what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

iDEFENSE Security Advisory 2005-11-11.t
Posted Nov 12, 2005
Authored by vade79, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 11.11.05 - Remote exploitation of a command injection vulnerability in various vendors' implementations of Lynx could allow attackers to execute arbitrary commands with the privileges of the underlying user. The problem specifically exists within the feature to execute local cgi-bin programs via the lynxcgi: URI handler. The handler is generally intended to be restricted to a specific directory or program(s). However, due to a configuration error on multiple platforms, the default settings allow for arbitrary websites to specify commands to run as the user running Lynx. iDEFENSE has confirmed the existence of this vulnerability in the latest stable release of Lynx, version 2.8.5. It is suspected that earlier versions are also affected.

tags | advisory, remote, arbitrary, local, cgi
advisories | CVE-2005-2929
SHA-256 | b4e1e54bc83530521503bfe91f4bca692869b0c1e30589c117f27fa98dc41e55

Related Files

Debian Security Advisory 4953-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4953-1 - Thorsten Glaser and Axel Beckert reported that lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data.

tags | advisory, web
systems | linux, debian
advisories | CVE-2021-38165
SHA-256 | 35b46ce033be8cf57b331621640999d4df96db1956c4a4dc7bde2a5a846aae22
Secunia Security Advisory 51673
Posted Dec 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in i-GEN opLYNX, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 7df638d8ded60fc9cf7d10f7806a26f013d9496308191c5e55e8a9255bb979b2
Secunia Security Advisory 32407
Posted Oct 29, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Lynx, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
SHA-256 | a842c1d3cb121117f5748b2264c63acc9d0d75e9944f14b4233c62ddc39cc41a
Mandriva Linux Security Advisory 2008-218
Posted Oct 28, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode. This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.

tags | advisory, web, arbitrary
systems | linux, mandriva
advisories | CVE-2008-4690
SHA-256 | 985b8d2bc9b5db4c673208074097d3cf3a736514dfd033339dc951e94fff711f
Mandriva Linux Security Advisory 2008-217
Posted Oct 28, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw was found in the way Lynx handled.mailcap and.mime.types configuration files. If these files were present in the current working directory, they would be loaded prior to similar files in the user's home directory. This could allow a local attacker to possibly execute arbitrary code as the user running Lynx, if they could convince the user to run Lynx in a directory under their control. A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode. This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.

tags | advisory, web, arbitrary, local
systems | linux, mandriva
advisories | CVE-2006-7234, CVE-2008-4690
SHA-256 | 6e7e3bc6097f70cd80a0acb4394a11415cfa5fa3bb16fc1b29d35794b961993a
w00os.tgz
Posted Jan 3, 2008
Authored by w00w00

w00w00's operating system. Yes, a joke.

SHA-256 | c7c869568d15aee512c973a781e7aacc751b7d434724db343e310154d469a194
Debian Linux Security Advisory 1085-1
Posted Jun 3, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1085-1: Several vulnerabilities have been discoverd in lynx, the popular text-mode WWW browser.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74
Debian Linux Security Advisory 1085-1
Posted Jun 3, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1085-1: Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74
Debian Linux Security Advisory 1077-1
Posted May 29, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1077-1: Michael Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML. The same code is present in lynx-ssl.

tags | advisory
systems | linux, debian
SHA-256 | 4ccbb0226a47aa74d61576733444cb233439312abfd43ed8d0853fe7cff8b90b
Debian Linux Security Advisory 1076-1
Posted May 29, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1076-1: Michal Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML.

tags | advisory
systems | linux, debian
SHA-256 | 219718ec04d7b2dab6f92879428c758f8092a0e2edd929ea53cc2cd6d00c7eb7
Secunia Security Advisory 17372
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - vade79 has reported a vulnerability in Lynx, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to unspecified configuration and input validation errors in the handling of certain URI handlers which execute local programs. This can be exploited to execute arbitrary commands via the lynxcgi, lynxexec, and lynxprog URI handlers. The vulnerability has been reported in version 2.8.5. Other versions may also be affected.

tags | advisory, arbitrary, local
SHA-256 | 53fc76f9fd86f1808dcd3419082d7d602875e11a8a5bc9a58e4257f915884691
SCOSA-2005.47.txt
Posted Nov 9, 2005
Authored by SCO | Site sco.com

SCO Security Advisory - Ulf Harnhammar has reported a vulnerability in Lynx, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the HTrjis() function in the handling of article headers sent from NNTP (Network News Transfer Protocol) servers. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site which redirects to a malicious NNTP server via the nntp: URI handler. Successful exploitation allows execution of arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
advisories | CVE-2005-3120
SHA-256 | 3a4f408a9e7a6a4943c8178a7eda2a2ee13c50995972d5fa0fc6e533172fbd78
Debian Linux Security Advisory 876-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 876-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3120
SHA-256 | 9863bf4acde2d69cc8bf57071ecd7280225e5830b46f5ad7be68cfbdadfdfd10
Debian Linux Security Advisory 874-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 874-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3120
SHA-256 | c3cdb5dc0597cb675af085a8a9f2f22c27928649a42bcd473c01bb660ab67d8a
Trustix Secure Linux Security Advisory 2005.59
Posted Oct 26, 2005
Authored by Trustix | Site http.trustix.org

Trustix Secure Linux Security Advisory #2005-0059 - Multiple vulnerabilities in apache, lynx, mod_php4, openssl, php4, php, squid, texinfo, and wget.

tags | advisory, php, vulnerability
systems | linux
SHA-256 | b4197c01fe5f684fdb98b3e5b534d68a67f885d006e32bc2b7bb8fef99c8c5f0
Secunia Security Advisory 17216
Posted Oct 18, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ulf Harnhammar has reported a vulnerability in Lynx, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | affa8de0de50d79920fc414008703c335f8e71fa470ac73b9eef0dd0a30fa847
mangleme.tgz
Posted Oct 27, 2004
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.

tags | exploit, web
SHA-256 | 834ffbcab9fe491dcb7f248248f9542c337a4d42432f6b53633d5c5528041e9a
mielietools-v1.0.tgz
Posted Sep 11, 2002
Authored by Roelof Temmingh | Site sensepost.com

MielieTool v.1.0 is an easy to use Perl based web application "fuzzer". It supports fuzzing of CGIs in forms and links and supports multiple sites. Requires HTTrack, Lynx, grep, find, and rm.

tags | tool, web, cgi, perl, fuzzer
systems | unix
SHA-256 | efe615a070bb52a86f4508d814701ed4d6a3c1ea75ca01531f7e8a5ad1cf4e47
octopus.c
Posted Aug 26, 2002
Authored by Maniac

This little program opens as many sockets with a remote host as can be supported by both. It catches ^C and kill commands to shut down cleanly by closing all open connections before exiting. Often, a remote workstation can be brought to its knees by saturating its process table via multiple invocations of sendmail. That's why port 25 (the sendmail port) is the default. If the target's process table (set when the target kernel was created) is filled, users will be unable to execute any shell commands. Many MUDs also crash when the number of sockets they have open exceeds a certain number. This program will put stress on MUDs by testing their limits. If a limit is reached, the MUD will either crash or will refuse to let new users log in. * The program is incomplete, in that it doesn't check for socket timeouts and subsequently reuse timed out sockets. That means the program can only keep a remote host / mud locked up until it exhausts its own available new sockets, or until it has reached MAX_DESCRIPTORS remote connections as set by the #define statement. * If the local machine starts issuing error messages, then the program has failed to saturate the remote host and has instead reached the limits of the local machine. Use ^C or the kill command to terminate it. If you are knowledgable about rebuilding kernels and have access to the root account, you can build a special kernel that will allow you to reach a much larger number of open sockets.

tags | remote, denial of service, shell, kernel, local, root
SHA-256 | b17774a047da8f2dda8f5acbd018f5ca39bc608c82b3694b31d3ff473671c675
twlc.gif
Posted Jan 2, 2002
Authored by twlc

twlc logo

SHA-256 | 4bda0b4a3fc3c22022e033d7c302b65ce2a5d00d65841e0f1e0ebe6756af3a5d
ttyrec-1.0.2.tar.gz
Posted Jan 1, 2001
Site namazu.org

tyrec is a tty recorder. Recorded data can be played back with the included ttyplay command. It can record emacs -nw, vi, lynx, or any programs running on tty.

tags | tool
systems | unix
SHA-256 | 7f977aa4c2da2d74ce73006d29d036a8684d0a8b040735fc27eebd3e5b28ef9b
gvd-1.0.1-linux.gz
Posted Dec 2, 2000
Site libre.act-europe.fr

GVD is a general purpose graphical debugger frontend. It features advanced data display and visualization capabilities, and allows the debugging of multi-process/multi-threaded applications in the same debugging session. GVD works with native and cross-debuggers and can handle several languages in the same debugging session and the same application. C and Ada are supported. GVD can run on a host different from the machine where the debugger is running and provides friendly support for cross-debuggers (VxWorks, Lynx, etc.). For instance, you can use Linux or Windows to debug an application running on a Power PC board with a debugger running on a Sun workstation.

systems | linux, windows
SHA-256 | f64f511f0fca1fbd9d0ec8ffed761392d45aaeaf37065995d45c7e36a435d1f2
PR09.txt.zip
Posted May 22, 2000
Authored by proyecto-r

PR09.txt.zip

tags | magazine
SHA-256 | 9996a1594ee69bb668a1744749d3f577ed5deae37acaa60790a092bb44c7594e
PR08.txt.zip
Posted May 22, 2000
Authored by proyecto-r

PR08.txt.zip

tags | magazine
SHA-256 | 36b80c6c10bd2225e2e17e81d9b987f04bf37bea78c18fa4fb6374b3e511b38f
PR07.txt.zip
Posted May 22, 2000
Authored by proyecto-r

PR07.txt.zip

tags | magazine
SHA-256 | 36e8db0e6b74cb9f0375d215491338ca8198e3f7ae0285fadb8acb796e543fd5
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close