what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files

eudora61.pl
Posted Apr 20, 2004
Authored by Paul Szabo

Eudora 6.1 still has attachment spoofing flaws along with a Nested MIME DoS vulnerability.

tags | exploit, denial of service, spoof
SHA-256 | d3024ea6787aa72ecd301f863e452c672b83f691a325455dd8c7f5b291042e9a

Related Files

WordPress OAuth2 Complete 3.1.3 Insecure Random
Posted Aug 12, 2015
Authored by Tom Adams

OAuth Complete for WordPress version 3.1.3 uses a pseudorandom number generator which is non-cryptographically secure.

tags | advisory
SHA-256 | ccfcafdacba8b2d81d2bd3c376141e4d320efff33fafc4ebcfbea1b96d247dc9
WordPress Failed Randomness
Posted Feb 12, 2015
Authored by Scott Arciszewski

All versions of WordPress fail to implement a cryptographically secure pseudorandom number generator.

tags | advisory
advisories | CVE-2014-6412
SHA-256 | 170595a1bbe7e09d77645ac1e3ed66ad3b2cd04dd4cb157b616751c9edc794df
Cisco Security Advisory 20141222-ntpd
Posted Dec 24, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | cisco
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 5dbade7a53bf1ca9ac25f9e8c3be3931a5da81f0c75dd71cb6377e3ee36e48ba
Mandriva Linux Security Advisory 2013-287-1
Posted Dec 18, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Image field descriptions are not properly sanitized before they are printed to HTML, thereby exposing a cross-site scripting vulnerability. A cross-site scripting vulnerability was found in the Color module. A malicious attacker could trick an authenticated administrative user into visiting a page containing specific JavaScript that could lead to a reflected cross-site scripting attack via JavaScript execution in CSS. The Overlay module displays administrative pages as a layer over the current page , rather than replacing the page in the browser window. The Overlay module did not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws. Additional apache ACL restrictions has been added to fully conform to the SA-CORE-2013-003 advisory.

tags | advisory, javascript, xss, csrf
systems | linux, mandriva
advisories | CVE-2013-0316, CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389
SHA-256 | fed306c15c990831cfcb57bfa68e96fad895d550493f9d8e5b93559533ece6be
Mandriva Linux Security Advisory 2013-287
Posted Nov 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Various other issues have also been addressed. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws.

tags | advisory, csrf
systems | linux, mandriva
advisories | CVE-2013-0316, CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389
SHA-256 | 958180778f88077c61e265f40660daa111c4ef11bf0e9751923461f1d0921d68
Ubuntu Security Notice 989-1
Posted Sep 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 989-1 - Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. Various other issues were also addressed.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2010-0397, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130, CVE-2010-1866, CVE-2010-1868, CVE-2010-1917, CVE-2010-2094, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3065
SHA-256 | 39223359acd2eea854bfefcc60f483e06e1a0cd1e0a9f2252a3448603f64be5c
Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in the Qualcomm WorldMail IMAP Server version 3.0 (build version 6.1.22.0). Using the PAYLOAD of windows/shell_bind_tcp allows or the most reliable results.

tags | exploit, overflow, imap
systems | windows
advisories | CVE-2005-4267
SHA-256 | 2e4d189387ba98a5cfc55e1b2069672f8e124842d9a76dd7e47cd00b025cf6ad
eudora-seh-overwrite.txt
Posted May 31, 2007
Authored by Krystian Kloskowski

Eudora version 7.1.0.9 (IMAP FLAGS) remote SEH overwrite exploit that executes calc.exe.

tags | exploit, remote, imap
SHA-256 | c484749017d563fcc11f7881719d8778f52e3cf736979fc61598546693928422
eudora71-overflow.txt
Posted May 17, 2007
Authored by Krystian Kloskowski

Eudora version 7.1 SMTP ResponseRemote remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
SHA-256 | dee4298443c6b9d9f415fc207a19503a11daee971e419b00b9f6a8fd6f8c4484
Zero Day Initiative Advisory 07-01
Posted Jan 13, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Eudora WorldMail. Authentication is not required to exploit this vulnerability. Affected is the Eudora WorldMail 3.1.x Mail Management Server.

tags | advisory, arbitrary
advisories | CVE-2006-6336
SHA-256 | 789eca6f33d256445a3ff37e3615e232835f09188728643926b02dad84a0e6d9
Secunia Security Advisory 23622
Posted Jan 7, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Eudora WorldMail, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | ad1a4d925a7bb86e9587aea69596c97f3c6f654a1da81558a3456d12d0d258a4
Secunia Security Advisory 22832
Posted Nov 16, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - GLEG has reported a vulnerability in Eudora WorldMail, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 1212b82a058ce438044afcfe47527d5016bcfdd8ab18459282259b18eb2953a9
Secunia Security Advisory 22836
Posted Nov 16, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - GLEG has reported a vulnerability in Eudora WorldMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | f624dad8156075b15a04ce29677df6ceb88e7ceb9ec3f232691a2e3585519d73
eudora_imap.pm.txt
Posted Feb 14, 2006
Authored by y0 | Site metasploit.com

This Metasploit module exploits a stack overflow in the Qualcomm WorldMail IMAP Server version 3.0 (build version 6.1.22.0).

tags | exploit, overflow, imap
advisories | CVE-2005-4267
SHA-256 | 8a121139f249e6548cbc7820b46b86c8b80b4461dc890da11b6984bcb56cc9f0
WorldMail-3.0.pl.txt
Posted Feb 8, 2006
Site com-winner.com

Eudora WorldMail 3.0 Windows 2000 remote SYSTEM exploit written in perl.

tags | exploit, remote, perl
systems | windows
SHA-256 | 361603b12539a65e33b078a869e68ab0f69445a9256ccb1d2e26f31f6fea8611
Secunia Security Advisory 18356
Posted Jan 9, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Eudora Internet Mail Server (EIMS), which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 1a0a5ed3942b8bf1572cd1cf7e48255c5bc0b646b6c202c516115f8103215ab8
ACSSEC-2005-11-27-2.txt
Posted Dec 28, 2005
Authored by Tim Shelton

Eudora Qualcomm WorldMail 3.0 IMAPd Service 6.1.19.0 is vulnerable to a buffer overflow via a specially crafted IMAP requests. A remote attacker could issue the vulnerable command followed by malicious code to execute arbitrary code or lead to a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, imap
SHA-256 | badbb644a68c91d11ddebdea94182dc435fcdb323c53e5e4efbf62318cffef7d
Secunia Security Advisory 17640
Posted Nov 19, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Eudora WorldMail IMAP Server, which can be exploited by malicious users to bypass certain security restrictions and to gain access to potentially sensitive information.

tags | advisory, imap
SHA-256 | 4b0570cbef4d166cbc91953d2bd94552f83e929ac02bd013614e4ac66252a541
eudora62014.txt
Posted Nov 20, 2004
Authored by Paul Szabo

Eudora 6.2.14 for Windows that was just released is still susceptible to an attachment spoofing vulnerability. Working exploit included.

tags | exploit, spoof
systems | windows
SHA-256 | 40feffee7423a8d9403bc9b62c864111246e0808bd8068c7ab5f09b183a516b9
EudExploit_private.pl
Posted Jul 4, 2004
Authored by LibX

Eudora versions 5.x to 6.0.3 local exploit that makes use of the attachment buffer overflow.

tags | exploit, overflow, local
SHA-256 | b12afdc02490ee71c2c3aa96f757819e0536e0c849fc10475ea6f7c61d1b9fb2
eudoraConceal.txt
Posted May 9, 2004
Authored by Brett Glass

Eudora is susceptible to a fraudulent URL vulnerability where a malicious URL can be masked behind what appears to be a legitimate link in the client. This technique is used commonly by phishers.

tags | advisory
SHA-256 | 07c109786d4b5d5968c26b09b0ebaeb84aece62066406ed0dce5ece18c26fbdb
eudoraURL.txt
Posted May 9, 2004
Authored by Paul Szabo

Eudora for windows has a buffer overflow in versions 6.1, 6.0.3, and 5.2.1. Sample exploitation included.

tags | exploit, overflow
systems | windows
SHA-256 | e1c845825eb5408eef5c7fae221f1e6a0db42ab375456108da90f20b60b04384
eudora603.pl
Posted Mar 19, 2004
Authored by Paul Szabo

Exploit that performs an attachment spoofing demo for Eudora versions 6.0.3 and below.

tags | exploit, spoof
SHA-256 | 0c214a6830a6b38f208d91c88ccce9d0df221e499a4b82c10d438246c122aa6b
launchprotect.pl
Posted Dec 3, 2003
Authored by Paul Szabo

Remote exploit for Eudora 6.0.1's (on Windows) LaunchProtect feature, which warns the user before running executable attachments. Unfortunately this only works in the attach folder; using spoofed attachments, executables stored elsewhere may run without warning.

tags | exploit, remote, spoof
systems | windows
SHA-256 | b80328406863d0be504957a92ac97cabca2db4fc69884a48e398d8e55f0a64d3
11.19.02b.txt
Posted Nov 20, 2002
Authored by Bennett Haselton | Site idefense.com

iDEFENSE Security Advisory 11.19.02b - Remote exploitation of a weakness in Eudora v5.2 and below allows for the retrieval of sensitive information from a targeted Eudora users computer. Attackers send an e-mail to a Eudora user that directs him to a specific URL; the e-mail also contains an HTML-enabled e-mail attachment that contains scripting code.

tags | advisory, remote
SHA-256 | a91227d3aa4332c09c7f7f785482cf0c2393f3cf12a5c52febfc27081a5d2192
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close