what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2004-07-02 to 2004-07-03

cart32XSS.txt
Posted Jul 2, 2004
Authored by Dr Ponidi

Cart32 suffers from an input validation flaw that allows for cross site scripting attacks.

tags | advisory, xss
SHA-256 | f8106fd151c332f8cfb901effa0b209c6a4fea390a67c49519fe4d51dab84f71
regentryHelp.txt
Posted Jul 2, 2004
Authored by Drew Copley | Site eeye.com

A tweak that can be made to the Windows Registry that will help prevent exploitation of the Shell.Application bug found in Microsoft Internet Explorer.

tags | shell, registry
systems | windows
SHA-256 | 108987d18eacf19be4860b3c4dec37593b21417314f5d3af2a35f49b6405c391
drcat.c
Posted Jul 2, 2004
Authored by Taif

Exploit for a buffer overflow in drcatd 0.5.0 beta. This may allow for command execution when the system administrator has assumed that only read access to files has been granted, but as it requires a valid username and password, this is unlikely to ever be a high-risk exploit.

tags | exploit, overflow
SHA-256 | 0155b39c65536150f635524e364054ab87c6d89aece5942882b50c8ecf65b315
screenos-av-xss-2.txt
Posted Jul 2, 2004
Site juniper.net

Sending an infected ZIP archive with a filename containing HTML or Javascript may allow for a Cross-site scripting attack to be performed.

tags | advisory, javascript, xss
SHA-256 | e98c2ee1de4d3a879b43ce2ddf5143f9bf2e65e1f9e497e582b0b79f6f497eba
XSR1800.txt
Posted Jul 2, 2004
Authored by Frederico Queiroz

Enterasys XSR-1800 Security Routers crash when passing a packet with the option record route.

tags | advisory
SHA-256 | 2576ea2745b4c9b63c20df5dc272fb16b20cf34707df1e32177222148f296bb2
Technical Cyber Security Alert 2004-184A
Posted Jul 2, 2004
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA04-163A - A class of vulnerabilities in IE allows malicious script from one domain to execute in a different domain which may also be in a different IE security zone. Attackers typically seek to execute script in the security context of the Local Machine Zone (LMZ).

tags | advisory, local, vulnerability
SHA-256 | 3018d809ec8c33d9aa35d9849eecffaa33b0b52cd7f226d20950eb53870042b3
IBM-WebSphere-Edge-Server-DOS.txt
Posted Jul 2, 2004
Authored by Leandro Meiners | Site cybsec.com

CYBSEC Security Advisory - A vulnerability has been discovered that allows a remote attacker to generate a denial of service condition against the IBM WebSphere Edge Component Caching Proxy. If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters. Affected systems: WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective.

tags | advisory, remote, web, denial of service
SHA-256 | a94bce55cdff38e98dc5afca9cd308f0f3e7bef5a5d9d2931d475ac1018b3c85
200420kernel.txt
Posted Jul 2, 2004
Site suse.com

SuSE Security Announcement - A problem exists in the Linux kernel 2.4 and 2.6 series where missing Discretionary Access Control (DAC) in the chown(2) system call allow an attacker with a local account the ability to change the group ownership of arbitrary files.

tags | advisory, arbitrary, kernel, local
systems | linux, suse
advisories | CVE-2004-0495, CVE-2004-0496, CVE-2004-0497, CVE-2004-0535, CVE-2004-0626
SHA-256 | 016299baba8db03cb7e0aa77aab766ca6012636db94e2bb330a1d595585702a8
Gentoo Linux Security Advisory 200407-1
Posted Jul 2, 2004
Authored by Gentoo | Site gentoo.org

Tavis Ormandy has discovered a vulnerability in esearch for Gentoo Linux, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the eupdatedb utility creating the temporary file /tmp/esearchdb.py.tmp insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user invoking the utility.

tags | advisory, arbitrary, local
systems | linux, gentoo
SHA-256 | e59e3827b241da0be587c4f5008b80fa8f0fb686c731080a1ab72a5fff0eff55
Secunia Security Advisory 11986
Posted Jul 2, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in RSBAC, potentially allowing malicious, local users to escalate their privileges. One allows a malicious user the ability to switch the AUTH module off. This affects 1.0.8 through 1.2.2. The other allows users to create suid and sgid files. This affects 1.2.2.

tags | advisory, local, vulnerability
SHA-256 | 633262110f5ba297563fe0517966a9ebcee625e2740b1a125c4e2e94a53f290a
IBMispy.txt
Posted Jul 2, 2004
Site www-1.ibm.com

The IBM Informix I-Spy product has a flaw where the runbin executable present in the bin directory has set userid permission for user root. As a result, there is a potential for users to gain root access.

tags | advisory, root
SHA-256 | bc36c843c1b96aaeff7b62efae064641618eaf3e5b059409abc2a9e55ab081d1
iDEFENSE Security Advisory 2004-07-01.t
Posted Jul 2, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure Vulnerability - An input validation vulnerability in Qbik WinGate allows attackers to retrieve arbitrary system files.

tags | advisory, arbitrary, info disclosure
advisories | CVE-2004-0577, CVE-2004-0578
SHA-256 | 417320e1f292817c15b6064e01b1e073aa5c59b5092bbb34c19aff8a1b0dd3b3
SCIphoto.txt
Posted Jul 2, 2004
Authored by Donato Ferrante | Site autistici.org

SCI Photo Chat Server version 3.4.9 is susceptible to a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 8575e09aa1bcbc883017a75c4aa4d09bca783a470652829a1020c77a2876379e
easy12.txt
Posted Jul 2, 2004
Authored by Donato Ferrante | Site autistici.org

Easy Chat Server version 1.2 is susceptible to multiple denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
SHA-256 | c14351e99bc7c75e715099537ef5a044db63e359260141a3b392bcedcdb5a32d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close