what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 52 RSS Feed

Files Date: 2005-10-06 to 2005-10-07

HP Security Bulletin 2005-10.30
Posted Oct 6, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Event Correlation Services (OV ECS). This vulnerability could be exploited remotely by an unauthorized user to gain privileged access.

tags | advisory
SHA-256 | 0c3b278dbe00961ed19657d343f63bf4e1a9235d41754880eb43e2a5e7d164b3
Gentoo Linux Security Advisory 200510-3
Posted Oct 6, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-03 - Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. This bug only affects immodule-enabled Qt (if you build Qt 3.3.2 or later versions with USE=immqt or USE=immqt-bc). Versions less than 0.4.9.1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | ea4acc71ec08b5ce0d6f8f319ba77aca9e581d4007fa08745e75d7264c2f8fc4
dimva2006.txt
Posted Oct 6, 2005
Site dimva.org

CALL FOR PAPERS - DIMVA 2006. The special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual conference that brings together experts from throughout and outside of Europe to discuss the state of the art in the areas of intrusion detection, malware detection, and vulnerability assessment.

tags | paper, conference
SHA-256 | 131929771f0e66b9ffb551a9119d151dc02dec2bab80e5ac33d36bd4fccea7a5
THC-Scan-2.01.zip
Posted Oct 6, 2005
Authored by van Hauser, thc | Site thc.org

THC-Scan is a wardialer that works under DOS, Win95/98/NT/2K/XP, and all DOS emulators (UNiX) on all 80x86 processors. It has ODBC databank support, completely automated tone, carrier, vmb scanning, and a large palette of tools included. Comes with full source code and has an interface for usage with Scavenger Dialer and THC-Login Hacker.

Changes: THIS IS A THC - TAX - 10TH ANNIVERSARY RELEASE. Recompiled to run on modern computers without problems. Changes:
systems | windows, unix
SHA-256 | ee3a45ee608dbaca82695a4af5481928c304cf3ba9b98fb67e72f4cfd9f555e9
hydra-5.0-src.tar.gz
Posted Oct 6, 2005
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: THIS IS A THC - TAX - 10TH ANNIVERSARY RELEASE. Speed improvements for modules, various module and support additions, and a fix for the VNC module.
tags | web, cracker, imap
systems | cisco
SHA-256 | baec613ba084bd795a12343572664aa980735a780e840159830a14761dfb21f0
Debian Linux Security Advisory 842-1
Posted Oct 6, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 842-1 - Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval() statements.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2005-2498
SHA-256 | de954d71c9d226cbf7f9bce5488f5252c12b1c9a91c9c401b46a1df9d5abdfb4
Ubuntu Security Notice 193-1
Posted Oct 6, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-193-1 - Joxean Koret discovered that the SVG import plugin did not properly sanitize data read from an SVG file. By tricking an user into opening a specially crafted SVG file, an attacker could exploit this to execute arbitrary code with the privileges of the user.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2966
SHA-256 | 63be081fa84dc469efc35576b5fce8117607be20e1acecaacb7731eb45618c31
no-nx.pdf
Posted Oct 6, 2005
Authored by Sebastian Krahmer

x86-64 buffer overflow exploits and the borrowed code chunk exploitation technique. Whitepaper describing NX technology and its limitations. It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures.

tags | paper, overflow, x86
systems | linux
SHA-256 | b0c251d6ab0e7d35b001203d842192143611eb73e2e95273a80273ed88afccba
amap-5.2.tar.gz
Posted Oct 6, 2005
Authored by van Hauser, thc, DJ Revmoon | Site thc.org

Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!

Changes: THIS IS A THC TAX ANNIVERSARY SPECIAL RELEASE. Some improvements and fingerprint additions.
tags | tool, protocol
SHA-256 | 0ca1d5e9feab7d44af39dc058a688a0636f8e798315ee742847c4057e4467fb6
cirt-38-advisory.pdf
Posted Oct 6, 2005
Authored by Dennis Rand | Site cirt.dk

CIRT Advisory - The Windows XP tftp.exe software is vulnerable to a local heap-based overflow that can allow for arbitrary command execution.

tags | advisory, overflow, arbitrary, local
systems | windows
SHA-256 | a8b7da25ca4b7658dd50dc3b1893ee3edc740f50149d2a1c34212bde7393a12b
kaspersky.pdf
Posted Oct 6, 2005
Authored by Alex Wheeler

The Kaspersky Antivirus Library provides file format support for virus analysis. During analysis of cab files, Kaspersky is vulnerable to a heap overflow allowing attackers complete control of the system(s) being protected. This vulnerability can be exploited remotely without user interaction in default configurations through common protocols such as SMTP, SMB, HTTP, and FTP.

tags | advisory, web, overflow, protocol, virus
SHA-256 | af434396cefd4db1acc36d0c3508f05a3a6511670795823b7bdb6f62ac153685
SInAR-0.3.tar.bz2
Posted Oct 6, 2005
Authored by Archim

SInAR Solaris rootkit version 0.3. Invisible kernel based rootkit for Solaris 8, 9, and 10. Special TAX release.

tags | tool, kernel, rootkit
systems | unix, solaris
SHA-256 | d19a7369d535bfb1d5a9c52d35003d81004f06539310402f8bee2e3b37e4db14
Gentoo Linux Security Advisory 200510-2
Posted Oct 6, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-02 - Mike Frysinger of the Gentoo Security Team discovered that mpeg_encode and the conversion utilities were creating temporary files with predictable or fixed filenames. The 'test' make target of the MPEG Tools also relied on several temporary files created insecurely. Versions less than 1.5b-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-3115
SHA-256 | 5033c5ef536d880f20ee8134ac8e1e0ae932bb849507425249ba3e943875b8bc
Gentoo Linux Security Advisory 200510-1
Posted Oct 6, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-01 - Eric Romang discovered that gtkdiskfree insecurely creates a predictable temporary file to handle command output. Versions less than 1.9.3-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2918
SHA-256 | 0933616bc0e417b38dd973522d0b3bda2f7b447ddcf989ed7aad3a94e41d52ef
netforceNIS.txt
Posted Oct 6, 2005
Authored by bambenek

The NetFORCE 800 version 4.02 M10 will happily send the NIS password map of any domain it is bound to when mailing off diagnostic e-mails.

tags | advisory
SHA-256 | b36910c0efc174c8e0574bb07eedd12da80312b064f9445817416c843fce68e0
bugzillaLeaks.txt
Posted Oct 6, 2005
Authored by Joel Peshkin, Myk Melez, Frederic Buclin, Max Kanat-Alexander

Bugzilla versions below 2.20 are susceptible to multiple information leaks.

tags | advisory
SHA-256 | 57cd438a2820f029676c4439a217c2b29e6b506f7b887a2dd556c7fb869285db
iDEFENSE Security Advisory 2005-09-30.t
Posted Oct 6, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 09.30.05 - Remote exploitation of a format string vulnerability in RealPix (.rp) file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code. The vendor has indicated that the following versions are vulnerable: Linux RealPlayer 10 (10.0.0 - 10.0.5), Helix Player (10.0.0 - 10.0.5).

tags | advisory, remote, arbitrary
systems | linux
advisories | CVE-2005-2710
SHA-256 | 9bdd1cc76bdebd29318308f31dd055e8176a0677b12b4f7c5c6445220254b127
ctxpoliciesbypass.txt
Posted Oct 6, 2005
Authored by Gustavo Gurmandi | Site grupoitpro.com.ar

A vulnerability in Citrix Metaframe Presentation Server versions 3.0 and 4.0 allows for users to bypass policy restrictions.

tags | exploit
SHA-256 | 6b9a55689bfeff034be1de217d8057adaeb0238030aeb793f03081eea1819363
filezilla-pwdump-0.1.zip
Posted Oct 6, 2005
Authored by pagvac aka Adrian Pastor | Site adrianpv.com

FileZilla PWDump is a utility that dumps all FileZilla (client) credentials from the Windows Registry and decrypts the passwords. It also extracts the passwords from the XML config file as well. It should work on FileZilla client versions 2.2.15 and below.

tags | cracker, registry
systems | windows
SHA-256 | 68e8f489f7f32b667c3a2160064c5724df981af935198408fb31107faf4afe52
fileZillaDisclose.txt
Posted Oct 6, 2005
Authored by Adrian Pastor | Site adrianpv.com

The FileZilla client versions 2.2.15 and below suffer from a local credential compromise vulnerability due to improper storage.

tags | advisory, local
SHA-256 | b25fd57dbac01135b458f4ef6c6bb6f19a6c44cfc31b81c5109a0ffe085b399e
guppyTraverse.txt
Posted Oct 6, 2005
Authored by Josh Zlatin

Guppy versions less than 4.5.6a suffer from a directory traversal flaw.

tags | exploit
SHA-256 | 0c4d9e03b254b7559762e6468588ce209b31b09e1710113e432ea53258356eb2
MerakXSS.txt
Posted Oct 6, 2005
Authored by ShineShadow

Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 is susceptible to cross site scripting and directory traversal attacks.

tags | exploit, web, xss
SHA-256 | a0a49a496636848c11c3e27df73bf5ffba8ac7698a0b882fac40d3b214bcb41e
Secunia Security Advisory 17063
Posted Oct 6, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged a vulnerability in cpio included in some products, which can be exploited by malicious, local users to disclose and manipulate information.

tags | advisory, local
SHA-256 | 54e8fc258854844e0aea9b3628f054dea4d7d4704cb60899143fa96fa6453349
Secunia Security Advisory 17068
Posted Oct 6, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for arc. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to gain access to sensitive information and perform certain actions on a vulnerable system with escalated privileges.

tags | advisory, local
systems | linux, debian
SHA-256 | 078e629baec609e1667fbb7bf4ef0a26cce894c750666f14e7d64a3a5a2ef65f
Secunia Security Advisory 17069
Posted Oct 6, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in the ls program included in some products, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 1a4fd0c8c528cd0e8e88ebc47d522f9175289be167815bea0c6a9cbb2a4c0d75
Page 2 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close