SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 746583321ca61eb6849608650333d8669ecf9aefddb3dcc33b69f840008422e8
Mandriva Linux Security Advisory 2007.233
Posted Nov 29, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4476, CVE-2005-1229
SHA-256 | e60da58de41a61167889be1fbdba3d6aad13e83dca878b9c731631571b545a6a
Gentoo Linux Security Advisory 200711-18
Posted Nov 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4476
SHA-256 | fd33823e7ab97166450f1a66072fa2b17bed42995063e54812d268d94e68b1aa
Gentoo Linux Security Advisory 200608-22
Posted Aug 27, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-22 - Toth Andras has discovered a typographic mistake in the fbgs script, shipped with fbida if the fbcon and pdf USE flags are both enabled. This script runs gs without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Versions less than 2.03-r4 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 6cec3afd39bd10ee352f14acd884741c7ed21dec898be1dcc467e2552ea83fe6
Debian Linux Security Advisory 792-1
Posted Sep 1, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 792-1 - Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen.

tags | advisory
systems | linux, debian
advisories | CVE-2005-2536
SHA-256 | f54e3c93fbaed028c4f332165fdb34b79d316daa0aac64a09aa4fe37edf658b6
Ubuntu Security Notice 164-1
Posted Aug 12, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-164-1 - Max Vozeler discovered that the the pstopnm conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2471
SHA-256 | e7bee8ebff81a32f1d1b893ba21274a04bb055f8c81980d772a51a23273a551d
Gentoo Linux Security Advisory 200508-4
Posted Aug 6, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-04 - Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, to convert a PostScript file into a PBM, PGM, or PNM file. Versions less than 10.28 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 8b4cf173a2a913db08f0bb5431a21b5accb78611298b7261505826725ae59570
Gentoo Linux Security Advisory 200507-29
Posted Aug 5, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-29 - Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Versions less than 1.8g-r1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 87f159155381b36c21e0e0e3fefddc682bb5b863fd0a362a41d8482035a3a0f2
sbox-adv.txt
Posted Sep 25, 2003
Authored by e2fsck | Site eightone.mafiadodiva.org

sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.

tags | advisory, cgi
SHA-256 | fc5c9dad742ebccdda421f6976490552abe905fc46a6e3f379b4330516de256a
patch-int-2.4.20.1.gz
Posted Dec 31, 2002
Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, and a encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

Changes: Ported to Linux kernel v2.4.20. Patches for 2.2.19 and .18 are also available.
tags | kernel, cryptography, patch
systems | unix
SHA-256 | 88fa42b2374d068319c1421249b5c8e90b3aea82892226d012b6f400d327ecd2
safer.010125.EXP.1.12
Posted Feb 2, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010125.EXP.1.12 - PlanetIntra v2.5 contains remotely exploitable buffer overflows which allow remote users to execute arbitrary code.

tags | remote, overflow, arbitrary
SHA-256 | cf9c81ddaf92dbb20861625b99920ff35b98a886458c109b0340d8f647226a3f
safer.010125.DOS.1.5
Posted Jan 27, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010125.DOS.1.5 - Remote users can crash Netscape Enterprise Server by sending "REVLOG / HTTP/1.0".

tags | remote, web
SHA-256 | bcbac6b73e719d6616d1e1851da6d457f568a7ce545c3c6e33a6048ce1c0acee
safer.010123.EXP.1.10
Posted Jan 25, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - A remotely exploitable buffer overflow has been found in the Lotus Domino SMTP Server on all versions up to and including v5.05 which allows a remote attacker to execute code with the privileges that the SMTP server is running as. Perl exploit code included. Fix available here.

tags | remote, overflow, perl
SHA-256 | e31bff4434d6413796577845681d26eb776527907f1c66eaef50e9daf1f86b9c
safer.010124.EXP.1.11
Posted Jan 25, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - Netscape Enterprise Server 3.x and 4.x allows remote users to obtain directory listings on remote sites running web publishing by sending the command "INDEX / HTTP/1.0".

tags | remote, web
SHA-256 | 0c07af4b20cd0f80c350f290f2165288d37e8000439245b0aa663dc85df5e127
patch-int-2.2.18.3.gz
Posted Jan 1, 2001
Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

Changes: Ported to Linux kernel v2.2.18.
tags | kernel, encryption, cryptography
systems | linux
SHA-256 | 431cc42de0d1e0c44cb5aa5c2053bf382e34812c091638e2d2db1a16c35d048f
patch-int-2.2.17.9.gz
Posted Nov 3, 2000
Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

Changes: cryptoapi.c and loop_gen.c were fixed, the API is simpler, and bug fixes.
tags | kernel, encryption, cryptography
systems | linux
SHA-256 | 25cb117054346b255e5393a442eb7788083cbf725e289f0bf89b4c9944a064cc
safer.001103.EXP.1.9
Posted Nov 3, 2000
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 001103.EXP.1.9 - The Lotus Domino SMTP server v5.04 and below contains a remotely exploitable buffer overflow when it handles the ENVID keyword in the Mail from: line. Fix available here.

tags | overflow
SHA-256 | 3d54135993438ddbcfc3c7171cfebe8be53fdca8ec9f3d3eaee1d27766838c2e
safer.001026.EXP.1.8
Posted Oct 28, 2000
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien | Site safermag.com

S.A.F.E.R. Security Bulletin 001026.EXP.1.8 - iPlanet Web Server 4.x for Solaris, Linux, and Windows NT contains a remotely exploitable buffer overflow if server side parsing is enabled with the "parsed html" option.

tags | web, overflow
systems | linux, windows, solaris
SHA-256 | 22b7bfa6cd36594ff96d31ea269f256e311351303fa334059f3529b110ff1068
patch-int-2.2.17.7.gz
Posted Oct 11, 2000
Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

Changes: Support for kernel 2.2.17, bug fixes.
tags | kernel, encryption, cryptography
systems | linux
SHA-256 | a53267652597064b7c591ffc8a54035b81f2ddac673e1eec9535e8476818b4ce
patch-int-2.2.16.2.gz
Posted Jun 15, 2000
Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

Changes: Support for kernel 2.2.16, bug fixes.
tags | kernel, encryption, cryptography
systems | linux
SHA-256 | a3bd33d6d20bec46864b514c53e33185ca3d9f110eea21433e391eba63ac7871
safer.000309.EXP.1.4
Posted Mar 8, 2000
Site safermag.com

S.A.F.E.R. Security Bulletin 000309.EXP.1.4 - StarOffice comes with a nice groupware server, called StarScheduler, which includes a web server that is vulnerable to several security problems, leading to remote code exection and root access.

tags | remote, web, root
SHA-256 | 20d5c4fc9990de97aeb124f4e5c58bf4dce2d6d9da6be61b3c34503af0ffcd43
safer.000229.EXP.1.3
Posted Mar 1, 2000
Site safermag.com

S.A.F.E.R. Security Bulletin 000229.EXP.1.3 - Buffer Overflow in Netscape Enterprise Server. Netscape Enterprise Server is a web server with long history of security problems. We have tested version 3.6 SP2 on Windows NT 4.0 Server edition, and found it to be vulnerable to a buffer overflow. Remote execution of code is possible.

tags | remote, web, overflow
systems | windows
SHA-256 | d053aee89b0c0a4dcc75a3dbfdd74f0302c8844a94db145a8258559dc6a98329
patch-int-2.2.14.1.gz
Posted Feb 29, 2000
Authored by Alexander Kjeldaas | Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

tags | kernel, encryption, cryptography
systems | linux
SHA-256 | e127c72d3b33a9583b4a909efa7760a259c40e48f383db38c2d65e9736afc393
Page 2 of 3
Back123Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close