exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

Files Date: 2006-11-09

openssh-4.5p1.tar.gz
Posted Nov 9, 2006
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple bug fixes including a security fix.
tags | encryption
systems | linux, openbsd
SHA-256 | 7046b9d372f9e31ca654a66492310c188470480ddab300eb715dbf5e2177ae55
openssh45.txt
Posted Nov 9, 2006
Site openssh.com

OpenSSH 4.5 has been released addressing a bug in the sshd privilege separation monitor that weakened its verification of successful authentication.

tags | advisory
SHA-256 | 239e91aa714af4bb4427b9c26c903ab615dd3a904d1d401adf5957efa7180f76
iPrimal-rfi.txt
Posted Nov 9, 2006
Authored by Bl0od3r

iPrimal Forums suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 3d23417765d82d73f1ac0d67c43a2e92d98f5025da5710c1abdd56989cd17ccb
vblog1201-rfi.txt
Posted Nov 9, 2006
Authored by Dr.Pantagon | Site deltahacking.ir

Vortex Blog suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 45115ae5bc26e0aef806dc359046e72fdb32f8590c0c4d9f51f0bb22b79b084a
irayo024-rfi.txt
Posted Nov 9, 2006
Authored by Dr.Pantagon

IrayoBlog version 0.2.4 suffers from a remote file inclusion vulnerability in inc/irayofuncs.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 97e4f254211ea71204fc581a0a5dd769b566237f07f9b45ed210a077407bbcf2
dodosmail201-rfi.txt
Posted Nov 9, 2006
Authored by Cold Zero

DodosMail versions 2.0.1 and below suffer from a remote file inclusion vulnerability in dodosmail.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 34c96f7ed3c0eb46288949a421a3b653587a2b69e37d8096cf9a22d3f1bd838a
ie67-xmlcore.txt
Posted Nov 9, 2006

Microsoft Internet Explorer 6/7 XML Core Services remote code execution exploit. Found in the wild by Gadi Evron. Modified by /str0ke.

tags | exploit, remote, code execution
SHA-256 | ff5eaba72be3177273e6a9ff8d817c24d37b0bc0babab1df766974d513428608
iodine-0.3.4.tar.gz
Posted Nov 9, 2006
Authored by Yarrick | Site code.kryo.se

iodine is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be useful in situations where Internet access is firewalled, but DNS queries are allowed. It needs a TUN/TAP device to operate. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.

Changes: Fixed handshake() buffer overflow. Some other fixes.
systems | unix
SHA-256 | 08a60f1dde655e37e136a498f73abcf25562239b02aa7c272c3cceb34ca2a5d5
mimedefang-2.58.tar.gz
Posted Nov 9, 2006
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with Sendmail 8.11/8.12's new "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Memory leak in mimedefang found and fixed.
systems | windows, unix
SHA-256 | 60a63ed22a42b1463335afade2584f91dc1235bb6a35249940d7f64a9bed8dc9
pwntego.tar.gz
Posted Nov 9, 2006
Authored by Kevin Finisterre | Site digitalmunition.com

Race condition exploit that takes advantage of a flaw in Intego VirusBarrier X4.

tags | exploit
SHA-256 | 8fbc3bac0aef7c91710230a3e7449dcef6d21741f4c4c879f4899e657a426416
DMA-2006-1031a.txt
Posted Nov 9, 2006
Authored by Kevin Finisterre | Site digitalmunition.com

Intego VirusBarrier X4 suffers from a definition bypass vulnerability.

tags | advisory, bypass
SHA-256 | cb1239541fb426479250540f9150a7e2c069a130c929584cf04e64628d107c1d
speedwiki20.txt
Posted Nov 9, 2006
Authored by benjamin moss, laurent gaffie | Site s-a-p.ca

SpeedWiki version 2.0 suffers from arbitary file upload and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file upload
SHA-256 | 84193b0ef3ac204c1723a26fd4e494c540460ae71416d41c863d386392a4fd53
portixSQL.txt
Posted Nov 9, 2006
Authored by benjamin moss, laurent gaffie | Site s-a-p.ca

Portix-PHP suffers from a SQL injection vulnerability.

tags | exploit, php, sql injection
SHA-256 | e32be082f897271f9d5425a2f70111edec206ef62870f3d4058c0a256a7f22d6
TSRT-06-13.txt
Posted Nov 9, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected. OpenView Client Configuration Manager version 1.0 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2006-5782
SHA-256 | 44a89aa95a1bae411c8bdd385cbc8355ab9385be996a42c9eee2149f0069b9e6
abarcarSQL.txt
Posted Nov 9, 2006
Authored by benjamin moss, laurent gaffie | Site s-a-p.ca

The Abarcar Realty Portal is susceptible to SQL injection attacks.

tags | exploit, sql injection
SHA-256 | 376079da73ed9975d7fca0a88d6434ece2051fe90c2789fb85f3a86dc54f648a
iDEFENSE Security Advisory 2006-11-08.2
Posted Nov 9, 2006
Authored by iDefense Labs, Titon of Bastard Labs | Site idefense.com

iDefense Security Advisory 11.08.06 - Local exploitation of an insecure permissions vulnerability in Cisco Systems Secure Desktop product could allow privilege escalation attacks to be conducted by local users. When Cisco Secure Desktop Web VPN product is installed on a NTFS formatted drive, permissions are set on all files to grant full control to all users. Certain files run as a system service and can be easily replaced. iDefense has confirmed this vulnerability exists on Cisco Secure Desktop version 3.1.1.27. Previous versions are suspected to be vulnerable.

tags | advisory, web, local
systems | cisco
SHA-256 | 6dfd669d77800874e54b7955d01e2b2497788e1397cb113504ba0f650e44cf67
freewebshop222.txt
Posted Nov 9, 2006
Authored by benjamin moss, laurent gaffie | Site s-a-p.ca

FreeWebShop versions 2.2.2 and below suffer from directory traversal and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b4a52e4159ef9058675bda56581ad8fd225898a3049bfc05f2e5761f45ea194b
phpmychat0145traverse.txt
Posted Nov 9, 2006
Authored by ajann

PhpMyChat versions 0.14.5 and below suffer from a classic directory traversal attack.

tags | exploit
SHA-256 | 2c3784e417f5137dd65d7c496148caf5fc8c0a10e44ee0cd3093c7a30400b344
phpmychatPlus19.txt
Posted Nov 9, 2006
Authored by ajann

PhpMyChat Plus versions 1.9 and below suffer from a classic directory traversal attack.

tags | exploit
SHA-256 | 7d3ed14aeaf386a767803618ed61a6a6dc2b428308cef3768c83b42eed3d76c0
Mandriva Linux Security Advisory 2006.204
Posted Nov 9, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-204 - A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the absence of additional vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-5794
SHA-256 | 490f28d70c40abc0372fc9027234651b6f6624b19468a97ed30f404e32603984
Technical Cyber Security Alert 2006-312A
Posted Nov 9, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA06-312A - The Mozilla web browser and derived products contain several vulnerabilities. The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include forging an RSA signatures and denial of service. A remote, unauthenticated attacker could execute arbitrary code, or cause a denial of service. Forging an RSA signature (VU#335392) may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid. This may allow that attacker to impersonate a website or email system that relies on certificates for authentication.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
SHA-256 | 99b7e4c1fa8be3237818386e3263c03123e10b2e9680bbc437a5a5963b2e3551
Cisco Security Advisory 20061108-csd
Posted Nov 9, 2006
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Secure Desktop (CSD) software is affected by three vulnerabilities that may cause information produced and accessed during an Internet browsing session to be left behind on a computer after an SSL VPN session terminates, may allow users to evade the system policy that prevents them from leaving the Secure Desktop while a VPN connection is active, and may allow local users to elevate their privileges. The vulnerabilities described in this document exist in versions 3.1.1.33 and earlier of Cisco Secure Desktop.

tags | advisory, local, vulnerability
systems | cisco
SHA-256 | ae210eb031e64cbec7800b94348d7a4cb54b5d9bea37d927acbe0827c0319942
Mandriva Linux Security Advisory 2006.203
Posted Nov 9, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-203 - Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2006-4810
SHA-256 | 82a8c2d42d21771783b7b34aa9ba24471bba2fbd07e390454cbf86fd4df993bc
lotusnotes_keyfiles.pdf
Posted Nov 9, 2006
Authored by Andrew Christensen | Site fortconsult.net

FortConsult Security Advisory - It is possible to retrieve unencrypted data from the "names.nsf" database on Lotus Notes servers without being logged in.

tags | advisory
SHA-256 | 438f8fa64a94121b43b7b7e1b5eef7fc543a121fdbb1de48b7fc02b951ba17ae
iDEFENSE Security Advisory 2006-11-08.1
Posted Nov 9, 2006
Authored by iDefense Labs, Andrew Christensen | Site idefense.com

iDefense Security Advisory 11.08.06 - Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root. The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.iDefense has confirmed the existence of this vulnerability in version 7.0.1.1 of IBM's Lotus Domino for Linux. Earlier versions may also be vulnerable.

tags | advisory, overflow, kernel, local, root, vulnerability
systems | linux
SHA-256 | e24a6b648c0945b340012510654538e27d061dadc4ee809651273533be054a00
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close