what you don't know can hurt you
Showing 76 - 100 of 100 RSS Feed

Files

ADB Authorization Bypass
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13109
MD5 | e41c2384f02b6cc08acf7b55cfe6e66e

Related Files

SYMSA-2007-002.txt
Posted Feb 14, 2007
Authored by J.R. Wikes, Matt Cooley, Scott King | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-002 - Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attacker may use this vulnerability to retrieve information from a locked device.

tags | advisory
advisories | CVE-2007-0859
MD5 | 245f920185e5a29e93c6666977ff1d45
binfmt-en.pdf
Posted Oct 9, 2006
Authored by GoodFellas Security Research Team | Site shellcode.com.ar

Polluting sys_execve() in kernel space without depending on the sys_call_table[]: A paper discussing design weaknesses in the linux kernel's handling of simply linked lists used to register binary formats.

tags | paper, kernel
systems | linux
MD5 | cbc9e056a14996a9afd144bb757b9ce5
binfmt-es.pdf
Posted Oct 9, 2006
Authored by GoodFellas Security Research Team | Site shellcode.com.ar

Polluting sys_execve() in kernel space without depending on the sys_call_table[]: A paper discussing design weaknesses in the linux kernel's handling of simply linked lists used to register binary formats. Spanish Version.

tags | paper, kernel
systems | linux
MD5 | ed63f18b799338c8d20d7f13b9c637fe
INFIGO-2006-08-04.txt
Posted Aug 27, 2006
Authored by Leon Juranic | Site infigo.hr

During an audit, a critical vulnerability has been discovered in the MDaemon POP3 server. There is a buffer overflow vulnerability in 'USER' and 'APOP' command processing part of the Altn MDaemon POP3 server. The vulnerability can be triggered with providing a long string to USER or APOP commands with '@' characters included in the string. In this case, MDaemon will incorectly process the string and a heap overflow will happen as a result. To trigger the vulnerability, a few USER commands have to be sent to the POP3 Server. Sometimes (depending on the heap state and string length), it is even possible to redirect code execution directly to the supplied input buffer on the heap. MDaemon versions 8 and 9 are confirmed vulnerable.

tags | advisory, overflow, code execution
MD5 | d2a66b4cd82218e9adf2ff9ae6a3ab77
Gentoo Linux Security Advisory 200608-1
Posted Aug 17, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200608-01 - An off-by-one flaw has been found in Apache's mod_rewrite module by Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on the types of rewrite rules being used. Versions less than 2.0.58-r2 are affected.

tags | advisory
systems | linux, gentoo
MD5 | f5ee4aae5a11bf911201dd0610fd26b9
OpenPKG Security Advisory 2006.15
Posted Aug 3, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.015 - According to a vendor announcement, a vulnerability exists in the mod_rewrite module of the Apache HTTP Server. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely.

tags | advisory, web
advisories | CVE-2006-3747
MD5 | 4f82467e78a3854e9693eb086c360e63
Ubuntu Security Notice 325-1
Posted Jul 28, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2006-3694
MD5 | f871c9ce413ce45050cfc2aaf09a69b6
Ubuntu Security Notice 310-1
Posted Jul 9, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 310-1: Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local winbind configuration, this could potentially lead to privilege escalation.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2006-2194
MD5 | ff48acb46e59a8b15cef35ff23e150f3
Hardened-PHP Project Security Advisory 2006-02.113
Posted Jan 15, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.

tags | advisory, remote, php, code execution, sql injection
MD5 | 29f6651d4c9a1137b6551b4140bef858
Gentoo Linux Security Advisory 200511-2
Posted Nov 3, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200511-02 - Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtime. Furthermore, packages depending on the MakeMaker Perl module for build configuration may have incorrectly copied the LD_RUN_PATH into the DT_RPATH. Versions less than 1.8.33-r2 are affected.

tags | advisory, perl
systems | linux, gentoo
MD5 | 6b8200cc3e2f29d66c7af96ca25bb5a8
Ubuntu Security Notice 212-1
Posted Oct 30, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-212-1 - Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2958
MD5 | b97d5deb4fa1fd5692e5d87d0eff9968
Gentoo Linux Security Advisory 200510-14
Posted Oct 18, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-14 - Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtime. Furthermore, packages depending on the MakeMaker Perl module for build configuration may have incorrectly copied the LD_RUN_PATH into the DT_RPATH. Versions less than 5.8.7-r1 are affected.

tags | advisory, perl
systems | linux, gentoo
MD5 | e0c1217448323477ea0d6af1910ce0ee
Ubuntu Security Notice 175-1
Posted Sep 5, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-175-1 - Thomas Biege discovered a flaw in the privilege dropping of the NTP server. When ntpd was configured to drop root privileges, and the group to run under was specified as a name (as opposed to a numeric group ID), ntpd changed to the wrong group. Depending on the actual group it changed to, this could either cause non-minimal privileges, or a malfunctioning ntp server if the group does not have the privileges that ntpd actually needs.

tags | advisory, root
systems | linux, ubuntu
MD5 | 10740727e5fddcc000eb6831607ecb5f
KDE Security Advisory 2005-07-18.1
Posted Jul 19, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. All maintained versions of Kate and Kwrite as shipped with KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and KDE 3.4.1 and newer are not affected.

tags | advisory
advisories | CVE-2005-1920
MD5 | f7346e280ce9a768445fd5983b052faf
iis5x60.txt
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
MD5 | d636fbfbfd62a943037a1b53f5ac87d5
primebaseLWC.txt
Posted Nov 25, 2003
Authored by Larry W. Cashdollar | Site vapid.dhs.org

Vapid Labs Security Note - The PrimeBase SQL Database Server 4.2 stores passwords in clear text. Depending on the installation user's umask settings, it may be readable by all local users.

tags | advisory, local
MD5 | 1dcb3778cf0666564820fc49425c8d2f
2c2.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

2c2 implements a deniable (and thus subpoena-proof) encryption by creating a file that can be decrypted into several variants, depending on the key, and for which the presence of any of the variants cannot be detected without knowing the key. Please don't use it for an evil conspiracy to take over the world, mmmkay? Also check out James's 4c, a successor to this tool.

tags | encryption
MD5 | bdc2cecf658feab5903ab90ea6916701
woltlab.txt
Posted Sep 11, 2002
Authored by Cano2

Woltlab Burning Board 2.0 RC 1 has a vulnerability that allows any user (even guests, depending on the configuration) to compromise every other account due to a variable containing unchecked user input in board.php, which can be used for a sql injection attack.

tags | exploit, php, sql injection
MD5 | f6e418e576a98c54acfc3e3af0967bb9
ms02-034
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-034 - Cumulative Patch for SQL Server available. This patch eliminates three newly found vulnerabilities affecting SQL Server 2000 and MSDE 2000: A buffer overrun vulnerability in a procedure used to encrypt SQL Server credential information. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself depending on the account SQL Server runs as. A buffer overrun vulnerability in a procedure that relates to the bulk inserting of data in SQL Server tables. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself. A privilege elevation vulnerability that results because of incorrect permissions on the Registry key that stores the SQL Server service account information. An attacker who was able to successfully exploit this vulnerability could gain greater privileges on the system than had been granted by the system administrator -- potentially even the same rights as the operating system.

tags | overflow, registry, vulnerability
MD5 | 9fd6433fe66e789aabbe09382dfa5166
locker.zip
Posted Jan 31, 2002
Authored by Robert Anthony Rota

Windows 2000 Group Policy may be disabled by locking the policy files. Microsoft does not have sufficient plans to replace the system files to fix this problem so we developed an application that can be run on a domain to search for Group Policy files and lock them. Once the Group Policy files are locked the subsequent logins will attempt to read the Group Policy Objects but will not be able to so the Group Policies will not be propagated to the user or the machine. This can be a serious problem depending on the domain's reliance on Group Policy. More info on Windows group policy available here.

systems | windows, 2k
MD5 | 4022f61b41897cd6a81f48d1fbc4de53
ms00-054
Posted Aug 5, 2000

Microsoft Security Bulletin (MS00-054) - Microsoft has released a patch for the "Malformed IPX Ping Packet" vulnerability in Microsoft Windows 95, 98 and 98 Second Edition. The vulnerability could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component generally is present only if it has been deliberately installed. Microsoft FAQ on this issue available here.

systems | windows, 9x
MD5 | e1a0b0998a986777e9113e3c0e0f98ca
safer.000317.EXP.1.5
Posted Apr 20, 2000

S.A.F.E.R. Security Bulletin 000317.EXP.1.5 - Remote user can obtain list of directories on Netscape. Netscape Enterprise Server with 'Web Publishing' enabled can be tricked into displaying the list of directories and subdirectories, if user supplies certain 'tags'.

tags | remote, web
MD5 | 60df3f8b4459cf2b98238ef1b0d2793c
sara-2.1.10.tar.gz
Posted Mar 13, 2000
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.

Changes: Added yet more http vulernability testing incl infosrch, Fixed Netscape buffer overflow detection, Fixed some of the GUI interfaces, Adding SARA Search capability, and Added Napster detection.
tags | tool, cgi, scanner
systems | unix
MD5 | 0c7c601ca45fb8404f0a0bb4c8cf02cf
ie.frameloop.txt
Posted Dec 9, 1999
Authored by Underground Security Systems Research

Microsoft Internet Explorer 4.x and 5.x - Frame Loop Vulnerability. By creating an endless loop of frames, it is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its probable that the machine will crash and reboot itself. Exploit code included.

tags | exploit
MD5 | a7788b4d0249eb17375d1a6adcbbc8e0
ps.exe
Posted Aug 17, 1999
Authored by Hoppa

Hoppa PortScanner for NT - A multithreaded portscanner which can, depending on the resources available, scan up to 700 ports at the same time. Very fast, for Windows NT. source code.

systems | windows, nt
MD5 | 7f72fcc5a25ec9ff1aeb0432e4ca4ca1
Page 4 of 4
Back1234Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close