what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 57 RSS Feed

Files Date: 2006-12-11

Secunia Security Advisory 23342
Posted Dec 11, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ajann and double0 have discovered two vulnerabilities in PhpLeague, which can be exploited by malicious people to compromise vulnerable systems.

tags | advisory, vulnerability
SHA-256 | ccbd92eea88876522dc84946d48dd84fd58fce0cd0e5d7a2737fdb3d12e2f50f
Secunia Security Advisory 23319
Posted Dec 11, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mr_KaLiMaN has discovered a vulnerability in Messageriescripthp, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site scripting attacks.

tags | advisory, xss, sql injection
SHA-256 | 556026bbafa4bb72403303e7d9b0b6d068b1a7c60f672413767b38047e1bfef0
Secunia Security Advisory 23295
Posted Dec 11, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Help Tip module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 1290b4972651f97b892ebf42dc80e4372b4a05d1323457b0e478731406e4ba46
Secunia Security Advisory 23302
Posted Dec 11, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aria-Security Team has reported a vulnerability in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | b0a7cf5ab17a8ebbc5541ef267ce1671ef07275a66cd0ae3cb6d4254d5644e9f
Secunia Security Advisory 22652
Posted Dec 11, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Ferguson has reported a vulnerability in IBM WebSphere Host On-Demand, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 7abb46a32f85dfcd2d693358da24436c5b39d4bb1bff041a57ac0637cd701ae0
XD100098.txt
Posted Dec 11, 2006
Authored by Rajesh Sethumadhavan

Google's Orkut suffers a cross site scripting vulnerability in Friends.aspx.

tags | exploit, xss
SHA-256 | 54f7fb968916a256650f6619e9ef894ef3d49e1e3ea0afc583c17ce227f4b391
secunia-aolcddb.txt
Posted Dec 11, 2006
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.

tags | advisory, overflow, arbitrary, registry, activex
SHA-256 | e3b72455fae8d556eade84f6b95183d9fb3856484b23d09de4ad46012248b887
secunia-meimap.txt
Posted Dec 11, 2006
Authored by JJ Reyes | Site secunia.com

Secunia Research has discovered a vulnerability in MailEnable Professional Edition version 2.35, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing data sent to the IMAP server. This can be exploited to cause a stack-based buffer overflow by first sending a command in the "Not Authenticated" state (e.g. "login" command) with a specially crafted parameter to make the IMAP service wait for more incoming data and then sending an overly long string (greater than 512 bytes).

tags | advisory, overflow, imap
advisories | CVE-2006-6423
SHA-256 | 50845d9664d4795bef5673fb158d9b6f36ae9ac4b5a0fc08c947afcdd0f0ba55
coldfusionMX7.txt
Posted Dec 11, 2006
Authored by Brett Moore SA | Site security-assessment.com

ColdFusion MX7 suffers from path disclosure, internal IP address disclosure, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 55f86e7929a884f0b6dd3f764aaf710b98410a62ad57cf00d38bfc635592b514
winamp7513.txt
Posted Dec 11, 2006
Authored by Luigi Auriemma | Site aluigi.org

Winamp Web Interface versions 7.5.13 and below suffer from buffer overflow, directory traversal, and file extension bypass vulnerabilities.

tags | exploit, web, overflow, vulnerability
SHA-256 | b6d39a0ed8bf2392f5a542363514335b444bec94eeaab3c0764f8dfc8ddd9a1f
RFIDIOt-0.1i.tgz
Posted Dec 11, 2006
Authored by Adam Laurie | Site rfidiot.org

RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).

Changes: Read/Write Decode/Encode FDX-B (EM4x05 - ISO11784/5 'animal') tags (to Q5 or Hitag2). Read/Write Decode/Encode EM4x02 'Unique' tags (to Q5). Updated GUI for e-passports.
tags | tool, python, wireless
SHA-256 | f7a557d1d7629d43f156797a46704123e0578b55fa26893a8e1e21966d6eb64e
sqlninja-0.1.1.tgz
Posted Dec 11, 2006
Authored by icesurfer | Site sqlninja.sourceforge.net

sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.

Changes: Fingerprinting of the remote server, bruteforce of sa password, privilege escalation if sa password found, creation of a custom xp_cmdshell if the original one has been disabled.
tags | tool, remote, web, shell, scanner, perl, vulnerability, sql injection
systems | unix
SHA-256 | 5c8f9dbd2871c17777b26f9f1da10ac0a5d1fea40e3cb8292a2e858940d4e91c
dada-shared.txt
Posted Dec 11, 2006
Authored by Hagbard Celine

Due to a poor regular expression in FilesMatch in DadaIMC, arbitrary files can be uploaded and executed as PHP code.

tags | advisory, arbitrary, php
SHA-256 | 69ba2b17e70b67cd3adbb888cdc09d556212c484e2b2bda33594d66adc41c10c
fuzzer-joxean.tgz
Posted Dec 11, 2006
Authored by Joxean Koret

Two fuzzers written in Python. One is for PostgreSQL and one is for Informix.

tags | python, fuzzer
SHA-256 | af75ebb6e79ccd3bd1ad92b298d15a7e2ac9de795241f8cfa6b826f5bf9a6938
Debian Linux Security Advisory 1233-1
Posted Dec 11, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1233-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-3741, CVE-2006-4538, CVE-2006-4813, CVE-2006-4997, CVE-2006-5174, CVE-2006-5619, CVE-2006-5649, CVE-2006-5751, CVE-2006-5871
SHA-256 | abdb183f40070b89b9064b102b9d38042eed09878c658ed2ab595012212bb014
Gentoo Linux Security Advisory 200612-3
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory - The Resolution proposed in the original version of this Security Advisory did not correctly address the issue for users who also have GnuPG 1.9 installed.

tags | advisory
systems | linux, gentoo
SHA-256 | 28300367f0f1980b052817aa44ab90bb7814ba8c9c0852f0c6a9f449408932be
Gentoo Linux Security Advisory 200612-9
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-09 - Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encode_ie() and the giwscan_cb() functions from ieee80211_wireless.c. Versions less than 0.9.2.1 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | c4cc14a0242dcdd4b4ae7f95cac8ae6f9faf9af0fa3a0a756466818a01d755dc
Gentoo Linux Security Advisory 200612-8
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-08 - The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution. Versions less than 1.0.6 are affected.

tags | advisory, arbitrary, javascript, code execution
systems | linux, gentoo
SHA-256 | 61b0cfd1549aa75f25e12455e972f0d4d7dbdcf3db623941ce5be694e3a888bc
Gentoo Linux Security Advisory 200612-7
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-07 - Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary release of Mozilla Firefox is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | d29a4e949c4e6c623ca1e6c3bd4d19212dfc4cba2c61f35fbaee4ea84281a475
Gentoo Linux Security Advisory 200612-6
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-06 - It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.

tags | advisory, overflow, javascript
systems | linux, gentoo
SHA-256 | a4a757f65aeee78aefd96ff6331df1d3b3655a661d4175732c7163d5d331f69a
Gentoo Linux Security Advisory 200612-5
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-05 - Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint) file without proper sanitizing, resulting in an integer overflow subsequently overwriting the heap with parts of the file being read. Versions less than 1.5.0 are affected.

tags | advisory, overflow
systems | linux, gentoo, ubuntu
SHA-256 | a3d683d3deb8544801f40db173ea37a597a3bc75de4e2f4e2976fa67684f87f9
Gentoo Linux Security Advisory 200612-4
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-04 - Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the CSoundFile::ReadSample() function in sndfile.cpp. Versions less than 0.8-r1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 9cc79aaa1aefdc8b1b95acd0b11e41c6a5abd1dabe839cbf312ab07616ed737b
Gentoo Linux Security Advisory 200612-3
Posted Dec 11, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-03 - Hugh Warrington has reported a boundary error in GnuPG, in the ask_outfile_name() function from openfile.c: the make_printable_string() function could return a string longer than expected. Additionally, Tavis Ormandy of the Gentoo Security Team reported a design error in which a function pointer can be incorrectly dereferenced. Versions less than 1.4.6 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 7d3d8421e9e44d6b109815c5c9659a27a917b90ca3eac250aa8a4056eb89c4da
Debian Linux Security Advisory 1232-1
Posted Dec 11, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1232-1 - Stephen Gran discovered that malformed base64-encoded MIME attachments can lead to denial of service through a null pointer dereference.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2006-5874
SHA-256 | 14f8511a595499af5c1bc9b288fba4ac69f2c0272a26d6083dda6aab67fdfab7
Debian Linux Security Advisory 1231-1
Posted Dec 11, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1231-1 - Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitizing function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2006-6169, CVE-2006-6235
SHA-256 | f67a2d1c90c023729e0ddced605f0a8606af3720511cb5300dd9784ea2090aa4
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close