exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 79 RSS Feed

Files Date: 2006-10-12

Hardened-PHP Project Security Advisory 2006-09.133
Posted Oct 12, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity. The successful exploitation of this integer overflow will result in arbitrary code execution. PHP versions below 4.3.0 and versions below or equal to 5.1.6 are affected.

tags | advisory, overflow, arbitrary, php, vulnerability, code execution
SHA-256 | ec8e254e359278ada7c7209a0ce800bd53ecd06b1fe162e057e7ae221c714a4c
adv51-K-159-2006.txt
Posted Oct 12, 2006
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

docmint versions 2.0 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | a0c7b84939f13db21ad594de02c24209c65e34d4ba1de8d997b2bbfde13a2418
Echo Security Advisory 2006.49
Posted Oct 12, 2006
Authored by Echo Security, the_day | Site advisories.echo.or.id

OpenDock Easy Doc versions 1.4 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | badb04c3ce6be21c211098e491c9b4f420efb0eefd601f13e3faadaacd048f83
Echo Security Advisory 2006.48
Posted Oct 12, 2006
Authored by Echo Security, the_day | Site advisories.echo.or.id

WebYep versions 1.1.19 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | c78bdefbc1dae9f14eea3fbf7cd950b7b90aff3e40d73d36081bdbe8b060aa8b
moodle162.txt
Posted Oct 12, 2006
Site w4ck1ng.com

Moodle version 1.6.2 is susceptible to SQL injection attacks.

tags | exploit, sql injection
SHA-256 | ab83aafcb1a80e45b5f61199d8f08c9b0aa433084e7397aedf4e972481cdb971
advancedpoll202.txt
Posted Oct 12, 2006
Authored by Pro Hacker | Site worlddefacers.de

Advanced Poll version 2.02 suffers from a remote file inclusion flaw.

tags | exploit, remote, file inclusion
SHA-256 | 775a3ba0a89139b7abf57dad5ba04d1e093acf472f02a8e0f22ce3dd6f7d5b8e
fastfind.txt
Posted Oct 12, 2006
Authored by Dr.Ninux

FastFind, a popular search engine script, suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f1db1bc006fd8a0164324d632851f81f09960b16cc54488567cc7c2197fb8625
freeforum097.txt
Posted Oct 12, 2006
Authored by XORON

FreeForum version 0.9.7 suffers from a remote file inclusion vulnerability in fpath.

tags | exploit, remote, file inclusion
SHA-256 | 6728ddba53df85522a8943962fe323622c6cf89499c5af8386692b70caf6d156
cahierSQL.txt
Posted Oct 12, 2006
Authored by S4mi

Cahier de textes version 2.0 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 24529c7424e1e0a700eb92385e2ac0b26c567cccebca25e9f3f36f7bdc122982
phpIncludes.txt
Posted Oct 12, 2006
Authored by DarkFig | Site acid-root.new.fr

TribunaLibre version 3.12 Beta, registroTL, compteur_v2, eboli, Jasmine-Web, and Foafgen version 0.3, and Album Photo Sans Nom version 1.6 all suffer from file inclusion and/or source disclosure flaws.

tags | exploit, web, file inclusion
SHA-256 | fb44f6368003084800507368239e17992af982ee426f8b3a2c2c562f28e1b07e
LSsec Security Advisory 2006-03-30
Posted Oct 12, 2006
Authored by LSsec | Site lssec.com

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due to incorrect handling of RPC requests on TCP port 6503. The interface is identified by dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 45 specifies the vulnerable operation within this interface.

tags | advisory, arbitrary, tcp
SHA-256 | 786dcb0aab2a7b5332e94432d40f3d7b873a2f0020678462fb2d59c95f65a2d7
LSsec Security Advisory 2006-03-30
Posted Oct 12, 2006
Authored by LSsec | Site lssec.com

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due to incorrect handling of RPC requests on TCP port 6503. The interface is identified by c246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 43 specifies the vulnerable operation within this interface.

tags | advisory, arbitrary, tcp
SHA-256 | bac777a2b617f5455ff0ea89400e1c5c70d728edb4255664ef723b36c1150731
LSsec Security Advisory 2006-03-30
Posted Oct 12, 2006
Authored by LSsec | Site lssec.com

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Discovery Service (casdscsvc.exe) due to incorrect handling of requests on TCP port 41523.

tags | advisory, arbitrary, tcp
SHA-256 | 5180f52c40007d64da06cf7ac9ed35d52281f0f71feab512634cc924c1abacd5
TOR Virtual Network Tunneling Tool 0.1.1.24
Posted Oct 12, 2006
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Major and minor bug fixes in this release.
tags | tool, remote, local, peer2peer
SHA-256 | f32cda1434a71fa5fe89197ff34fc4c29186ecdd92336b490e259a7627f96711
honeytrap-0.6.3.1.tar.gz
Posted Oct 12, 2006
Authored by Tillmann Werner | Site honeytrap.sourceforge.net

Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.

tags | tcp, system logging
systems | unix
SHA-256 | 819087444baea69dfe5d8042c090ab5b25b7bdafef0f03186555dd1cd6777800
phpbbViewed10.txt
Posted Oct 12, 2006
Authored by XORON

phpBB User Viewed Posts Tracker versions 1.0 and below suffer from a remote file inclusion vulnerability in phpbb_root_path.

tags | exploit, remote, file inclusion
SHA-256 | e294e3d8c5caf08520e102a3d211760e76814e801c71c4af08bb01cedf79ced7
emekportal21.txt
Posted Oct 12, 2006
Authored by Dj ReMix

Emek Portal version 2.1 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 05c46e0e7e15c544a35427c4ca20931c22cf4b0ed0d821fdf7f7b5ee8dc71576
lotusApplets.txt
Posted Oct 12, 2006
Authored by Jouko Pynnonen | Site klikki.fi

Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.

tags | advisory, java, vulnerability
SHA-256 | 188ae90a30e7d9541579af061add5af04f503a733924b2d8a5170fb390ddfcc7
wikyblog.txt
Posted Oct 12, 2006
Authored by Mohandko

WikyBlog versions 1.2.3 and below suffer from a remote file inclusion vulnerability in includeDir.

tags | exploit, remote, file inclusion
SHA-256 | e1884448d1059fbc5125f6a2404adbbf0d3f475aa9c3a37a5bc8d8a3b65549af
glsa-2006010-03.txt
Posted Oct 12, 2006
Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200610-03 - Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. Versions less than 4.2.4.1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 892e624aa587f103aa1f96a11e4fae8e999fe564ce78b22671210abbc2126cae
Ubuntu Security Notice 359-1
Posted Oct 12, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 359-1 - Benjamin C. Wiley Sittler discovered that Python's repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2006-4980
SHA-256 | 2eb7fa2cb5920c9d4ed29a10526a2cfe2e716856cddd8055969438f9b68b41ea
torrentfluxXSS.txt
Posted Oct 12, 2006
Authored by Steven Roddis | Site stevenroddis.com.au

Torrentflux version 2.1 suffers from a cross site scripting condition using the User-Agent as an attack vector.

tags | advisory, xss
SHA-256 | 0f07a88c880c17dce4534f254853cd0093f594d4d3c8c9cae9c901af8406bba9
freewps-exec.txt
Posted Oct 12, 2006
Authored by HACKERS PAL | Site soqor.net

Exploit for remote command execution due to a flaw in the Free WPS file upload functionality.

tags | exploit, remote, file upload
SHA-256 | 30207acd5983a119381e8419717106ca190465fc88f070c726f71a65b800d921
exploit-NAVENG-222AD3.rar
Posted Oct 12, 2006
Authored by Ruben Santamarta | Site reversemode.com

Local proof of concept exploit for the Symantec Antivirus Engine that requires no special privileges (6 of 6).

tags | exploit, local, proof of concept
SHA-256 | 68509c842fb90e2a10f16e9ed973d86f9ca2f8ef067098f0f12a95168742de80
exploit-NAVEX15-222AD3.rar
Posted Oct 12, 2006
Authored by Ruben Santamarta | Site reversemode.com

Local proof of concept exploit for the Symantec Antivirus Engine that requires no special privileges (5 of 6).

tags | exploit, local, proof of concept
SHA-256 | 7718ea0485483a8c51e5532e6a7026b9a70bee7575e9d782a7f39f146bb990f2
Page 1 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close