exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 72 RSS Feed

Files Date: 2007-01-24

Ubuntu Security Notice 413-1
Posted Jan 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 413-1 - A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2006-6899
SHA-256 | 834f72f161cb8c4ad8db8173e5a61b0920888eac4654a8f11bdb5d8862c92b39
Ubuntu Security Notice 412-1
Posted Jan 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 412-1 - Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-0159
SHA-256 | 75b01f4e95484735f0268d67b3306e71226620a309e2561ff38b6f456e600f2c
Gentoo Linux Security Advisory 200701-20
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-20 - When interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer overflow. Versions less than or equal to 4.21.0-r2 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | a1f7767dbb2d379cb09fc4180b478e63b2d36e5bba8701fac6befa6f250e33f1
Mandriva Linux Security Advisory 2007.026
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL. Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload. Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-0247, CVE-2007-0248
SHA-256 | 11540046c10ad3af9debd60876f59d47e79624788a04c5462e7c0ac8c1a3673c
Gentoo Linux Security Advisory 200701-19
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-19 - Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a directory in /tmp during installation allowing for directory traversal. Versions less than 2.1.30-r10 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 5468113777086781392051d7368fa75858c1ae56199c6ef6e639886a4a0c0f44
Ubuntu Security Notice 411-1
Posted Jan 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 411-1 - Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications using libsoup by sending a crafted HTTP request, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-5876
SHA-256 | 78466fc80920f0fd557bd484850d7ec3e2c3194723ffe8f0d8018cd2ed6fb697
Gentoo Linux Security Advisory 200701-18
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-18 - Due to the improper handling and use of format strings, the errors_create_window() function in errors.c does not safely write data to memory. Versions less than 0.99.5_pre20060716 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 8c21d5b78b307ad1d75637fd491cecc5c3b4b07b492ec0dd2ef3b403bf8e6d86
Mandriva Linux Security Advisory 2007.025
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A slew of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2005-3272, CVE-2006-0741, CVE-2006-2446, CVE-2006-3741, CVE-2006-4145, CVE-2006-4535, CVE-2006-4813, CVE-2006-4997, CVE-2006-5619, CVE-2006-5749, CVE-2006-5754, CVE-2006-6106
SHA-256 | e7b641de127f69ce0a081b499798c0bf28627c5b51adffd9f4484360bf668fc8
SUSE-SA-2007-012.txt
Posted Jan 24, 2007
Site suse.com

SUSE Security Announcement - This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. Additionally the 10.2 package needed a fix for another DoS bug and for max_user_ip handling in ntlm_auth.

tags | advisory
systems | linux, suse
advisories | CVE-2007-0247, CVE-2007-0248
SHA-256 | 1469a0f69055d3f88f2ea053c782a2513e948289eac73e651405ac77e1c5e98b
Echo Security Advisory 2007.62
Posted Jan 24, 2007
Authored by y3dips, Echo Security | Site echo.or.id

Upload Service version 1.0 suffers from a remote file inclusion flaw.

tags | exploit, remote, file inclusion
SHA-256 | ba0bfa958df599ce727eaf211393014b2e9944204f9b13abb3650607af4ea8ee
Gentoo Linux Security Advisory 200701-17
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-17 - Liu Qishuai discovered that glibtop_get_proc_map_s() in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause the buffer to overflow on the stack. Versions less than 2.14.6 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | ee1a93bedee22e4acbb3bbdddfac57e9eecf06c73b90cde4089d6ae5ae2fb12e
SyScan07-CFP.txt
Posted Jan 24, 2007
Site syscan.org

SyScan 07 Call For Papers - The Symposium on Security for Asia Network (SyScan) aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan intends to be a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate, in Singapore, the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.

tags | paper, conference
SHA-256 | 3a1ef440f328035f1853d850e904335dc8991db7c0a9b0d2b5889999028ed6ec
Mandriva Linux Security Advisory 2007.024
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.

tags | advisory, remote, denial of service, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2007-0104
SHA-256 | ad52671748d44b66eb8be6798b1b0881f0e6bf8f92e2ecb7487b826152d5b76b
Gentoo Linux Security Advisory 200701-16
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions less than 7.0.9 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
SHA-256 | 5b407216e87ea84e50448fe21e241bece83b951de5dd418880925a300925fb69
Gentoo Linux Security Advisory 200701-15
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-15 - Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Versions less than 1.4.2.13 are affected.

tags | advisory, java, overflow, vulnerability
systems | linux, gentoo
SHA-256 | 63830323e08b92fc6b4b1f109445b2c51b1e53ed641374b3a9b53574564d0cde
Gentoo Linux Security Advisory 200701-14
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-14 - Mod_auth_kerb improperly handles component byte encoding in the der_get_oid() function, allowing for a buffer overflow to occur if there are no components which require more than one byte for encoding. Versions less than 5.0_rc7-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | 88dd7ce1d595e333c09159258811c30bc62e956ecedb085b66b98b5b09190992
Technical Cyber Security Alert 2007-23A
Posted Jan 24, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-022A - The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

tags | advisory, java, remote, arbitrary, vulnerability
advisories | CVE-2007-0243, CVE-2006-6745, CVE-2006-6731
SHA-256 | 436ac73973feffa44cc829c5d34b78dc1d943464a304bd115115b88395122383
bitweaver-xss.txt
Posted Jan 24, 2007
Authored by CorryL | Site x0n3-h4ck.org

Bitweaver version 1.3.1 is susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 3c529894f4f1dae48debfb510b1132234ee5cd8c473db9dfd614319f61e4c675
mssploit.txt
Posted Jan 24, 2007
Authored by porkythepig

Microsoft Visual C++ 6.0 is prone to a stack based memory corruption vulnerability during the processing of .RC resource files. Exploit included.

tags | exploit
SHA-256 | 8696e5a5416cd2f40b051e194616ca6a631f2a6140fa34b75255ec156816cf72
checkpoint-bypass.txt
Posted Jan 24, 2007
Authored by Nir Goldshlager, Roni Bachar

Check Point Connectra End Point is susceptible to a bypass flaw.

tags | exploit, bypass
SHA-256 | 9c4bd92a1c99cc73f4cff85e7926a401ced28074124ee8b438d2858e5df2c682
fishcart-sql.txt
Posted Jan 24, 2007
Authored by laurent gaffie | Site s-a-p.ca

Fish Cart is susceptible to SQL injection attacks.

tags | exploit, sql injection
SHA-256 | 2a6bbf15f38a3aa2d131fc77d3ed42070f0ce7357d7ee50f55e87b2ad61f7727
MOAB-23-01-2007.pct
Posted Jan 24, 2007
Authored by LMH | Site projects.info-pull.com

Month of Apple Bugs - A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. This is the proof of concept exploit in .pct format that demonstrates this vulnerability.

tags | exploit, proof of concept
systems | apple
advisories | CVE-2007-0462
SHA-256 | cae45c1818004c6d0fa86b4df9d9713a53b3af47e14c3b7813983523855384ba
MOAB-22-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, root, proof of concept
systems | apple
advisories | CVE-2007-0023
SHA-256 | 649846dcedfd17c9b293d5b586249ab6641f7f2f4b7077ce8728d64523c3794e
MOAB-21-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, arbitrary, shell, root, proof of concept
systems | apple
advisories | CVE-2007-0022
SHA-256 | bc6a6482959f9f36bea4aefc8de705de29960037c93a88c4c71f6382b1e18c26
MOAB-20-01-2007.tgz
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, denial of service, arbitrary, code execution, proof of concept
systems | apple
advisories | CVE-2007-0021
SHA-256 | c72c10a4e48008dc4508828d784627e557382e0c510236900986c74a82eab3f4
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close