what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2006-01-08

ms05-055.c
Posted Jan 8, 2006
Authored by SoBeIt

Microsoft Windows Kernel APC Data-Free local privilege escalation vulnerability exploit.

tags | exploit, kernel, local
systems | windows
SHA-256 | 43bc5bb31b73cc77b6818dad4290654a2d4f93a03c0f6e4f0757671e7109db41
ihs_winrar.c
Posted Jan 8, 2006
Authored by c0d3r

WinRAR local buffer overflow exploit for versions 3.3.0 and below.

tags | exploit, overflow, local
SHA-256 | 74b04fbbeb8322c1240670f0d444c12756eb79f8d215e2ac599f516d07215d52
linvpn-3.0.tar.gz
Posted Jan 8, 2006
Authored by Alexandre Fiori | Site linvpn.sourceforge.net

Linvpn is a secure socket layer for pppd. It allows creation of virtual private networks by using an IP routing system between PPP network interfaces. Cryptography is done by libgcrypt's 3DES or blowfish, and Initialization Vector (IV) is changed in each packet transmission. As linvpn works as client and server, and communication is a single TCP connection, it allows creation of secure tunnels even in complex network layouts, when one or both endpoints are behind a firewall or NAT, with or without dynamic IP addresses.

tags | tool, tcp
systems | unix
SHA-256 | 6024e4c719d98586a70b29e51f17149b13043124032e447da138179414b5a33b
shade-1.0.0-src.tar.gz
Posted Jan 8, 2006
Authored by zeroth404 | Site shade.sourceforge.net

Shade (Steganographically Hide and Analyze Data Entries) is a versatile and feature-rich program designed to analyze and manipulate the LSBs (least significant bits) of files. LSB manipulation is a form of steganography, the art or science of making the existence of information undetectable by normal means. This is achieved by writing the contents of a file to the LSBs of a separate and inconspicuous host file.

tags | encryption, steganography
SHA-256 | 09e4ece3868dbae37810b8ec933c08cd14e1aba52e7135e8b13eaa9da946e0e7
snortsms-1.2.2.tar.gz
Posted Jan 8, 2006
Authored by SmithJ108 | Site snortsms.servangle.net

SnortSMS is a highly configurable sensor management system that provides the ability to remotely administer Snort [and Barnyard] based Intrusion Detection Systems (IDS), push configuration files, add/edit rules, and monitor system health and statistics, all from a simple and clean Web interface console. Whether you have one or multiple Snort sensors, it can help unify and synchronize all sensor configurations.

Changes: Various fixes and enhancements.
tags | tool, web, sniffer
SHA-256 | 2568287dfc5d85188ab058db31dd44313b5295f76ae06d05bc627f7c6b117b91
TOR Virtual Network Tunneling Tool 0.1.0.16
Posted Jan 8, 2006
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Various bug fixes.
tags | tool, remote, local, peer2peer
SHA-256 | 5d95cc3299f302398a41cbfb3d10265e3561c8a871e217158c7cbf05c4b3478a
vr-10.0e.tar.gz
Posted Jan 8, 2006
Site visualware.com

VisualRoute is a traceroute tool which displays a map of the path to the destination server by looking up the geographical location of each traceroute hop. The network service provider is identified for each hop, and instant domain and network whois information enable quick problem or abuse reporting.

Changes: Optional reporting of full Whois lookup record.
systems | unix
SHA-256 | faa7b1c234c97ce57592ea9fce931609449e3a02e0fbb7a6294dd48490f52874
Gentoo Linux Security Advisory 200601-4
Posted Jan 8, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200601-04 - Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP requests. Versions less than 5.5.1.19175 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | c6a49f35f0a2fdb2ebbf97f5ad0caef50804cd95db0b8886cb5b1767b8fff813
EV0019.txt
Posted Jan 8, 2006
Authored by Aliaksandr Hartsuyeu

NavBoard BBcode version 16 Stable (2.6.0) is susceptible to cross site scripting attacks. Exploitation details provided.

tags | exploit, xss
SHA-256 | a9bfc24fea36040757fc7e73d54276a13d72f20e2cff57584ea10ae7dc9dbf30
fuzzer-cirt.tgz
Posted Jan 8, 2006
Site cirt.dk

A simple TCP/UDP protocol Fuzzer version 1.0.

tags | udp, tcp, protocol, fuzzer
SHA-256 | 4e540510eb4efa8acdd714de59e8a7dc27c629fdbac85816fe7263e76ed61aeb
EV0017.txt
Posted Jan 8, 2006
Authored by Aliaksandr Hartsuyeu

TheWebForum version 1.2.1 is susceptible to cross site scripting and SQL injection attacks. Exploitation details provided.

tags | exploit, xss, sql injection
SHA-256 | 7433cfc2456901c6fde3b48113b54eb1cf1af326eff0490c1dda45b5c96a230d
Gentoo Linux Security Advisory 200601-3
Posted Jan 8, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200601-03 - Patrice Fournier discovered that HylaFAX runs the notify script on untrusted user input. Furthermore, users can log in without a password when HylaFAX is installed with the pam USE-flag disabled. Versions less than 4.2.3-r1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 15b97a0aa0722987b895b281b9df78b68f94929c708911f2a56f570607a0efc4
Ubuntu Security Notice 238-2
Posted Jan 8, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-238-2 - Damian Put discovered that Blender did not properly validate a length value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-4470
SHA-256 | 9b6d729812fe1eb2cd6344a06b009db2d4fbac00a60a394271a77bfb7f8d2dc2
Ubuntu Security Notice 237-1
Posted Jan 8, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-237-1 - Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2005-3354
SHA-256 | 470bc51f6550a5ac251c715a2016bd6064b902a44c139b366028fda7923b6eca
reconCFP2006.txt
Posted Jan 8, 2006
Site recon.cx

RECON 2006 Call For Papers - RECON is a security conference taking place in downtown Montreal from the 16th to 18th of June 2006. The call for papers will end on March 31st.

tags | paper, conference
SHA-256 | 895f617183f9d4628e42bff61ef7e6ab6f6326baa5ecffbd80d6543f4fffa941
EV0016.txt
Posted Jan 8, 2006
Authored by Aliaksandr Hartsuyeu

Proyecto Domus version 2.10 is susceptible to a cross site scripting vulnerability. Exploitation details provided.

tags | exploit, xss
SHA-256 | 9abf7f2bddccf5403b40e1ff62a0ef381ccccfdb010020ef64f6c34b62fb0504
Apple Security Advisory 2006-01-05
Posted Jan 8, 2006
Authored by Apple | Site apple.com

A malicious network attacker that can generate specially crafted packets may be able to cause an AirPort base station's network interface to stop responding normally, resulting in a denial-of-service.

tags | advisory
advisories | CVE-2005-3714
SHA-256 | 143921b03b28e8ffa42dd7e932d0b071d4e3593cbd9b21baa9f2fe15068bd457
Technical Cyber Security Alert 2006-5A
Posted Jan 8, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA06-005A - Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format. A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

tags | advisory, remote, arbitrary
systems | windows
SHA-256 | 1a8c73d0bd06e070811d0c46ee7a919c332e48aff09ce522191b54b9d3518d2f
iDEFENSE Security Advisory 2006-01-05.3
Posted Jan 8, 2006
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.

tags | advisory, remote, denial of service
advisories | CVE-2005-3654
SHA-256 | e1ca9d383bee063fdb4aa3c89d82101029b9d5a32d60748687bf4330f54a6be8
iDEFENSE Security Advisory 2006-01-05.2
Posted Jan 8, 2006
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 01.05.06 - Remote exploitation of a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy allows for the remote execution of arbitrary code by attackers. The vulnerability can be triggered by sending an overly long Host: string to the web proxy service.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2005-4085
SHA-256 | 13a87b03f77cede73ef452b7a5c82c54a13d07ef4f75b85a3aed9d33046d1bd6
iDEFENSE Security Advisory 2006-01-05.1
Posted Jan 8, 2006
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability specifically exists due to improper handling of a long HTTP request that is approximately 32,768 bytes long. When such a request occurs, the process will crash while attempting to read past the end of a memory region.

tags | advisory, remote, web, denial of service
advisories | CVE-2005-3187
SHA-256 | 95a8758698ef0b3447eefcd014f0c8179ae760a4b9901272f33cf185b1dc71b1
Ubuntu Security Notice 236-1
Posted Jan 8, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-236-1 - Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627
SHA-256 | 4e65f9e03fe3b5f4069685320e3f496dda2bbf8632badd271b76c8ae64247791
Ubuntu Security Notice 235-1
Posted Jan 8, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-235-1 - Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this could be exploited to run arbitrary commands as the target user.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2005-4158
SHA-256 | 744baaea5401a092c998c606b7d1fa20aca64e1740e0b9e77e2af64c6bc75d26
EV0015.txt
Posted Jan 8, 2006
Authored by Aliaksandr Hartsuyeu

ADNForum version 1.0b is susceptible to SQL injection and cross site scripting vulnerabilities. Exploitation details provided.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 2a12355a12abebd0831bb41c80516a4e976ebc037d357e708a1d3278258d5fe2
wmf-faq.txt
Posted Jan 8, 2006
Authored by H D Moore

A brief faq regarding the recent Microsoft Windows WMF vulnerability.

tags | paper
systems | windows
SHA-256 | b56a84bafc1f89dd7e4c04f8775bfdce9c20b63504a6fc61cdcbc30c25c4d98d
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close