what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2007-02-01

0701-exploits.tgz
Posted Feb 1, 2007
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm new exploits for January, 2007.

tags | exploit
SHA-256 | b6eaa47a9e3232720a1866fd9bb709e19225ef854d9fc29c0f8316bdef7f3e8a
mimedefang-2.59.tar.gz
Posted Feb 1, 2007
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with Sendmail 8.11/8.12's new "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: A new "watch-multiple-mimedefangs.tcl" tool that lets you keep an eye on a cluster of MIMEDefang scanners. Fixes to the build scripts that should eliminate build problems on Intel/AMD 64-bit architectures. mimedefang generates the COMMANDS file more safely and more efficiently. Various other minor improvements and bug-fixes.
systems | windows, unix
SHA-256 | 7a979726a20f5d8cfc2ddb085ce14afff641b44febf17513f3d17a77e6a5c641
ExploitingJSON.pdf
Posted Feb 1, 2007
Authored by Aditya K Sood | Site zeroknock.metaeye.org

Whitepaper entitled Exploiting JSON Framework - 7 Attack Shots.

tags | paper
SHA-256 | 4ef0bb62586c04ed3138bfb5fb9552f437721e1488319a608841047e93441684
Debian Linux Security Advisory 1256-1
Posted Feb 1, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1256-1 - It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-0010
SHA-256 | b09a4615b310099e85d75d5e99d8735aed49adae09bdd0c243d326f4c66dd1af
Gentoo Linux Security Advisory 200701-27
Posted Feb 1, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-27 - Teemu Salmela discovered an error in the validation code of smb:// URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Versions less than 0.11.2 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 40744269992e8705c50c1ae275e5f9020b3779855d6b4e86f88b322e8ee5f8f2
Gentoo Linux Security Advisory 200701-26
Posted Feb 1, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-26 - KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Versions less than 3.5.5-r1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 886ee48ee05282452da8dca388e9421d7f5b421ae6109fe24b987c95868885c7
Gentoo Linux Security Advisory 200701-28
Posted Feb 1, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-28 - thttpd is vulnerable to an underlying change made to the start-stop-daemon command in the current stable Gentoo baselayout package (version 1.12.6). In the new version, the start-stop-daemon command performs a chdir / command just before starting the thttpd process. In the Gentoo default configuration, this causes thttpd to start with the document root set to /, the system root directory. Versions less than 2.25b-r6 are affected.

tags | advisory, root
systems | linux, gentoo
SHA-256 | d78d95cdf42f47e5dd6e20432c044b26afc2e09f6eca76efd06ed329f37e3447
Debian Linux Security Advisory 1255-1
Posted Feb 1, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1255-1 - Liu Qishuai discovered that the GNOME gtop library performs insufficient sanitising when parsing the system's /proc table, which may lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-0235
SHA-256 | 503823eabe2e69836f447b3760432f1cb77fc9414387824bad0d62af89a04bf5
Echo Security Advisory 2007.63
Posted Feb 1, 2007
Authored by y3dips, Echo Security | Site echo.or.id

Cadre suffers from a remote file inclusion flaw.

tags | exploit, remote, file inclusion
SHA-256 | a30e4cb73af41aa801f1a08472b89c5c7b284bd9db0651dccdf58147fa85c880
Cisco Security Advisory 20070131-sip
Posted Feb 1, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco devices running IOS which support voice and are not configured for Session Initiated Protocol (SIP) are vulnerable to a crash under yet to be determined conditions, but isolated to traffic destined to Port 5060. SIP is enabled by default on all Advanced images which support voice and do not contain the fix for CSCsb25337. There are no reports of this vulnerability on the devices which are properly configured for SIP processing. Workarounds exist to mitigate the effects of this problem. IOS releases that include voice support after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG and all of 12.4 are affected.

tags | advisory, protocol
systems | cisco
SHA-256 | 3a3579db497b0b2ef8633d579dc08b9d34662167267cdd1c6b866dd78a93e9fd
NGS-traversal.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

Oracle 10g R2 Enterprise Manager suffers from a classic directory traversal flaw. Details provided.

tags | exploit, file inclusion
SHA-256 | 7b239d813c0b71f35706e82ceb10a5685fed697cf244b62a9ea0ed16b798e32f
NGS00401.txt
Posted Feb 1, 2007
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote resource exhaustion vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause LGSERVER.EXE to write very large files to the system disk. In addition, the LGSERVER.EXE process becomes unresponsive until the file has been written.

tags | advisory, remote, tcp
SHA-256 | 5e363b53e6622717f68088020395485bc3abf558e7989dfb9923e72982cf384e
NGS00402.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote denial of service vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause the process to terminate.

tags | advisory, remote, denial of service, tcp
SHA-256 | b2beae78b9dc5bc4bf16421bd8c3f8c7bbb339c861377bc711310256b5da4cd2
NGS00403.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote c ode execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 1900, it is possible to cause a stack overflow that allows arbitrary code execution as Local System.

tags | advisory, remote, overflow, arbitrary, local, tcp, code execution
SHA-256 | 93b42c48737208bb1775e556207027438baca25f161de47442e043e659a7b1e6
NGS00404.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote code execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to execute arbitrary code as SYSTEM on a Windows Platform.

tags | advisory, remote, arbitrary, tcp, code execution
systems | windows
SHA-256 | 474a498ff00370f5a46dd87ae7f9feeac3510fc1c6ca6e8ff022be0dc35ff0c6
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close