Section: .. / Last 100 Files /
| /// File Name: | john-1.7.3.1.tar.gz | Description:
| John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well. | | Author: | Solar Designer | | Homepage: | http://www.openwall.com/john/ | | Changes: | Corrected the x86 assembly files for building on Mac OS X. Merged in some generic changes from JtR Pro. | | File Size: | 814903 | | Last Modified: | Jul 18 20:43:09 2008 | | MD5 Checksum: | 6a2e174e71b2a220d5f8a34f1d2ce540 |
|
| /// File Name: | prelude-manager-0.9.14.tar.gz | Description:
| Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis. | | Homepage: | http://prelude.sourceforge.net | | Changes: | Some GnuTLS 2.2.0 support added, fixed a crash, and some other improvements. | | File Size: | 753987 | | Last Modified: | Jul 18 20:41:28 2008 | | MD5 Checksum: | ca47665fcf299732509459956297320b |
|
| /// File Name: | Software.Distribution.Malware.Infection.Vector.pdf | Description:
| This paper presents an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Their algorithm deploys virus infection routines and network redirection attacks, without requiring the modification of the application itself. This allows infection of executables with an embedded signature when the signature is not automatically verified before execution. They briefly discuss countermeasures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from other applications running in trusted domains or compartments. | | Author: | Felix Grobert | | Homepage: | http://groebert.org/felix | | File Size: | 223713 | | Last Modified: | Jul 18 17:30:01 2008 | | MD5 Checksum: | f0295501b1659600e2481f6a2cb082cb |
|
| /// File Name: | DSECRG-08-030.txt | Description:
| Claroline eLearning and eWorking Platform version 1.8.9 suffers from cross site scripting, unsigned redirect, and cross site request forgery vulnerabilities. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 3112 | | Last Modified: | Jul 18 17:20:57 2008 | | MD5 Checksum: | a1d98b6503e897b1b91cf0455730d9b4 |
|
| /// File Name: | smbclientparser-exec.txt | Description:
| The SmbClientParser perl module suffers from a vulnerability that allows for remote command execution. | | Author: | Jesus Olmos Gonzalez | | File Size: | 4479 | | Last Modified: | Jul 18 17:16:50 2008 | | MD5 Checksum: | 435e611466edb69599f8c7790d08fce3 |
|
| /// File Name: | defblog-sql.txt | Description:
| Def Blog version 1.0.3 suffers from multiple SQL injection vulnerabilities. | | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 1490 | | Last Modified: | Jul 18 17:05:27 2008 | | MD5 Checksum: | ba98e87788fb1251c1b9a4c5c9e1c82f |
|
| /// File Name: | MDVSA-2008-148.txt | Description:
| Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16. This update provides the latest Firefox to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 60625 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 18 04:33:13 2008 | | MD5 Checksum: | ab9dcc763cd53eb00f2102db6b1ca667 |
|
| /// File Name: | vim-filecreation.txt | Description:
| Vim version 5.0 through the current version suffer from an arbitrary code execution vulnerability via an insecure temporary file creation flaw. | | Author: | Jan Minar | | File Size: | 3242 | | Last Modified: | Jul 18 04:32:36 2008 | | MD5 Checksum: | e0aafe45a3a0e558f53b941ce10d137f |
|
| /// File Name: | communitycms-rfi.txt | Description:
| Community CMS version 0.1 remote file inclusion exploit. | | Author: | N3TR00T3R | | File Size: | 1086 | | Last Modified: | Jul 18 04:30:27 2008 | | MD5 Checksum: | 5df55fa6abc5ce6204ab218070e100d8 |
|
| /// File Name: | artic-sql.txt | Description:
| Artic Issue Tracker version 2.0.0 suffers from a remote SQL injection vulnerability in index.php. | | Author: | QTRinux | | Homepage: | http://www.root-qtr.com/ | | File Size: | 1648 | | Last Modified: | Jul 18 04:28:12 2008 | | MD5 Checksum: | 0a4064e074188391a95718b0872a3b80 |
|
| /// File Name: | precms-sql.txt | Description:
| preCMS version 1 suffers from a remote SQL injection vulnerability in index.php. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1481 | | Last Modified: | Jul 18 04:26:23 2008 | | MD5 Checksum: | 894dcd4216ceaff99c1e3e1c96dbc5af |
|
| /// File Name: | ZDI-08-044.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous free() while the object still exists. Properly manipulated this can result in arbitrary code execution under the context of the current user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3515 | | Related CVE(s): | CVE-2008-2785 | | Last Modified: | Jul 17 16:12:30 2008 | | MD5 Checksum: | 58c97cd821304abdbc467ae1ad85e405 |
|
| /// File Name: | ZDI-08-043.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption() function used while parsing the java-vm-args attribute of the j2se tag in xml based JNLP files. When a user downloads a malicious JNLP file, the vulnerable attribute is read into a static buffer. If an overly long value is defined by the java-vm-args attribute, a stack based buffer overflow occurs, resulting in an exploitable condition. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3501 | | Last Modified: | Jul 17 16:11:49 2008 | | MD5 Checksum: | cf0518925fb29057bec90deed667e775 |
|
| /// File Name: | ZDI-08-042.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the writeManifest() method of the CacheEntry class. A directory traversal flaw in this method allows the creation of arbitrary files on the target system. After the file has been created, a call to Runtime.getRuntime.exec() can be used to execute the file. | | Author: | Peter Csepely | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3411 | | Last Modified: | Jul 17 16:11:03 2008 | | MD5 Checksum: | 40bc93865482ae2445c34853dcd2207d |
|
| /// File Name: | USN-623-1.txt | Description:
| Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 22719 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 17 15:29:57 2008 | | MD5 Checksum: | 134f5257fe6d05be8b868a8de33caf4f |
|
| /// File Name: | SSRT080097-2.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6233 | | Related CVE(s): | CVE-2008-1665 | | Last Modified: | Jul 17 15:28:56 2008 | | MD5 Checksum: | 16bcd9b00ec4628549a66a8a61cc3f8c |
|
| /// File Name: | beaweblogic-exec.txt | Description:
| Bea Weblogic Apache Connector code execution and denial of service exploit. | | Author: | kcope | | File Size: | 3922 | | Last Modified: | Jul 17 15:25:37 2008 | | MD5 Checksum: | b89a6b3557f431c1bc3869e6de7751ab |
|
| /// File Name: | debopenssh-auth.txt | Description:
| It appears that there may be a privilege escalation vulnerability in OpenSSH under Debian due to how SELinux hands out roles. | | Author: | eliteb0y | | File Size: | 1247 | | Last Modified: | Jul 17 15:22:36 2008 | | MD5 Checksum: | 227a31a0b1018513db637838fb8a6b39 |
|
| /// File Name: | alstrasoftarticle-sql.txt | Description:
| AlstraSoft Article Manager Pro version 1.6 blind SQL injection exploit. | | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 1573 | | Last Modified: | Jul 17 15:20:38 2008 | | MD5 Checksum: | d9765f592b561b9ec388eeec697ab728 |
|
| /// File Name: | DSECRG-08-029.txt | Description:
| Dokeos E-Learning System version 1.8.5 suffers from a local file inclusion vulnerability. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 2928 | | Last Modified: | Jul 17 15:18:56 2008 | | MD5 Checksum: | 3e23f9ac98e5358667ca3e96dc1d5df6 |
|
| /// File Name: | SSRT080058.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning. | | Homepage: | http://www.hp.com/ | | File Size: | 6949 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 17 15:16:48 2008 | | MD5 Checksum: | 81ca5324ef291a1e31b9850373d3dca6 |
|
| /// File Name: | alstrasoftvideo-sql.txt | Description:
| AlstraSoft Video Share Enterprise version 4.5.1 suffers from a remote SQL injection vulnerability. | | Author: | Hussin X | | Homepage: | http://www.tryag.cc/ | | File Size: | 1852 | | Last Modified: | Jul 17 15:14:43 2008 | | MD5 Checksum: | a4b1f490f900ac79a6103d69caabf1c8 |
|
| /// File Name: | ppmate-dospoc.txt | Description:
| PPMate PPMedia Class ActiveX control buffer overflow proof of concept exploit. | | Author: | Guido Landi | | File Size: | 200 | | Last Modified: | Jul 17 15:13:36 2008 | | MD5 Checksum: | 4d9ad3253238356563e1b7be4ea643d7 |
|
| /// File Name: | phphoo3526-sql.txt | Description:
| phpHoo3 versions 5.2.6 and below suffer from a SQL injection vulnerability in phpHoo3.php. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1803 | | Last Modified: | Jul 17 15:12:31 2008 | | MD5 Checksum: | f12f4a4064162aecbff34b0314ae571a |
|
| /// File Name: | draft-ietf-tsvwg-port-randomization-01.txt | Description:
| This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP. | | Author: | Michael Vittrup Larsen, Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 43889 | | Last Modified: | Jul 16 20:13:04 2008 | | MD5 Checksum: | 3169ae2876e24bcbe919b97c4fecdeb4 |
|
| /// File Name: | openpro-rfi.txt | Description:
| openPro version 1.3.1 suffers from a remote file inclusion vulnerability. | | Author: | Ghost Hacker | | Homepage: | http://www.real-hack.net/ | | File Size: | 1675 | | Last Modified: | Jul 16 20:11:49 2008 | | MD5 Checksum: | 96d1323e7b6dbe45bc3aca9452b00112 |
|
| /// File Name: | dsa-1611-1.txt | Description:
| Debian Security Advisory 1611-1 - Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem. | | Homepage: | http://www.debian.org/security | | File Size: | 5021 | | Related CVE(s): | CVE-2008-2232 | | Last Modified: | Jul 16 20:04:36 2008 | | MD5 Checksum: | 667d150cda2558de83b99a4350f259eb |
|
| /// File Name: | DSECRG-08-028.txt | Description:
| Velocity Web Server version 1.0 suffers from a directory traversal / arbitrary file download vulnerability. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 2606 | | Last Modified: | Jul 16 20:04:20 2008 | | MD5 Checksum: | f7d76bff58337cf6b2b130888c9f4320 |
|
| /// File Name: | securing_a_webserver.txt | Description:
| Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache and Cpanel installed. | | Author: | QKrun1x | | File Size: | 21682 | | Last Modified: | Jul 16 20:03:24 2008 | | MD5 Checksum: | c48568dcf8bbd3abcdfa1033ce6b1f2c |
|
| /// File Name: | n.runs-SA-2008.003.txt | Description:
| Apple QuickTime versions prior to 7.5 suffer from a heap overflow vulnerability when handling PICT images. | | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 9491 | | Last Modified: | Jul 16 15:49:48 2008 | | MD5 Checksum: | 86cef345102da7283cb680756f7c7847 |
|
| /// File Name: | n.runs-SA-2008.002.txt | Description:
| The F-Prot Anti-Virus engine versions below 4.4.4 suffer form an out-of-bounds memory access denial of service vulnerability. | | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 5248 | | Last Modified: | Jul 16 15:48:37 2008 | | MD5 Checksum: | f9e5ad9d51dc0e30c8a0d4478a729c61 |
|
| /// File Name: | dsa-1544-2.txt | Description:
| Debian Security Advisory 1544-2 - Thomas Biege discovered that the upstream fix for the weak random number randomization did still not use difficult-to-predict random numbers. This is corrected in this security update. | | Homepage: | http://www.debian.org/security | | File Size: | 5057 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Jul 16 15:45:43 2008 | | MD5 Checksum: | 82e55904d542f28198d9499d43db9a50 |
|
| /// File Name: | SSRT080097.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6092 | | Related CVE(s): | CVE-2008-1665 | | Last Modified: | Jul 16 15:43:55 2008 | | MD5 Checksum: | a11f1f733768ff70d0e990e3269f40d2 |
|
| /// File Name: | netrw-exec.txt | Description:
| Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name. | | Author: | Jan Minar | | File Size: | 5137 | | Last Modified: | Jul 16 15:43:19 2008 | | MD5 Checksum: | 0a45093ff0e3eb716b14884b0b054a39 |
|
| /// File Name: | vim72b-exec.txt | Description:
| Vim versions greater than and equal to 7.2.a.013 suffer from an arbitrary code execution vulnerability using the shellescape() function. | | Author: | Jan Minar | | File Size: | 3450 | | Last Modified: | Jul 16 15:42:12 2008 | | MD5 Checksum: | 9315516bf2b023bbb2f7e8cdfb678067 |
|
| /// File Name: | alstrasoftaffiliate-sql.txt | Description:
| AlstraSoft Affiliate Network Pro suffers from a remote SQL injection vulnerability. | | Author: | Hussin X | | Homepage: | http://www.tryag.cc/ | | File Size: | 1534 | | Last Modified: | Jul 16 15:39:19 2008 | | MD5 Checksum: | 3d78c40d281413d6d57d051186f49b8c |
|
| /// File Name: | tplsoccersite-sql.txt | Description:
| tplSoccerSite version 1.0 suffers from multiple remote SQL injection vulnerabilities. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2296 | | Last Modified: | Jul 16 15:38:15 2008 | | MD5 Checksum: | 0f73071b45c84fd3fb1f878a415b03f7 |
|
| /// File Name: | joomladtr-sql.txt | Description:
| The Joomla DT Register component suffers from a remote SQL injection vulnerability. | | Author: | His0k4 | | File Size: | 874 | | Last Modified: | Jul 16 15:37:25 2008 | | MD5 Checksum: | 57a66a09fc658028ae35b0c7e0b1c884 |
|
| /// File Name: | phpizabi-exec.txt | Description:
| PHPizabi version 0.858b C1 HFP1 remote code execution exploit. | | Author: | Inphex | | File Size: | 9906 | | Last Modified: | Jul 16 15:36:49 2008 | | MD5 Checksum: | 01286ddae876c582059a67aaf053a04c |
|
| /// File Name: | MDVSA-2008-147.txt | Description:
| Mandriva Linux Security Advisory - Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4319 | | Related CVE(s): | CVE-2008-2371 | | Last Modified: | Jul 16 14:50:23 2008 | | MD5 Checksum: | b8e63c1a7fd5d361e566c9cacb751161 |
|
| /// File Name: | USN-625-1.txt | Description:
| Ubuntu Security Notice 625-1 - A massive slew of Linux kernel related vulnerabilities have been addressed for the linux-source-2.6.15/20/22 packages. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 192927 | | Related CVE(s): | CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826 | | Last Modified: | Jul 16 14:50:16 2008 | | MD5 Checksum: | 5e9e19eec557961a1d40d8762fd5cff3 |
|
| /// File Name: | hockeystats-sql.txt | Description:
| HockeySTATS Online version 2.0 suffers from multiple remote SQL injection vulnerabilities. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2284 | | Last Modified: | Jul 16 00:21:07 2008 | | MD5 Checksum: | e27fc92d3fe7e99f55f9cd1800042ff1 |
|
| /// File Name: | galatolo-cookie.txt | Description:
| Galatolo Web manager version 1.3a suffers from an insecure cookie handling vulnerability. | | Author: | hadihadi | | Homepage: | http://www.virangar.org/ | | File Size: | 1538 | | Last Modified: | Jul 16 00:20:03 2008 | | MD5 Checksum: | 0470008f89dbd8a59795bbec171faa4b |
|
| /// File Name: | documentimaging-overflow.txt | Description:
| Document Imaging SDK version 10.95 ActiveX related buffer overflow proof of concept denial of service exploit. | | Author: | r0ut3r | | File Size: | 1071 | | Last Modified: | Jul 16 00:17:35 2008 | | MD5 Checksum: | be9670fad83699888af79499434ba14b |
|
| /// File Name: | MDVSA-2008-146.txt | Description:
| Mandriva Linux Security Advisory - A memory management issue was found in libpoppler by Felipe Andres Manzano that could allow for the execution of arbitrary code with the privileges of the user running a poppler-based application, if they opened a specially crafted PDF file. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6044 | | Related CVE(s): | CVE-2008-2950 | | Last Modified: | Jul 15 21:09:57 2008 | | MD5 Checksum: | 37e194777605bac78445c2e820e31d67 |
|
| /// File Name: | srm-1.2.9.tar.gz | Description:
| secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised. | | Author: | Matthew Gauthier | | Homepage: | http://srm.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 111464 | | Last Modified: | Jul 15 20:26:09 2008 | | MD5 Checksum: | 7c65937cb9a7af75d1ab6d0927c6a2cc |
|
| /// File Name: | 07.15.08-3.txt | Description:
| iDefense Security Advisory 07.15.08 - Local exploitation of an untrusted library path vulnerability in Oracle Corp.'s Oracle Database product allows attackers to gain elevated privileges. This vulnerability specifically exists in a set-uid root program distributed with Oracle Database for Linux and Unix platforms. By replacing a module owned by the oracle user, which is loaded by this program, an attacker can execute arbitrary code as root. iDefense confirmed the existence of this vulnerability in Oracle 11g R1 version 11.1.0.6.0 on 32-bit Linux platform. Previous versions may also be affected. | | Author: | Joxean Koret | | Homepage: | http://www.idefense.com/ | | File Size: | 3311 | | Related CVE(s): | CVE-2008-2613 | | Last Modified: | Jul 15 20:23:19 2008 | | MD5 Checksum: | e8ee1e493dada84f07feb39294a4a5f6 |
|
| /// File Name: | 07.15.08-2.txt | Description:
| iDefense Security Advisory 07.15.08 - Remote exploitation of a buffer overflow vulnerability in the DBMS_AQELM package in Oracle Corp.'s Oracle Database product allows attackers to execute arbitrary code with the privileges of the database user. This vulnerability exists due to improper input validation when handling a parameter passed to a procedure within the DBMS_AQELM package. Since the parameter is not properly validated, providing a long string can cause a buffer overflow to occur. This results in corruption of the database and could allow for the execution of arbitrary code as the database user. iDefense confirmed the existence of this vulnerability in Oracle Database version 10.2.0.3 and 11.1.0.6 with the October 2007 CPU applied. Previous versions may also be affected. | | Author: | Joxean Koret | | Homepage: | http://www.idefense.com/ | | File Size: | 3635 | | Related CVE(s): | CVE-2008-2607 | | Last Modified: | Jul 15 20:22:23 2008 | | MD5 Checksum: | ce82ad21bbe158ccfb4fd2c80da488bc |
|
| /// File Name: | 07.15.08-1.txt | Description:
| iDefense Security Advisory 07.15.08 - Remote exploitation of a pre-authentication input validation vulnerability in Oracle Corp.'s Oracle Internet Directory allows an attacker to conduct a denial of service attack on a vulnerable host. Internet Directory consists of two processes. One process acts as a listener. It handles incoming connections and passes them off to the second process. The second process, which handles requests, contains the vulnerability. When processing a malformed LDAP request, it is possible to cause the handler to dereference a NULL pointer. This results in the process crashing. Future connection requests will be accepted by the listener process, and then immediately closed when it finds that there is no handler process running. iDefense confirmed the existence of this vulnerability in Oracle Internet Directory for Windows version 10.1.4.0.1 with the April 2007 CPU installed. Previous versions may also be affected. | | Author: | Joxean Koret | | Homepage: | http://www.idefense.com/ | | File Size: | 3843 | | Related CVE(s): | CVE-2008-2595 | | Last Modified: | Jul 15 20:20:55 2008 | | MD5 Checksum: | e8fd9c9196beac5c66e3d1a2dbceb960 |
|
| /// File Name: | NISR15072008.txt | Description:
| NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user. | | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3709 | | Related CVE(s): | CVE-2008-2589 | | Last Modified: | Jul 15 20:18:26 2008 | | MD5 Checksum: | c6bc69f8abb9b4ec0ab0dfecf8149c3d |
|
| /// File Name: | phphelpagent-lfi.txt | Description:
| PHP Help Agent versions 1.1 and below suffer from a local file inclusion vulnerability. | | Author: | BeyazKurt | | File Size: | 915 | | Last Modified: | Jul 15 20:08:56 2008 | | MD5 Checksum: | bafab141dd32bdc5b0c4c9b5e49a4ac1 |
|
| /// File Name: | glsa-200807-09.txt | Description:
| Gentoo Linux Security Advisory GLSA 200807-09 - Jakub Wilk discovered a directory traversal vulnerability in the applydiff() function in the mercurial/patch.py file. Versions less than 1.0.1-r2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2480 | | Related CVE(s): | CVE-2008-2942 | | Last Modified: | Jul 15 20:02:55 2008 | | MD5 Checksum: | 50462d81464b1af2654e6f46ece39373 |
|
| /// File Name: | dsa-1569-3.txt | Description:
| Debian Security Advisory 1569-3 - Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb). | | Homepage: | http://www.debian.org/security | | File Size: | 3425 | | Related CVE(s): | CVE-2008-0783, CVE-2008-0785 | | Last Modified: | Jul 15 20:02:17 2008 | | MD5 Checksum: | 17dce37d3f17988c79c9c5f1d1a8a226 |
|
| /// File Name: | dsa-1610-1.txt | Description:
| Debian Security Advisory 1610-1 - It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code. | | Homepage: | http://www.debian.org/security | | File Size: | 7838 | | Related CVE(s): | CVE-2008-2927 | | Last Modified: | Jul 15 18:29:36 2008 | | MD5 Checksum: | 513c6db488f5e76c826ad67226948f43 |
|
| /// File Name: | dsa-1609-1.txt | Description:
| Debian Security Advisory 1609-1 - Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. | | Homepage: | http://www.debian.org/security | | File Size: | 12697 | | Related CVE(s): | CVE-2008-0983, CVE-2007-3948 | | Last Modified: | Jul 15 18:29:13 2008 | | MD5 Checksum: | d5fa018fca4cff4c04e9d55217912eb0 |
|
| /// File Name: | clubhack2008-cfp.txt | Description:
| The ClubHack2008 Call For Papers is now open. For a full list of topics and more information on the convention, hit the home page. | | Homepage: | http://clubhack.com/2008/CFP | | File Size: | 894 | | Last Modified: | Jul 15 12:47:21 2008 | | MD5 Checksum: | 0ffa2fdc9623950a70cb011bc8ead68e |
|
| /// File Name: | MDVSA-2008-145.txt | Description:
| Mandriva Linux Security Advisory - An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5882 | | Related CVE(s): | CVE-2008-2374 | | Last Modified: | Jul 15 12:44:22 2008 | | MD5 Checksum: | c256f058c19feaecba12125886f55118 |
|
| /// File Name: | psys-rfi.txt | Description:
| pSys version 0.7.0 Alpha suffers from multiple remote file inclusion vulnerabilities. | | Author: | RoMaNcYxHaCkEr | | File Size: | 2328 | | Last Modified: | Jul 15 12:43:42 2008 | | MD5 Checksum: | b54a3d0817d0338d6fb9380645011495 |
|
| /// File Name: | galatolo-sqlxss.txt | Description:
| Galatolo Web Manager versions 1.3a and below suffer from SQL injection and cross site scripting vulnerabilities. | | Author: | StAkeR | | File Size: | 2111 | | Last Modified: | Jul 15 12:42:54 2008 | | MD5 Checksum: | ef9200e89aca69ae3c8c94c765115bb5 |
|
| /// File Name: | winremote-dos.txt | Description:
| WinRemotePC FULL+LITE 2008 r.2server memory and CPU consumption denial of service exploit. | | Author: | Shinnok | | File Size: | 4394 | | Last Modified: | Jul 15 12:42:00 2008 | | MD5 Checksum: | 9048310bfe66b5a377ce890e8c8a2842 |
|
| /// File Name: | pragyan-rfi.txt | Description:
| Pragyan CMS version 2.6.2 suffers from a remote file inclusion vulnerability. | | Author: | N3TR00T3R | | File Size: | 1727 | | Last Modified: | Jul 15 12:40:38 2008 | | MD5 Checksum: | 84dc8537b0436519bc9046c02e379bba |
|
| /// File Name: | MU-200807-01.txt | Description:
| The Mu Security Research team has found that repro SIP proxy/registrar version 1.3.2 suffers from a remote denial of service vulnerability. | | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 3370 | | Last Modified: | Jul 14 23:03:06 2008 | | MD5 Checksum: | eeb40dfbac45b032d6f1e46704df7437 |
|
| /// File Name: | USN-624-1.txt | Description:
| Ubuntu Security Notice 624-1 - Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 16603 | | Related CVE(s): | CVE-2008-2371 | | Last Modified: | Jul 14 23:01:00 2008 | | MD5 Checksum: | 6a9af15950dce94ac1b930e9bbb8fe7c |
|
| /// File Name: | emule-disclose.txt | Description:
| eMule version 0.49 appears to disclose OS user names and paths. | | Author: | Carl Hardwick | | File Size: | 673 | | Last Modified: | Jul 14 23:00:19 2008 | | MD5 Checksum: | abc3bcd4f77b346748548a21b86bc2eb |
|
| /// File Name: | yuhhupubs-sql.txt | Description:
| Yuhhu Pubs Black Cat remote SQL injection exploit that makes use of browse.groups.php. | | Author: | RMx | | Homepage: | http://www.coderx.org/ | | File Size: | 2190 | | Last Modified: | Jul 14 22:59:06 2008 | | MD5 Checksum: | 8f70f03baa2f834ec71916349d1cb0eb |
|
| /// File Name: | bilboblog-multi.txt | Description:
| Bilboblog version 2.1 suffers from SQL injection, cross site scripting, and login bypass vulnerabilities. | | Author: | Black_H | | Homepage: | http://blackh.free.fr/ | | File Size: | 7437 | | Last Modified: | Jul 14 22:56:59 2008 | | MD5 Checksum: | d7be264d6ab646eb28d0b8f7dc00a95a |
|
| /// File Name: | codedb-lfi.txt | Description:
| CodeDB suffers from a local file inclusion vulnerability in list.php. | | Author: | cOndemned | | Homepage: | http://condemned.r00t.la/ | | File Size: | 904 | | Last Modified: | Jul 14 22:55:45 2008 | | MD5 Checksum: | c04949091346c9a4ffa04eb1577065a9 |
|
| /// File Name: | scripteen-grabber.txt | Description:
| Scripteen Free Image Hosting Script version 1.2 administrative password grabbing exploit. | | Author: | RMx | | Homepage: | http://www.coderx.org/ | | File Size: | 1774 | | Last Modified: | Jul 14 22:54:48 2008 | | MD5 Checksum: | 0a039166792ec92a6cd0054193523e70 |
|
| /// File Name: | itechbids-sqlxss.txt | Description:
| ITechBids version 7.0 Gold suffers from cross site scripting and SQL injection vulnerabilities. | | Author: | Encrypt3d.Mind | | File Size: | 1911 | | Last Modified: | Jul 14 22:53:29 2008 | | MD5 Checksum: | 47f73ac26246ad8afc0b2787ce728a2e |
|
| /// File Name: | deepsec2008-cfp.txt | Description:
| The Call For Papers for DeepSec IDSC 2008 ends tomorrow. Get your submission in today! | | Homepage: | https://deepsec.net/cfp/ | | File Size: | 2156 | | Last Modified: | Jul 14 22:50:01 2008 | | MD5 Checksum: | 77417a9f5ef7bd6ea11c50505a04f22a |
|
| /// File Name: | FreeBSD-SA-08.06.bind.txt | Description:
| FreeBSD Security Advisory - The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization. | | Homepage: | http://security.freebsd.org/ | | File Size: | 6653 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 14 22:48:11 2008 | | MD5 Checksum: | 68270ba16f4122fec61835a8a609ce74 |
|
| /// File Name: | avlc-sql.txt | Description:
| Avlc Forum suffers from a remote SQL injection vulnerability in vlc_forum.php. | | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 1616 | | Last Modified: | Jul 14 22:46:58 2008 | | MD5 Checksum: | 26ac2aa382340a458cf6a4e4e3a8c0ac |
|
| /// File Name: | mforum-admin.txt | Description:
| MFORUM version 0.1a suffers from an arbitrary add administrator vulnerability. | | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 1860 | | Last Modified: | Jul 14 22:46:14 2008 | | MD5 Checksum: | 5060542df96d795580c5e08468080827 |
|
| /// File Name: | jsite-sqllfi.txt | Description:
| jSite version 1.0 OE suffers from SQL injection and local file inclusion vulnerabilities. | | Author: | S.W.A.T. | | Homepage: | http://www.xmors.com/ | | File Size: | 1739 | | Last Modified: | Jul 14 22:45:00 2008 | | MD5 Checksum: | 200e1f73b7af96b86b649c16fc2c7b87 |
|
| /// File Name: | fuzzylime301-execphpcomm.txt | Description:
| Fuzzylime CMS version 3.01 remote code execution exploit that leverages commrss.php. Written in PHP. | | Author: | real | | File Size: | 11331 | | Last Modified: | Jul 14 22:44:02 2008 | | MD5 Checksum: | f6d13732d552a22cc272860854928531 |
|
| /// File Name: | fuzzylime301-execperl.txt | Description:
| Fuzzylime CMS version 3.01 remote code execution exploit that leverages polladd.php. Written in Perl. | | Author: | Inphex, real | | File Size: | 9068 | | Last Modified: | Jul 14 22:41:05 2008 | | MD5 Checksum: | 9281b4ba2097210d37a8b1b3206d6699 |
|
| /// File Name: | fuzzylime301-execphp.txt | Description:
| Fuzzylime CMS version 3.01 remote code execution exploit that leverages polladd.php. Written in PHP. | | Author: | Inphex, real | | File Size: | 7182 | | Last Modified: | Jul 14 22:40:16 2008 | | MD5 Checksum: | f85ac4bc37b2a2ef09b1b6c9f64e48db |
|
| /// File Name: | ymsg81-dos.txt | Description:
| Yahoo! Messenger version 8.1 ActiveX remote denial of service exploit. | | Author: | Jeremy Brown | | File Size: | 270 | | Last Modified: | Jul 14 22:38:35 2008 | | MD5 Checksum: | d184f3c05f0726a968c63d465eba10dc |
|
| /// File Name: | dsa-1608-1.txt | Description:
| Debian Security Advisory 1608-1 - Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits an authenticated user with authorization to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations. | | Homepage: | http://www.debian.org/security | | File Size: | 13777 | | Related CVE(s): | CVE-2008-2079 | | Last Modified: | Jul 14 20:51:55 2008 | | MD5 Checksum: | c3744708947638838c41045af52ff9a5 |
|
| /// File Name: | sdns-remote-dos.pl.txt | Description:
| Simple DNS Plus versions 5.0 and 4.1 remote denial of service exploit. | | Author: | Exodus | | Homepage: | http://www.blackhat.org.il/ | | File Size: | 1435 | | Last Modified: | Jul 14 20:50:29 2008 | | MD5 Checksum: | d8d6200a8db9cbe135ad9962188749be |
|
| /// File Name: | MDVSA-2008-144.txt | Description:
| Mandriva Linux Security Advisory - A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12471 | | Related CVE(s): | CVE-2008-2952 | | Last Modified: | Jul 14 20:49:18 2008 | | MD5 Checksum: | e067e9635f844806f64c3081f75e1484 |
|
| /// File Name: | MDVSA-2008-138-1.txt | Description:
| Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue. The OpenOffice.org package for Mandriva Corporate 3 missed the patch application due to a build error. This update fixes that. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6951 | | Related CVE(s): | CVE-2008-2152 | | Last Modified: | Jul 14 20:48:52 2008 | | MD5 Checksum: | 8bd061d9f1aa04e66a24a47d77511715 |
|
| /// File Name: | snoop-0.3.1.tar.gz | Description:
| Snoop is a GNU/Linux file descriptor monitoring tool inspired by FreeBSD's 'watch'. It goes beyond simple TTY snooping by allowing the interception of any file descriptor. You can attach on the fly to regular files, TTYs, named pipes, character devices, and pretty much anything that is represented by a file descriptor and addressable in the standard name space. | | Author: | Florin Malita | | Homepage: | http://snoop.sourceforge.net/ | | File Size: | 130550 | | Last Modified: | Jul 14 20:48:26 2008 | | MD5 Checksum: | 930526597960a2cb501a9de8b3d2d33e |
|
| /// File Name: | silk-1.1.0.tar.gz | Description:
| SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning. | | Author: | CERT NetSA | | Homepage: | http://tools.netsa.cert.org/silk/ | | Changes: | Various updates and additions. | | File Size: | 2187847 | | Last Modified: | Jul 14 20:46:14 2008 | | MD5 Checksum: | 287912494f4908511cb57b45dd8c73e5 |
|
| /// File Name: | ultrastats-blindsql.txt | Description:
| Ultrastats versions 0.2.142 and below remote blind SQL injection exploit that makes use of players-detail.php. | | Author: | DNX | | File Size: | 5954 | | Last Modified: | Jul 14 20:42:03 2008 | | MD5 Checksum: | aee92b78cc0a84df00b311fcec99010d |
|
| /// File Name: | webcms-sql.txt | Description:
| WebCMS Portal suffers from a remote SQL injection vulnerability. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1545 | | Last Modified: | Jul 14 20:41:11 2008 | | MD5 Checksum: | 98bdf8da8c2c185cc50c99f36dbdab83 |
|
| /// File Name: | joomlanforms-sql.txt | Description:
| Joomla n-forms component version 1.01 blind SQL injection exploit. | | Author: | The Moorish | | File Size: | 2672 | | Last Modified: | Jul 14 20:40:14 2008 | | MD5 Checksum: | efa1aef9075e49b2a4616ab128d7ab2c |
|
| /// File Name: | trixbox261-pwn.txt | Description:
| Trixbox version 2.6.1 remote root exploit written in Python that spawns a reverse shell. | | Author: | Muts | | Homepage: | http://www.offensive-security.com/ | | File Size: | 2558 | | Last Modified: | Jul 14 20:39:12 2008 | | MD5 Checksum: | 90971bc3960ef207e3050812d4f68b2f |
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
