what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2007-11-14 to 2007-11-15

exophpdesk-sql.txt
Posted Nov 14, 2007
Authored by Joseph Giron

ExoPHPdesk may be susceptible to cross site scripting and SQL injection vulnerabilities via the profile functionality.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | c0556a8f46d27fc7724407ccbdeed757b5df0d02c379466e538a4e4ac7d38ef3
iDEFENSE Security Advisory 2007-11-12.2
Posted Nov 14, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 11.12.07 - Local exploitation of an input validation error vulnerability within Novell NetWare Client could allow an unprivileged attacker to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nwfilter.sys, file version 4.91.1.1, as included with Novell's NetWare Client 4.91 SP4. Other versions are suspected vulnerable as well.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5667
SHA-256 | 39e537fefe55f9545bc7e0198660352f71e947724af29fd65f1b295a346eda32
Ubuntu Security Notice 542-1
Posted Nov 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 542-1 - Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | de02dcf4b1c56547ae229931ba3e629be0c36f1b5a080791408fb775db6cacc1
Ubuntu Security Notice 541-1
Posted Nov 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 541-1 - Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2007-5795
SHA-256 | a27abc831119f3d1e5386ebe434c4a48c4e70b30efd0b059d269d68288fa5e63
Ubuntu Security Notice 540-1
Posted Nov 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 540-1 - Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4619
SHA-256 | 2704d7bff4993957b515ca03f5464f9be0727db457bfab4d84209626c73724ae
Technical Cyber Security Alert 2007-317A
Posted Nov 14, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-317A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.

tags | advisory, remote, arbitrary, vulnerability
systems | windows
SHA-256 | ddb0309eda7034dc861a00dd7441209c08711c387a874a6fa4439b83c6bf5195
oracle-default.txt
Posted Nov 14, 2007
Authored by David Litchfield | Site ngssoftware.com

Oracle 11g and 10g have a default password vulnerability during the install process.

tags | advisory
SHA-256 | 9f5760b9411b159e7a5575efdffb65924eed9b9c2af42fc47a84c44578aa8694
wpslimstat-xss.txt
Posted Nov 14, 2007
Site xssworm.com

It appears that wp-slimstat version 0.92 for Wordpress 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 24465067d1965a38eb4deeb1a88bf8d31a76385acf53cd680e0524d68a388db1
phpstream-dos.txt
Posted Nov 14, 2007
Authored by laurent gaffie

PHP versions 5.2.5 and below suffer from a denial of service vulnerability in stream_wrapper_register().

tags | advisory, denial of service, php
SHA-256 | 55afefa849f9b24c52ac2f9d033521975627a87a809b033cf22c8ae93dd5cef3
phpgettext-dos.txt
Posted Nov 14, 2007
Authored by laurent gaffie

PHP versions 5.2.5 and below suffer from denial of service vulnerabilities in the Gettext Lib.

tags | advisory, denial of service, php, vulnerability
SHA-256 | 02032c6549919b0100a46517749f3f2966f480b47656419d14d9176ca1bc11c3
Windows DNS Cache Poisoning Whitepaper
Posted Nov 14, 2007
Authored by Amit Klein | Site trusteer.com

The paper shows that Microsoft Windows DNS Server outgoing queries are predictable, allowing for cache poisoning attacks.

tags | paper
systems | windows
SHA-256 | e6bf106c2809b9fc55bd7e40137aa82ae7c1d6097a707860f8585ff0ea7fd84d
phcct-0.1.tgz
Posted Nov 14, 2007
Authored by Steffen Wendzel | Site wendzel.de

phcct (protocol hopping covert channel tool) is a tiny and basic proof of concept implementation of a protocol hopping covert channel.

tags | protocol, proof of concept
systems | unix
SHA-256 | fa2070ea1a9984526ed0db20a7b0bcaa4c0c972d18a7c5e8f3f227e8d2ac4866
protocolhopping.txt
Posted Nov 14, 2007
Authored by Steffen Wendzel | Site wendzel.de

Whitepaper titled Protocol Hopping Covert Channels - Protocol Hopping Covert Channels (PHCC) are a way to realize covert channels that switch between different protocols while a covert channel is established. PHCCs even can use a randomized protocol order and a mixed packet order to transfer packets what makes them hard to detect.

tags | paper, protocol
SHA-256 | 5e860930cb5e0a371339c0311a86cb658c505870ba95e5089106907f07b049f8
Mandriva Linux Security Advisory 2007.217
Posted Nov 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in libpng including an off-by-one error and out of bounds read errors.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
SHA-256 | c37104d040ce7628fd58f11b0d8b28b5e2b0b47e751c023aecfe5cc2bd45047a
Mandriva Linux Security Advisory 2007.216
Posted Nov 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - About a half dozen vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service flaws.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-3105, CVE-2007-4133
SHA-256 | 7d892c5c690906c9b13cf117500d7b5bf675ad403373a51160861752f86b5ac0
myspaceclone-sql.txt
Posted Nov 14, 2007
Authored by t0pp8uzz, xprog

MySpace Clone Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 59a0383d94e46266d3b88e0b56b42306114a294bbcc374f158df746ad5d475ce
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close