what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2003-11-04

85NIPrint.c
Posted Nov 4, 2003
Authored by Crazy Einstein

Remote exploit for Windows that makes use of the buffer overflow vulnerability in NIPrint discussed here.

tags | exploit, remote, overflow
systems | windows
SHA-256 | b8e789a710d11c4ae816a47e4c3c5dc916c7e08b994a2904c440325f1d28ff37
SRT2003-11-02-0115.txt
Posted Nov 4, 2003
Authored by Kevin Finisterre

Secure Network Operations, Inc. Advisory SRT2003-11-02-0115 - The NIPRint LPD-LPR Print Server versions 4.10 and below on the Win32 platform are susceptible to a buffer overflow that can allow a remote user to gain SYSTEM privileges. http://www.secnetops.com.

tags | advisory, remote, web, overflow
systems | windows
SHA-256 | fb70af3656c58520746abf065985b71d5adb36f13e3adc0125088d0ea0640f8c
SRT2003-11-02-0218.txt
Posted Nov 4, 2003
Authored by Kevin Finisterre

Secure Network Operations, Inc. Advisory SRT2003-11-02-0218 - The NIPrint LPD-LPR Print Server versions 4.10 and below on the Win32 platform are susceptible to a vulnerability that allows a local user to escalate to SYSTEM privileges. http://www.secnetops.com.

tags | advisory, web, local
systems | windows
SHA-256 | fc2a664387e4787a695b2af87bd843a7baf71489667b12addea670ac90cb1175
OpenSSL Security Advisory 20031104
Posted Nov 4, 2003
Site openssl.org

OpenSSL Security Advisory 20031104 - A bug in OpenSSL 0.9.6 would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2003-0851
SHA-256 | 409756506e14f27eaed3fa2e17e064358dee057651432c52488fd3436c6babf8
Samhain File Integrity Checker
Posted Nov 4, 2003
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: SQL logging supported, stealth mode operation, web-based console, and more.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 37dab561ed1a38bbd2eb0b94e2c077d1e34d0d7c73bddd60b3e50aebf82f38a2
isakmpd.txt
Posted Nov 4, 2003
Authored by Thomas Walpuski

isakmpd, OpenBSD's IKE daemon, contains severe flaws in payload handling that allow for the unauthorized deletion of IKE and IPsec SAs. It allows this due to a lack of encryption being applied in Quick Mode and a lack of validation for the origin of delete message payloads, among other issues.

tags | advisory
systems | openbsd
SHA-256 | 3988c2d5ef9fcbecf1cf09989991d959569afb820df8646367b19b0ca3c9b78e
kpopup.txt
Posted Nov 4, 2003
Authored by b0f | Site b0f.net

Kpopup version 0.9.1 is susceptible to allowing privilege escalation due to format string bugs and an unsafe system() call. Local root exploit included.

tags | exploit, local, root
SHA-256 | c0f171d6124dd12b9f168e61bf36b1d35c6ab28f61c96e716bb04b751f4dc120
wzftpdos.c
Posted Nov 4, 2003
Authored by r3b00t

Remote denial of service exploit for wzdftpd FTP server version 0.1rc5 that sends a single CRLF sequence at login causing an Unhandled exception.

tags | exploit, remote, denial of service
SHA-256 | f2896721af926160d8173493b6d6e99ed3ec897555ba5231b65e528c5b8cfbbe
wuftpFreeze.c
Posted Nov 4, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

WU-FTPD 2.6.2 Freezer exploit that causes a denial of service condition when a valid login can be supplied.

tags | denial of service
SHA-256 | d57268686dfb20a4d79703d2f4cddddcc0beb590b3039fcef7b38a2089a03dad
xf42local.c
Posted Nov 4, 2003
Authored by r3b00t | Site r3b00t.tx.pl

Local root exploit utilizing the overflow in XLOCALEDIR under XFree86 Version 4.2.x using xterm. Tested against Slackware 8.1 with kernel version 2.2.25.

tags | exploit, overflow, kernel, local, root
systems | linux, slackware
SHA-256 | 5fd8f78f2af0410dd41eacb2da05936e9ffd1dfde65f9fc1f23fe0893668246c
iawebmail.txt
Posted Nov 4, 2003
Authored by Peter Winter-Smith

IA WebMail Server versions 3.1 and below from True North Software are vulnerable to a stack-based buffer overflow via its HTTP GET request header. This overflow can lead to a denial of service and remote code execution.

tags | advisory, remote, web, denial of service, overflow, code execution
SHA-256 | 4ee7d2ce7cd21185e891a868872e9582aff0036983de46858eed8983a8b50341
ms03-043scanner.c
Posted Nov 4, 2003
Authored by Crowley | Site kiwi-hacker.net

Scanner for ms03-043, the Microsoft Messenger Service vulnerability.

tags | tool, scanner
systems | unix
SHA-256 | 8c31beb139dbb7a4b26697ac16407003f2aa8462d7112b9cf3fb306b361d4578
bugzilla5issues.txt
Posted Nov 4, 2003
Authored by Dave Miller | Site bugzilla.org

Bugzilla Security Advisory - Five security related bugs have been discovered in this web-based bug tracking system. Two relate to SQL injection attacks via privileged user accounts. A third allows ex-members of a deleted group to get inserted into a new group if it is created reusing the same name. Two other issues allow extraction of bug information for any known email address and for a user to obtain descriptions for a product they do not have access to.

tags | advisory, web, sql injection
SHA-256 | 39b258a4c1f61e7a04f61190675f88517211c8525b062d55c9f258be69b46223
Ethereal Security Advisory 11
Posted Nov 4, 2003
Authored by Ethereal | Site ethereal.com

Ethereal Security Advisory Enpa-sa-00011 - The GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors in Ethereal 0.9.15 contain remotely exploitable vulnerabilities.

tags | advisory, vulnerability, protocol
SHA-256 | d7bc0fcca6c99026c224ae9aaece5efe0f4949c630b3354a6113560049da4a5f
shatterCommCtrl.txt
Posted Nov 4, 2003
Authored by Oliver Lavery

Shatter attack exploit against CommCtrl 6.0 Buttons. This write up and exploit demonstrates that any privileged application, which makes use of the Microsoft XP visual styles and creates a window on the interactive desktop, can be used by an attacker to gain elevated privileges.

tags | exploit
SHA-256 | 2ada871c4f61bc2e3dbd23e602fbfcd731e15e34995ee4d6d33837e5bdfc0eeb
ethereal-0.9.16.tar.gz
Posted Nov 4, 2003
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here. Also added a toolbar and the ability to force the data link type of captured frames. Service response time and general I/O statistics have been enhanced. RTP analysis was improved.

tags | tool, sniffer, protocol
systems | unix
SHA-256 | cad25ac6cc72d238fe10805506409491e4fc09b4307848e6285d3a3fffce730a
xmjong.c
Posted Nov 4, 2003
Authored by vade79/v9

mah-jong version 1.4 server/client remote buffer overflow exploit that makes use of the SetPlayerOption command in the server and the PlayerOptionSet command in the client.

tags | exploit, remote, overflow
SHA-256 | 2c5316b7a73fc23d5b9bab68c119ac185f5a3e2a52e425974ec2b03002c51448
CSSA-2003-SCO.27
Posted Nov 4, 2003
Site sco.com

SCO Security Advisory CSSA-2003-SCO.27 - OpenServer 5.0.5 insecurely creates files in /tmp which can lead to a system compromise.

tags | advisory
advisories | CVE-2003-0872
SHA-256 | 725b4ca1608142e558c4a0f6e0af7773a4026376e70cfc6b6c4619a5460d1ad4
sa-2003-04-myclassified.pdf
Posted Nov 4, 2003
Authored by Ezhilan | Site sintelli.com

MyClassifieds SQL Versions below 2.13 are vulnerable to a SQL injection attack. The problem is due to improper sanitization of user input for the email variable. A remote attacker could insert arbitrary SQL code in the email variable. The passwords of the users can be written into a file and made world readable.

tags | advisory, remote, arbitrary, sql injection
SHA-256 | 04c3f8142c6f5e430a1e163f919eff03fe8721fc45a531812584a2ec6b4a31ca
code.review.html
Posted Nov 4, 2003

Security Code Review Guidelines

tags | paper
SHA-256 | 187abefd2333cdc9281a85c2b342ca0969f512e1c3675ee036f6c28f8da35071
diebold-lists.tgz
Posted Nov 4, 2003

More Diebold Electronic Voting System Flaws - These mailing list archives contain information and discussion on flaws in the Diebold electronic voting machines. Diebold has been attempting to use the DMCA to suppress this knowledge, even though this sort of information exchange is essential to the proper functioning of a democracy.

tags | paper
SHA-256 | 1a54cdda1a5e15cfa16d7c3659a2edd6203af43fee853a56a244a23d42fc842a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close