exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2008-01-09 to 2008-01-10

sapone.zip
Posted Jan 9, 2008
Authored by Luigi Auriemma | Site aluigi.org

Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. Launches cmd.exe.

tags | exploit, remote, code execution
SHA-256 | eb4f7cf06c6757a1371d0c92e9e5fc1d080f3f0a62dc8317785e8b3b2d680924
sapone.txt
Posted Jan 9, 2008
Authored by Luigi Auriemma | Site aluigi.org

SAP MaxDB versions 7.6.03 build 007 and below suffer from a pre-authentication remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | 253d8de800efd9bd9e37418409e3025ae1ec5ce6ea5a35bb1e9fb3e4dbac7c0c
omegasoft-cookie.txt
Posted Jan 9, 2008
Authored by MC Iglo

It seems that Omegasoft's Insel 7 may suffer from a cookie validation vulnerability.

tags | advisory
SHA-256 | 47204927eb9c82b6599bf19ac2a58c6fb988a8f4a9207c13bac66b3e789dfc9e
DSECRG08-001.txt
Posted Jan 9, 2008
Authored by Sh2kerr, Stas Svistunovich | Site dsecrg.com

Tuned Studios Templates suffer from a local file inclusion vulnerability in index.php.

tags | exploit, local, php, file inclusion
SHA-256 | e1f8fc52ca4abda2cbbcc3b564f875f2beb79a48537b22fc17dc7a0712f8dd96
Ubuntu Security Notice 564-1
Posted Jan 9, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 564-1 - Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-5846
SHA-256 | 96a0275ff748accff20dd8ef417a4f3a0303bd613973bf35f60f6d4d4d0d7b1f
mcafee2.pl.txt
Posted Jan 9, 2008
Authored by Leon Juranic | Site infigo.hr

McAfee E-Business Server versions 8.5.2 and below pre-authentication denial of service exploit.

tags | exploit, denial of service
SHA-256 | 9fdbf08d12eca23e24b5da2766dfaa3afb090a14d10501e4f61f1a490950b23d
INFIGO-2008-01-06.txt
Posted Jan 9, 2008
Authored by Leon Juranic | Site infigo.hr

INFIGO IS Security Advisory #ADV-2008-01-06 - The McAfee E-Business Server versions 8.5.2 and below suffer from a pre-authentication code execution and denial of service vulnerability.

tags | advisory, denial of service, code execution
SHA-256 | 7129afa195fe0c40d1247cd6d401cf701a55ca378c31f5c79339a620eade8866
Mandriva Linux Security Advisory 2008-004
Posted Jan 9, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Index Functions Privilege Escalation: as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service: three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation: DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle , but that patch failed to close all forms of the loophole.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2007-6600, CVE-2007-4772, CVE-2007-6067, CVE-2007-4769, CVE-2007-6601
SHA-256 | edab60a1473e35b9b319cf42931a033907dbd44cba5d3b178ce486cce8517747
Mandriva Linux Security Advisory 2008-003
Posted Jan 9, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow. Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files. As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2007-6336, CVE-2007-6335, CVE-2007-6337
SHA-256 | 37b9a19cb61c4a301b58ab8777a496aecba98b36f31673396fda65b345441908
Secunia Security Advisory 28375
Posted Jan 9, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Websphere Application Server for z/OS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | aaf190c862be92f4c61ce47a47a22651f9caf2b8ec849c2eb2becc0fdda48776
Secunia Security Advisory 28384
Posted Jan 9, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in xine-lib, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | d8ad6c16e37a2e607a3119949278c0a453a76fe539380462d151f871d7260635
Ubuntu Security Notice 563-1
Posted Jan 9, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 563-1 - Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. Elias Pipping discovered that temporary files were not handled safely in certain situations when converting PDF to PS. A local attacker could cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2007-5849, CVE-2007-6358
SHA-256 | 489700930be8d4a13257c7209ad13c6df10d30f853eac24c1ae666ddb054ed79
Ubuntu Security Notice 562-1
Posted Jan 9, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 562-1 - Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-4924
SHA-256 | 0bae0510745e2d4cc1e920612d25832120f26ff1cd4e53a774b165a882277ed1
Ubuntu Security Notice 561-1
Posted Jan 9, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 561-1 - Jose Miguel Esparza discovered that pwlib did not correctly handle large string lengths. A remote attacker could send specially crafted packets to applications linked against pwlib (e.g. Ekiga) causing them to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-4897
SHA-256 | 52e265988f2840d09d20942061a4e0e7c5807c23b28fec9e912ec1f3f55eedbc
Gentoo Linux Security Advisory 200801-1
Posted Jan 9, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-01 - Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Versions less than 1.0.14 are affected.

tags | advisory, shell
systems | linux, debian, gentoo
advisories | CVE-2007-6610
SHA-256 | 6afee06078491bc089bcb513e08640815c7fa0ce8688570f5f30481c1991cb2e
Gentoo Linux Security Advisory 200709-7
Posted Jan 9, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200709-07:02 - Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server. Versions less than 1.6.18-r2 are affected. The unaffected ebuild, as reported in the original version of this Security Advisory, did not properly address all vulnerabilities.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-2807
SHA-256 | 12bdf6dfcebf0501efa2b773ca684dc51d714360f8385f47efe931909b04977f
Technical Cyber Security Alert 2008-8A
Posted Jan 9, 2008
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA08-008A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system.

tags | advisory, remote, arbitrary, vulnerability
systems | windows
SHA-256 | 9f9115cfaf27e41368645573db14fbd06cd6820de2ba750fb949112bcb054846
Secunia Security Advisory 28333
Posted Jan 9, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | eefc4b1ced6e7b1e19163e1a53a8bf3b457660bb48348ff5d922858822b75568
Secunia Security Advisory 28361
Posted Jan 9, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for tomcat5. This fixes some vulnerabilities, which can be exploited by malicious people and malicious users to disclose sensitive information.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 7d2cd18954446d556e47f9316984970e539d819d303f1b8f285fbf9107e968a8
weblaunch-insecure.txt
Posted Jan 9, 2008
Authored by Elazar Broad

Gateway Weblaunch ActiveX control insecure method exploit.

tags | exploit, activex
SHA-256 | d2eb43365020a9d361b6f129aee527ecc567063762665cba85591340d8fab689
move-overwrite.txt
Posted Jan 9, 2008
Authored by Elazar Broad

Move Networks Quantum Streaming player SEH overwrite exploit that spawns calc.exe.

tags | exploit
advisories | CVE-2007-4722
SHA-256 | 992465625ee6de48ff658f7e6381b37fa6c5462bacfdd40c50f8e383aa73a731
sami-overflow.txt
Posted Jan 9, 2008
Authored by Matteo Memelli | Site be4mind.com

Microsoft DirectX SAMI file parsing remote stack overflow exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell
SHA-256 | 891b81acd9ed28a3aeb26a4085e20322e16d833a8297675eed4861882ea54014
webquest-sql.txt
Posted Jan 9, 2008
Authored by ka0x

PHP Webquest version 2.6 remote SQL injection exploit.

tags | exploit, remote, php, sql injection
SHA-256 | 41474b00c26a95d2f11e5f223961db0c34d76ed4beaa5a990d9bc1a425701711
Secunia Security Advisory 28339
Posted Jan 9, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for tomboy. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 7478c4b8581f22393cb4841cf25833542521e0b5cb5125a8705fa942788ed11a
Secunia Security Advisory 27699
Posted Jan 9, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered some vulnerabilities and a weakness in Layton HelpBox, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and compromise a vulnerable system, and by malicious people to identify valid user accounts and conduct cross-site scripting, script insertion, and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 6128e429e2bcd6ea372c93f3fad30cfafeb9c7ddd3bd4034d4339f5e03161e4f
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close