exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2007-06-21 to 2007-06-22

Mandriva Linux Security Advisory 2007.131
Posted Jun 21, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
SHA-256 | 2ae6428185a83a199fc21f5a307823d348f3b7c79bcacfa5610dac600f89cfcf
Mandriva Linux Security Advisory 2007.130
Posted Jun 21, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. The updated packages have been patched to prevent this issue. As well, this update provides proper PAM configuration files for ProFTPD on Corporate Server 4 that had prevented any mod_auth_pam-based connections from succeeding authentication.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-2165
SHA-256 | ad147280c64e52fd7ef4848541a3149f3cee31c56e0ab7c29920dbc42e6e83be
fl0w_execve.c
Posted Jun 21, 2007
Authored by fl0 fl0w | Site fl0fl0w.blogspot.com

51 byte Linux/x86 execve shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 7148261b65d2c2d2dc75054e64cd5b5ab73e3dacbed95ec8d4ca1e2f765a06c9
Samhain File Integrity Checker
Posted Jun 21, 2007
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 2d0bfd6b12713502b9793d4c806fc5fe7acbe51d1b0c2df739190196f6509c16
pbxs11-exec.txt
Posted Jun 21, 2007
Authored by clarity_

BitchX version 1.1-final remote command execution exploit.

tags | exploit, remote
SHA-256 | 39236b6f34aa43098be96a197d2a1fd67f7dbe49a90ce86bfe5f6d6b4bd2d92b
serweb094-rfi.txt
Posted Jun 21, 2007
Authored by Kw3rLN | Site rst-crew.net

SerWeb version 0.9.4 remote file inclusion exploit that takes advantage of load_lang.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | df1e5f62e3ca9f4ed6f6538244f593f78f88d1582d5f3abdbc6b71ae3e9f54b7
HP Security Bulletin 2006-12.74
Posted Jun 21, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to the system.

tags | advisory
systems | windows
advisories | CVE-2007-3180
SHA-256 | 001e54c3893cfcbb0cfa635bfa9495de4a83561d0fc79701389790541b29437b
httpsv162-dos.txt
Posted Jun 21, 2007
Authored by Prili

HTTP SERVER (httpsv) version 1.6.2 remote denial of service exploit that makes use of a 404 error.

tags | exploit, remote, web, denial of service
SHA-256 | 3d9cd2b6641a08df05e9e48119a0785c46ea878a27644269770669010d904411
sqlninja-0.1.2.tgz
Posted Jun 21, 2007
Authored by icesurfer | Site sqlninja.sourceforge.net

sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.

Changes: Test mode added. Debug option added. Other minor changes.
tags | tool, remote, web, shell, scanner, perl, vulnerability, sql injection
systems | unix
SHA-256 | d018a3c450f2814616d6e10df371981fd19d86b0ea6ec4a05bb5734096679281
cissp-sql.txt
Posted Jun 21, 2007
Authored by Bozo Bad

The CISSP web site is susceptible to a SQL injection vulnerability.

tags | exploit, web, sql injection
SHA-256 | c0ba7d4f6b0c35ccde41a80a894e52f88473c0f530a29d4f1446f7c27eec8fc1
vbultop-xss.txt
Posted Jun 21, 2007
Authored by rUnViRuS | Site sec-area.com

vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability related to new topics.

tags | exploit, xss, file inclusion
SHA-256 | e3fe34aa550e0f2f7d8c107bcf0b54ab463ac041adcd27f50911f56cd41efbd1
vbulinclude-xss.txt
Posted Jun 21, 2007
Authored by rUnViRuS | Site sec-area.com

vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability.

tags | exploit, xss, file inclusion
SHA-256 | 124cb4ff6f114f48f07ed87a69cd0995d57142a60c8e9fdc60831d2609800e0d
fusetalkautherror-xss.txt
Posted Jun 21, 2007
Authored by Ivan Almuina | Site fastcom-technology.com

Fusetalk suffers from cross site scripting vulnerabilities in comfinish.cfm.

tags | exploit, vulnerability, xss
SHA-256 | 7cb8de6071c6b054856a55e4c81df2dfec3872f414bf4833c0610fe5074f3ff3
pixy_3_01.zip
Posted Jun 21, 2007
Site seclab.tuwien.ac.at

Pixy is an open source vulnerability scanner that audits PHP applications for SQL injection and cross site scripting vulnerabilities. It is written in Java and also performs automatic resolution of file inclusions.

tags | tool, java, scanner, php, vulnerability, xss, sql injection, file inclusion
systems | unix
SHA-256 | 50824432cbbb0d2d08b83b3f850b36829dbcd2cb0e67f5b30bea566423e3c709
csc-sqlxss.txt
Posted Jun 21, 2007
Authored by DoZ | Site hackerscenter.com

Comersus Shop Cart version 7.07 suffers from SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 58ba2fa8052fb0819670006c7bdfa1d55906e1a7c84ecc9a82070d3947e29cc5
Mandriva Linux Security Advisory 2007.129
Posted Jun 21, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-2721
SHA-256 | 49e35eea195f9ef8ba10b6f706e71bf6d035c1334146bf2abb1b501007b5e26f
Mandriva Linux Security Advisory 2007.128
Posted Jun 21, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4168
SHA-256 | 1356f53c0be093f1e0bd3b4ef2b058cda07f258e1718e73fc47d12c584b5cfac
prefork.txt
Posted Jun 21, 2007
Authored by PSNC Security Team | Site security.psnc.pl

Apache suffers from some prefork MPM vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 4d61c28e91dc8056ee3f72cb7c70d86c713c92a2e12bcc5cb0afada3a83c3933
Mandriva Linux Security Advisory 2007.127
Posted Jun 21, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2007-1862
SHA-256 | 2c58e81c7fdbf47fc1aff0fb58209c44403b34e89fa427097bb7f681267e7a30
Gentoo Linux Security Advisory 200706-7
Posted Jun 21, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-07 - Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code using an unrestricted file upload (CVE-2007-1639), cross-site request forgeries using different modules (CVE-2007-1638), and a cross-site scripting attack using unknown vectors (CVE-2007-1576). Versions less than 5.2.1 are affected.

tags | advisory, arbitrary, php, vulnerability, xss, file upload
systems | linux, gentoo
advisories | CVE-2007-1575, CVE-2007-1576, CVE-2007-1638, CVE-2007-1639
SHA-256 | 32e1a1bd5e7b7ce827d5f2dee5bdea8dd5fa451b945e4c3a0c11088f11815542
Gentoo Linux Security Advisory 200706-6
Posted Jun 21, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-06 - Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Versions less than 2.0.0.4 are affected.

tags | advisory, spoof, protocol
systems | linux, gentoo
advisories | CVE-2007-1362, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871
SHA-256 | a7d915b8dee1a1dbf0130d00d257b5daf6d8bdba894d7bee66a3e62a661019be
Debian Linux Security Advisory 1315-1
Posted Jun 21, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1315-1 - Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validation if configured to use Sendmail. This allows the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell, php
systems | linux, debian
advisories | CVE-2007-3215
SHA-256 | f255210e60be7f0487fa144f186a573db8354ad9901767162942729c5c012e8a
wildea-sql.txt
Posted Jun 21, 2007
Authored by Crackers_Child

W1L3D4 WEBmarket version 0.1 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 433606e9bfbc7fcdd3b374f544107fce3348a6ab959812ba710b2d401261ceef
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close