Section: .. / Last 20 Files /
| /// File Name: | ZDI-08-025.txt | Description:
| A vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials. | | Author: | Brett Moore | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3354 | | Last Modified: | May 15 18:28:51 2008 | | MD5 Checksum: | 42547c174484950e72118580181d31aa |
|
| /// File Name: | ZDI-08-024.txt | Description:
| A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user. | | Author: | Brett Moore | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3270 | | Last Modified: | May 15 18:26:12 2008 | | MD5 Checksum: | de3d63236f721885f9df12222483b76e |
|
| /// File Name: | sunshop-blindsql.txt | Description:
| SunShop version 3.5.1 remote blind SQL injection exploit. | | Author: | irvian | | Homepage: | http://irvian.cn/ | | File Size: | 2117 | | Last Modified: | May 15 18:23:18 2008 | | MD5 Checksum: | 2836ec070fde889985a2fdc837aeb3cd |
|
| /// File Name: | aid-051408.asc | Description:
| Aruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity. | | Homepage: | http://www.arubanetworks.com/ | | File Size: | 6764 | | Last Modified: | May 15 13:16:38 2008 | | MD5 Checksum: | 66fe78e297c3c703c1907d3bf9ea75e9 |
|
| /// File Name: | altiris.pdf | Description:
| Whitepaper discussing privilege escalation vulnerability in the Symantec Altiris Deployment Solution. | | Author: | alt3kx, sirdarckcat | | Related Exploit: | symantec-escalate.txt | | File Size: | 818182 | | Last Modified: | May 15 13:09:51 2008 | | MD5 Checksum: | 7b154786710db1561e36d1a40d1f30cb |
|
| /// File Name: | newsmanager-rfisql.txt | Description:
| Newsmanager version 2.09 suffers from remote file inclusion, remote file disclosure, SQL injection, and permission bypass vulnerabilities. | | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 864 | | Last Modified: | May 15 13:04:20 2008 | | MD5 Checksum: | 8f5c781a660fc81ca7987d6654ef1486 |
|
| /// File Name: | kostenloses-sql.txt | Description:
| Kostenloses Linkmanagementscript suffers from multiple SQL injection vulnerabilities. | | Author: | hadihadi | | Homepage: | http://www.virangar.org/ | | File Size: | 1274 | | Last Modified: | May 15 13:03:08 2008 | | MD5 Checksum: | 30d1e5b0cb68d4ba861ad2483d5ed7a6 |
|
| /// File Name: | symantec-escalate.txt | Description:
| Symantec Altiris Client Service versions 6.5.248, 6.5.299, and 6.8.378 local privilege escalation exploit. Based on the vulnerability noted in MS04-019. | | Author: | alt3kx, sirdarckcat | | File Size: | 4423 | | Last Modified: | May 15 13:01:41 2008 | | MD5 Checksum: | c09a21fc404f17fb885125e45f0dd579 |
|
| /// File Name: | cisco-sa-20080514-cup.txt | Description:
| Cisco Security Advisory - Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI). | | Homepage: | http://www.cisco.com/ | | File Size: | 11779 | | Related CVE(s): | CVE-2008-1740, CVE-2008-1741 | | Last Modified: | May 15 04:28:20 2008 | | MD5 Checksum: | fddfe8a3e45e0c202a50e5bc67fa484a |
|
| /// File Name: | cisco-sa-20080514-csm.txt | Description:
| Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection. | | Homepage: | http://www.cisco.com/ | | File Size: | 17388 | | Related CVE(s): | CVE-2008-1749 | | Last Modified: | May 15 04:25:13 2008 | | MD5 Checksum: | 0a7dfcd9f771e114ed6eafdd02388931 |
|
| /// File Name: | debian-sploit.txt | Description:
| A nice walk through discussing step by step how to brute force ssh logins using the recent Debian OpenSSL random number generator vulnerability. | | Author: | Markus Mueller | | File Size: | 1649 | | Last Modified: | May 15 04:21:12 2008 | | MD5 Checksum: | bc660b433dce3c75055028112f9966d3 |
|
| /// File Name: | EC2ND-2008-CFP.txt | Description:
| Call For Papers for EC2ND. The fourth annual EC2ND conference will take place on December 11th and 12th 2008 in the Faculty of Engineering and Computing at Dublin City University. | | Homepage: | http://2008.ec2nd.org/ | | File Size: | 4073 | | Last Modified: | May 15 04:19:00 2008 | | MD5 Checksum: | 25512bf60111f41dda218b3da90bc361 |
|
| /// File Name: | sqlfuzzer.py.txt | Description:
| SQL Injector version 1.0 is a fuzzing utility written in Python. | | Author: | Beenu Arora | | File Size: | 775 | | Last Modified: | May 15 04:17:36 2008 | | MD5 Checksum: | 30658df42570e5cc8bf5a21363643df6 |
|
| /// File Name: | xsschecker.py.txt | Description:
| Cross site scripting fuzzing utility written in Python. | | Author: | Beenu Arora | | File Size: | 1945 | | Last Modified: | May 15 04:16:34 2008 | | MD5 Checksum: | 87e7d424c10d56a7fc8c08dc5f96dc2a |
|
| /// File Name: | msie-crosszone.txt | Description:
| Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature. | | Author: | Aviv Raff | | Homepage: | http://aviv.raffon.net/ | | File Size: | 2188 | | Last Modified: | May 15 04:14:42 2008 | | MD5 Checksum: | ac941e58ffb4c9380b7ee22bd963676f |
|
| /// File Name: | win32-generator.txt | Description:
| win32 Download and Execute shellcode generator (browsers edition). | | Author: | YAG KOHHA | | File Size: | 2830 | | Last Modified: | May 15 03:52:57 2008 | | MD5 Checksum: | 3f071fcc1f92a0892c3107f22313a641 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
