what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2008-01-14

Mandriva Linux Security Advisory 2008-013
Posted Jan 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.

tags | advisory, overflow, arbitrary, python
systems | linux, mandriva
advisories | CVE-2007-4965
SHA-256 | 22b534682be7c308115f64e42b216bf5eb9aa48e9cefa357ef9f44cfd05ead13
Mandriva Linux Security Advisory 2008-012
Posted Jan 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An integer overflow flaw was discovered in how python's pcre module handled certain regular expressions. If a python application using the pcre module were to compile and execute untrusted regular expressions, it could possibly lead to an application crash or the execution of arbitrary code with the privileges of the python interpreter. Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.

tags | advisory, overflow, arbitrary, python
systems | linux, mandriva
advisories | CVE-2006-7228, CVE-2007-4965
SHA-256 | 768924f6a4c4dc0d8aa6d014cd64650fde1304e861e573e4128b3711365bab10
Secunia Security Advisory 28481
Posted Jan 14, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in BugTracker.NET, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
SHA-256 | 503cc5c94ff10a6a1605952c67858f19a7e0d3ac4ac6adedea8b6f0bb71250f4
Ubuntu Security Notice 568-1
Posted Jan 14, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 568-1 - Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-6600, CVE-2007-3278, CVE-2007-6601, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067
SHA-256 | 47d59960e481124c283b84984065380cc224fcda98eb11e54fce799c288e75c1
Zero Day Initiative Advisory 08-01
Posted Jan 14, 2008
Authored by Tipping Point, Sebastian Apelt, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.

tags | advisory, overflow, arbitrary, tcp, code execution
advisories | CVE-2008-0247
SHA-256 | d3505a1cd6fd799ea1c25183890de56f606ba71453077a7b318259b08b71a0a0
f5-xss.txt
Posted Jan 14, 2008
Authored by nnposter

The F5 BIG-IP web management interface is susceptible to a cross site scripting vulnerability via the search functionality. Tested against version 9.4.3.

tags | exploit, web, xss
SHA-256 | f24e831838b0cad45609bd942c655b29b4ed3bad399ec918e6c0487981cb4ac5
flexnet-overwrite.txt
Posted Jan 14, 2008
Authored by Elazar Broad

Macrovision FlexNet Connect download manager is susceptible to an arbitrary file download/overwrite vulnerability.

tags | exploit, arbitrary
SHA-256 | 8656555b01e9b0c8e79ba5f966804d2fc68fd444657ea0fcadbb3c73f9b8cd4f
sqid-0.3.tar.gz
Posted Jan 14, 2008
Authored by Metaeye SG | Site sqid.rubyforge.org

SQL injection digger is a command line program that looks for SQL injections and common errors in websites.

Changes: Now works in 4 modes: url,google,page and crawl mode, supports HTTP proxy, cookies, multiple signature databases and triggers and a few other operational features.
tags | tool, scanner, sql injection
systems | unix
SHA-256 | b76ba9f76bdaeffbdf068c3668af79e1c700692ab288ce7f8cdb25c51dbb034d
radmind-1.11.1.tar.gz
Posted Jan 14, 2008
Site rsug.itd.umich.edu

radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.

Changes: Fixed port failover on Mac OS X 10.5 clients. Exclude patterns support escape sequences now. fsdiff manpage: clarification of exclude behavior.
tags | tool, intrusion detection
systems | unix
SHA-256 | d7fda757c317f079a7ba1be30313a36c20de6c873d256c33d826065c4e747c39
pMachinePro-241-xss.txt
Posted Jan 14, 2008
Authored by fuzion

pMachine Pro version 2.4.1 is susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | bdc37f2832cee5b6136998e922d72de5e15df74fa5bb26ee2f0dfd3fdfdaacdb
Secunia Security Advisory 28478
Posted Jan 14, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Meta Tags module for Drupal, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | c338a4807bdfc44f8758597abf82ed3a3b758b488c8b95d5fddb31d024569c23
Secunia Security Advisory 28460
Posted Jan 14, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Merak Mail Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d888525f35ccfd4b31cabaed84617585267676c2fe5451971fc3e98d4391caef
Secunia Security Advisory 28469
Posted Jan 14, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged a vulnerability in multiple Avaya Products, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 2b29f54ab29d3187fb74b1297b55d5fc8349e6820650f968cdbc3c7fb9fef9fa
Debian Linux Security Advisory 1463-1
Posted Jan 14, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1463-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601
SHA-256 | bf82c28f78aa61e68865b176249ca0279e41256a1de3a041b5d109a070a22eeb
Debian Linux Security Advisory 1462-1
Posted Jan 14, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1462-1 - Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user.

tags | advisory, shell, local
systems | linux, debian
advisories | CVE-2007-5208
SHA-256 | 34d83e3f33fc2dc2320bc5364a40d153c1cc12515fa7ebe63bb9aa861ba28301
Debian Linux Security Advisory 1461-1
Posted Jan 14, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-6284
SHA-256 | 2bbc3fa2b0758e79588a696950f034e141bb876356c2272039fa877fb0f10858
OpenStego Free Steganography Solution 0.3.2
Posted Jan 14, 2008
Authored by Samir Vaidya | Site sourceforge.net

OpenStego is a tool implemented in Java for image based steganography, with support for password-based encryption of the data. It currently supports embedding of messages/files in a 24bpp images.

Changes: Fully revamped the command-line syntax to make it more conventional in nature. Various support added.
tags | java, encryption, steganography
SHA-256 | 7d5861e2b2cbe80051d2f00db1b195b9062c6284c4a38504c5e49bef3292ea58
nipper-0.11.2.tgz
Posted Jan 14, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.

Changes: This maintenance release includes several fixes for issues identified by the community. Additionally, minor changes have been made to some of the command line parameters, and a new option added to remove the configuration section of a report. Other updates include documentation changes and configuration file modifications. For a full list of changes, refer to the Changelog.
systems | cisco, juniper
SHA-256 | ee8da86e3e3ddbf4b2ea22dded69011ef2bd21bd252c5a7bc3345b0ba33103f6
nuvico-heap.txt
Posted Jan 14, 2008
Authored by rgod | Site retrogod.altervista.org

NUVICO DVR NVDV4 / PdvrAtl module with PdvrAtl.DLL version 1.0.1.25 remote heap overflow exploit for Internet Explorer 7 on Windows XP SP2.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 9ee68690af569f2155d52e1d0bea6ce85186e02b540a9a4924aeebc6c338d350
unhash-0.9.tgz
Posted Jan 14, 2008
Authored by dxp | Site geocities.com

UnHash is a program that performs a brute force attack against a given hash. The hash can be MD5 or SHA1, and the program will auto-detect which one is given.

Changes: Changed statistic's signal handler. Hit any key to invoke. Minor code cleanup and some bug fixes.
tags | cracker
SHA-256 | 0da019894b5b5cb8fc598fdb80398008f06dba86151dacf31b57a1aba8189481
floppyfw-3.0.5.iso
Posted Jan 14, 2008
Authored by Thomas Lundquist | Site zelow.no

Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the iso version.

Changes: Reverted back to iptables 1.3.7.
tags | tool, firewall
systems | linux
SHA-256 | 753536fe2af35d138de722bf798be521b1e439751d0d0efb32be27d8aaa043b6
xchat-sql.txt
Posted Jan 14, 2008
Authored by Fernando Quintero aka nonroot

X7 Chat versions 2.0.5 and below remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 39ef9682ce0dc16c45ccb63792eb60654cac2f859b0121185f5ccd3e962e460d
Debian Linux Security Advisory 1460-1
Posted Jan 14, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1460-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601
SHA-256 | 15fa8c37a84c4650b0057ddb1f483cac6bd377383f70e2bbe3482537af09de8a
Debian Linux Security Advisory 1459-1
Posted Jan 14, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1459-1 - It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.

tags | advisory, cgi, sql injection
systems | linux, debian
advisories | CVE-2008-0173
SHA-256 | 46c3e291053b62c8aa599099c781e01b50fc301f5004cbe793852f1d8f556e1d
garment-lfi.txt
Posted Jan 14, 2008
Authored by Smasher

Garment Center suffers from a local file inclusion vulnerability in index.cgi.

tags | exploit, local, cgi, file inclusion
SHA-256 | dd75805444e5db8d161ce01da7de47d07ccf1013b33c66cfd8e358e510ee0fbf
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close