what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2008-04-21

D2T2_-_Benjamin_Hagen_and_Walter_Goulet_-_Real_World_Attacks_Against_3G_Networks_Using_Subscriber_Devices.zip
Posted Apr 21, 2008
Authored by Walter Goulet, Benjamin Hagen | Site conference.hitb.org

Real World Attacks Against 3G Networks Using Subscriber Devices - Cellular networks, like any other data network, requires careful attention to network design such as proper segmentation of subscriber generated traffic from network management and signaling traffic. This presentation discusses an attack penetration method using only standard subscriber equipment to compromise an operator network.

SHA-256 | c2b5f9e80c71804ccb26604ad9550c6930b0b9297f7d33af74c0487029f4cf46
RDdbenum.py.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
SHA-256 | 3425a7a46022a1d5c00c940d64eb2be9302b2e7ef356f8e16b7bbc1869f47731
reddot-sql.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below suffer from a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
SHA-256 | b97bd24c53768c65b163383bb33684f6375c1f7cb5294f4c72c3f30ea93c2ed8
adobealbum-overflow.txt
Posted Apr 21, 2008
Authored by c0ntex | Site open-security.org

Adobe Photoshop Album Starter, Adobe After Effects CS3, and Adobe Photoshop CS3 all suffer from a local buffer overflow vulnerability. Included is an exploit for Album Starter version 3.2 on Microsoft Windows SP2 that launches calc.exe.

tags | exploit, overflow, local
systems | windows
SHA-256 | b9d39af85285018f275769b36f2ed7800d54726f4a9f858f9a4302a44dc409f9
metagoofil-1.4.tar.gz
Posted Apr 21, 2008
Authored by Christian Martorella | Site edge-security.com

Metagoofil is an information gathering tool designed for extracting the Meta-Data of public documents (pdf,doc,xls,ppt,etc) available on target/victim websites. It will generate a html page with the results of the Meta-Data extracted, plus a list of potential usernames.

Changes: This new version extracts the MAC address of Microsoft Office documents. The output has some changes and some minor fixes have been implemented.
tags | tool, forensics
SHA-256 | 609b999c777eaefa1a6f699b9382a29688351d4b790e6939a48541f3e48bf378
Mandriva Linux Security Advisory 2008-090
Posted Apr 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A heap overflow was discovered in OpenOffice.org's EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or potentially execute arbitrary code if the malicious EMF image was added to a document or if a document containing such an EMF file was opened. A heap overflow was discovered in the OLE Structured Storage file parser, a format used by Microsoft Office documents. An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or potentially execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-5746, CVE-2008-0320
SHA-256 | 2bb62176a085dc23e9d3bc3f1257d1be460d854adc482799532c6dd747d71fc0
trnews-sql.txt
Posted Apr 21, 2008
Authored by His0k4

TR News version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a08d90e45037ca25bc2be57ae78e00af2e7494748364244ce1d49906deb39784
smf_captcha.zip
Posted Apr 21, 2008
Authored by Michael Brooks | Site rooksecurity.com

Tool that demonstrates the breaking of Simple Machine Forum's audio CAPTCHA.

tags | exploit
SHA-256 | 4f20ba1d9a129152b8734b2e97bf6cddea6a9ca57ba17b3256a30b29ccdcf527
php_nuke_captcha.zip
Posted Apr 21, 2008
Authored by Michael Brooks | Site rooksecurity.com

Tool that demonstrates how the CAPTCHA used in PHP-Nuke version 8.1 can be deciphered with 100% accuracy.

tags | exploit, php
SHA-256 | b6a2d80689a601a1e69a0dc8960bbdc9c3765dfc74c229767bceb218d7547ada
crazygoomba-sql.txt
Posted Apr 21, 2008
Authored by ZoRLu | Site yildirimordulari.org

Crazy Goomba version 1.2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 56b69b614bc70cceae174f76646e091651a70987bc529127216a80949c706723
TokenKidnapping.pdf
Posted Apr 21, 2008
Authored by Cesar Cerrudo

Whitepaper discussing token kidnapping on Microsoft Windows.

tags | paper
systems | windows
SHA-256 | 3aa72e11552701698d4dc68d94e3923dd75717343681d1d9ed97c4867016095a
acidcat-multi.txt
Posted Apr 21, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

Acidcat CMS version 3.4.1 suffers from multiple vulnerabilities including SQL injection, arbitrary upload, and cross site scripting flaws.

tags | exploit, arbitrary, vulnerability, xss, sql injection
SHA-256 | 70cc4c780fa6f9637e4830c96b6152f324e0bc1ce4da670a4128dc20933d34a9
incognito-v0.1.zip
Posted Apr 21, 2008
Authored by Luke Jennings | Site mwrinfosecurity.com

Incognito is a tool for manipulating windows access tokens and is intended for use by penetration testers, security consultants and system administrators.

systems | windows
SHA-256 | 5f9d0055d62788b46aef7bd2f7dfdf9bd0dc129a2629983a18937bdacc378f28
mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf
Posted Apr 21, 2008
Authored by Luke Jennings | Site mwrinfosecurity.com

This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.

tags | paper, vulnerability
systems | windows
SHA-256 | f23fe0277430389cbdd97c8c16d8eedd6520a0745f8fdc08b7c96f87a6131bf1
kubelance-lfi.txt
Posted Apr 21, 2008
Authored by Crackers_Child

Kubelance suffers from a local file inclusion vulnerability in ipn.php.

tags | exploit, local, php, file inclusion
SHA-256 | fa907df03c8948245c074f0065f524dc31ed079d9c8793f924496c5fb1ef1339
hostdir-cookie.txt
Posted Apr 21, 2008
Authored by Crackers_Child

HostDirectory Pro suffers from an insecure handling of cookies vulnerability.

tags | exploit
SHA-256 | a7039f5ff1f1e2be78d5fcf3ef5d1d3c327bbe2bf90e95865a334409d4ee15fb
apartmentsearch-sql.txt
Posted Apr 21, 2008
Authored by Crackers_Child

The Apartment Search Script suffers from a SQL injection vulnerability in listtest.php.

tags | exploit, php, sql injection
SHA-256 | 969bfa473f12c3c41ff9f81056eee1d277c8275d2740be6355ee8d65f6cafe6e
blogworx-sql.txt
Posted Apr 21, 2008
Authored by U238 | Site noexec.blogspot.com

BlogWorx version 1.0 suffers from a SQL injection vulnerability in view.asp.

tags | exploit, sql injection, asp
SHA-256 | af234ab103394b88d1bd0178b78a97f831462e70b8041247d7e74524caaf32a1
philboard1-sql.txt
Posted Apr 21, 2008
Authored by U238 | Site noexec.blogspot.com

W1L3D4 Philboard version 1.0 suffers from a SQL injection vulnerability in philboard_reply.asp.

tags | exploit, sql injection, asp
SHA-256 | 447406c4b09f1524c1aa9c43c2bf0a8abc607bb62f91ec93bbd5e558a95bcc50
Debian Linux Security Advisory 1553-1
Posted Apr 21, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1553-1 - It has been discovered that ikiwiki, a Wiki implementation, does not guard password and content changes against cross-site request forgery (CSRF) attacks.

tags | advisory, csrf
systems | linux, debian
advisories | CVE-2008-0165
SHA-256 | 84ceb6a428c173e3b4ce5ef0be96c6948470967c187a5c6be1e09a6ad6dd8025
Debian Linux Security Advisory 1552-1
Posted Apr 21, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1552-1 - It was discovered that the MPlayer movie player performs insufficient input sanitising on SDP session data, leading to potential execution of arbitrary code through a malformed multimedia stream.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2008-1558
SHA-256 | 8f580fd68f6db72ed316696a7c779cf425c03dcd6f12fa9f4cd9cd9f62eb917d
Debian Linux Security Advisory 1551-1
Posted Apr 21, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1551-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
SHA-256 | 125dbdc0245dce606427e75fa210615b2106ce661d3fa39ee19cc66bf7d20012
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Apr 21, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support for "Hash and URL" encoded certificate payloads has been implemented in the IKEv2 daemon charon. The IKEv2 daemon charon now supports the "uniqueids" option to close multiple IKE_SAs with the same peer. The new trustchain verification introduced in 4.2.0 has been parallelized. Various other fixes and improvements.
tags | kernel, encryption
systems | linux
SHA-256 | b31e5513aa5c6894cdc197d95f6ac1c2cc223109a32533d34f5d34179f9ea5dc
atter-lfi.txt
Posted Apr 21, 2008
Authored by KnocKout | Site cyber-warrior.org

Atter version 0.9.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 2d2dccfa5f445e15142a7ea66d61ecdcb18ed3477e4f49da0d2013566422ed83
xoopsall-sql.txt
Posted Apr 21, 2008
Authored by Cr@zy_King

XOOPS remote blind SQL injection exploit that takes advantage of Article.PHP.

tags | exploit, remote, php, sql injection
SHA-256 | ef2b0e4990596a7d54e3366d8ad7e69d19bcc4933091aa90f27ea595bca9c123
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close