what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2005-10-27 to 2005-10-28

Debian Linux Security Advisory 873-1
Posted Oct 27, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 873-1 - A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's that have opened a stream based protocol (eg TCP but not UDP). By default, Net-SNMP does not open a TCP port.

tags | advisory, denial of service, udp, tcp, protocol
systems | linux, debian
advisories | CVE-2005-2177
SHA-256 | 9aa6dbf080cb28f2fee621dcc02f30c19d7558c9d96fa1185808d8c65a397b54
advisory-103.txt
Posted Oct 27, 2005
Authored by Farhad Koosha | Site kapda.ir

Various Techno Dreams scripts are susceptible to sql injection flaws. Proof of concept examples provided.

tags | exploit, sql injection, proof of concept
SHA-256 | 366fb83d32315f71627422a527b6480b8afc654f0ebe44f9173576308a730e15
secunia-Mantis.txt
Posted Oct 27, 2005
Authored by Andreas Sandblad | Site secunia.com

Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the t_core_path parameter in bug_sponsorship_list_view_inc.php is not properly verified before it used to include files. This can be exploited to include arbitrary files from external and local resources. Affected versions: Mantis 0.19.2 and 1.0.0rc2. Other versions may also be affected.

tags | exploit, arbitrary, local, php
SHA-256 | 9bffa4eac73d1c9558283150c0455ab3a80cf530a7ad18fdfa75a7a20f03f5d7
WoltlabSQL.txt
Posted Oct 27, 2005
Authored by [R] | Site batznet.com

Woltlab Burning Board info_db.php is susceptible to multiple sql injection flaws. Versions 2.7 and below are affected.

tags | exploit, php, sql injection
SHA-256 | 56555ebbf2731c32a918087c5f649bb3bf7d5b0cf6337ae6f829abf8cf554618
mybbpr2.pl.txt
Posted Oct 27, 2005
Authored by cOre

MyBB Preview Release 2 sql injection proof of concept exploit.

tags | exploit, sql injection, proof of concept
SHA-256 | 803c051a1a45e4ab44b58c7c24729ab0b562c9cc412b25125e210bed72c2dc19
PHP-Nuke-XSS.txt
Posted Oct 27, 2005
Authored by bhfh01

PHP-Nuke is susceptible to cross site scripting attacks.

tags | exploit, php, xss
SHA-256 | 7d26a61ef6f2ad7823422e467d0666ed5a5618f7a4980bb9f719510f18948a95
chmlib_20051126.txt
Posted Oct 27, 2005
Authored by Sven Tantau | Site sven-tantau.de

A vulnerability in CHM Lib (chmlib) can be exploited to compromise a user's system. Versions 0.36 and below are affected.

tags | advisory
SHA-256 | 49d8a7ab0c84e8e1cde8454aee0dfc62cce1221e25adec5296d00e2a3dfcce84
flysprayXSS.txt
Posted Oct 27, 2005
Authored by Lostmon | Site lostmon.blogspot.com

Flyspray versions 0.9.7, 0.9.8, and 0.9.8-devel are susceptible to cross site scripting. Exploitation details included.

tags | exploit, xss
SHA-256 | 0bab5f01b7c758426334bbe468c48da3450971005b0015fe8140d3acfbc45c89
StMichael_LKM-0.12.tar.gz
Posted Oct 27, 2005
Authored by Rodrigo Rubira Branco | Site sourceforge.net

StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.

Changes: StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums.
tags | kernel
systems | linux
SHA-256 | fbc421f4251b05aecaeb01f939302594c2a7090f9d731b7f6872c015173cd659
rum.c
Posted Oct 27, 2005
Authored by Pavel Stano | Site websupport.sk

rum version 0.9 - A one process tcp redirector with sockfile support, the ability to listen on multiple ports, and to offer statistics. Written for 2.6 kernels because it uses the epoll syscall.

tags | kernel, tcp
systems | linux
SHA-256 | 32c3edde06a293057867fdded3e39d730690c46d67a13e13574511b156a6f776
SEC-20051025-1.txt
Posted Oct 27, 2005
Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.

tags | exploit, web, xss
SHA-256 | 2d40e47e26366a81608e58eb701e131d921abb75ec18f1bc0763fd4b69a57ad9
SEC-20051025-0.txt
Posted Oct 27, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.

tags | exploit, remote, web, php
SHA-256 | 3d4b8192b526f1b4f047163bef662b30bca31b99670048e5fedfcec7d1e728d6
skypeRealData.txt
Posted Oct 27, 2005
Authored by EADS CCR DCR/STI/C

The EADS/CRC security team discovered a flaw in Skype client. An attacker can send a specially crafted packet that will trigger a heap overflow condition and execute arbitrary code on the target. Hence, an attacker can gain full control of the target. Conversely to what is written in Skype's advisory, remote code execution IS possible. Affected Versions: Skype for Windows - All releases prior to and including 1.4.*.83, Skype for Mac OS X - All releases prior to and including 1.3.*.16, Skype for Linux - All releases prior to and including 1.2.*.17, Skype for Pocket PC - All releases prior to and including 1.1.*.6.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, windows, apple, osx
SHA-256 | e93d8fd75218f31f2483406d0a40ae79acef27d04dad057c3765abe31596a130
sparkleBlogXSS.txt
Posted Oct 27, 2005
Authored by sikikmail

SparkleBlog is susceptible to HTML injection flaws that allow for cross site scripting attacks.

tags | exploit, xss
SHA-256 | e14a0296a68e3f24127264f8acf3106e7ac65ab6441d61321f68ebed0a7a2e86
PHP iCalendar Cross Site Scripting
Posted Oct 27, 2005
Authored by Francesco Ongaro | Site ush.it

PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.

tags | exploit, php, xss
SHA-256 | 9f0ca61b9a7c8067bc32bf77050ea673995d4a2229d755fff83257c3138fc38e
thunderbirdWeak.txt
Posted Oct 27, 2005
Authored by Thomas Henlich

Mozilla Thunderbird SMTP down-negotiation behavior allows a man-in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper. Affected versions: Mozilla Thunderbird 1.0.7 (20050923), Mozilla Thunderbird 1.5 Beta 2 (20051006), possibly other programs using the Mozilla mail component.

tags | advisory
SHA-256 | d7c2c62f53981de1b1e61fbb11de9278cff73769ab86c648b175814f320ba698
netapp-iSCSI.txt
Posted Oct 27, 2005
Authored by Thomas H. Ptacek | Site matasano.com

Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating the iSCSI Login Negotiation protocol. The impact of this vulnerability is the negation of iSCSI security on affected NetApp filers.

tags | advisory, protocol
SHA-256 | cbda7558ac20a9e5ae1ab0fe5849ed2b682c6fc6ec99c1de2f5873cfdcc2906a
THCsnortbo.c
Posted Oct 27, 2005
Authored by rd | Site thc.org

THCsnortbo 0.3 - Remote Snort ping exploit that makes use of a stack-based overflow vulnerability in Snort's Back Orifice preprocessor.

tags | exploit, remote, overflow
SHA-256 | 96da659e32e952a39dbc28838a12b7285552be9c4258061478af4f0511d2ed06
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close