Hotmail is vulnerable to yet another serious security problem involving javascript. Windows, MacOS, and Linux users are affected. Filters may be bypassed by putting line feeds in the middle of the javascript code, the browser will remove the line feeds and execute it.
38d619755398daddb4094c74d9e46a705ebf54917924ac7f57da9be93f94b110
Packet Storm new exploits for May, 2000.
c855b45b4efb3e69651181ff39c4b5e46fb8b715542eaae404ecebef1fa8c2e7
Jidentd 1.0 IDENT server remote exploit. Tested under Slackware 3.6 and 4.0, Debian 2.1, Redhat 4.1, 5.0, 5.1 and 5.2.
9bb5daf2edcaff51a09bef34d3664fe3ceeb2793878de4d7c1634fcf15c2396a
Delphis Consulting Plc Security Team Advisory DST2K0003 - Buffer Overrun in NAI WebShield SMTP v4.5.44 Management Tool for Microsoft Windows NT v4.0 Server (SP6). Any user who can connect to tcp port 9999 can obtain a copy of the configuration. Secondly, if you pass an oversized buffer of 208 bytes or more within one of the configuration parameters the service will crash overwriting the stack but and the EIP with what ever was passed within the parameter.
5230eece683fd72a6c2495b32df00a21a3efe154506ea65502fe723b503ba75a
Delphis Consulting Plc Security Team Advisory DST2K0007 - Buffer Overrun in ITHouse Mail Server v1.04 for Microsoft Windows NT v4.0 Workstation (SP6). Sending an email via SMTP to an IT House Mail Server with a recipient's name in excess of 2270 bytes causes the IT House Mail Server to buffer overrun overwriting the EIP, allowing an attacker to execute arbitrary code on the the server.
04158d4a5fa3738aa4bbf98b226f6ad9e374d75fe9a62e42b5df8f4909473a59
Delphis Consulting Plc Security Team Advisory DST2K0008 - Buffer Overrun in Sambar Server 4.3 (Production). By using the default finger script shipped with Sambar server it is possible to cause an Buffer overrun in sambar.dll overwriting the EIP allowing the execution of arbitry code.
05b6dfa2ec29e75514de7fa8cbc730fb79c63434ccf49ad1b6c49e7cedffd1cb
Security Point Advisory #001 - Java Internet Shop allows users to change the prices on items. The Danish Shopexpress, and the English Zilron StoreCreator version 3.0 and below are vulnerable, an estimated 2500 online shops are running this software.
259866f2adad0030783104f4b506b750a78f941517845084f067935aba3a0cf3
Elm 2.4 PL25 local GID mail exploit. Tested under Slackware 3.6, 4.0, Redhat 5.0, and 5.1.
558a726bce68d1bb599a32adc7f23c60678255c07a67495d810c8a54c8097694
Mailx local exploit - Tested on Slackware 3.6, 4.0, and 7.0 and Debian 2.0r2, 2.1, 2.2. Gives GID mail shell.
a39f3080841f007cde7492636ec28cae360eb3bb27286828a964f551aab0e2c5
MDBMS V0.96b6 remote root exploit - This code demonstrates a MDBMS v0.96b6 vulnerability which allows any remote user to exec a root shell. Tested on Linux SuSE 6.3.
de6ae98a613246fac73e111c7f8a950caf984cf19ee3796d0a0406e994e6fd8a
A remote buffer overflow has been disvovered in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. Possible remote root compromise - denial of service exploit included.
55b117d15f47c9c6692c959b4980c558e51d2b5eb35a168825c610287185c171
/usr/bin/Mail local linux exploit which gives gid=12 shell. Tested against Slackware 3.6 and 7.0.
fed3606029a826006dd84ce7fd68f8f7eb73b112fa86dd79c0364186eaf429cf
The mailinglist software majordomo has several local vulnerabilties. Local commands can be run wuth the UID and GID equal to the one used for majordomo. Exploit details and patch included.
e5ee7bb2c827ab5e443ead682e7790a52f4edeadd0ca30218cadd5031c86e15b
RFPickaxe2.pl is a windows port of RFP's RFPickaxe.pl demo exploit for the BlackICE IDS uses a management console.
7115ec33efe3130c21b7bf3b9c61e2b5d24620f2951e8ae5fe98bbc2b6ea2f29
Slirp v1.0.10(RELEASE) local buffer overflow exploit for Linux which gives you a SGID shell if /usr/local/bin/slirp is mode 2755. Tested against Slackware 3.6. Includes perl script to find the offset.
12e61b047e8d24718f434c4d48b7b220b125ea133744046125a247842e78d76a
One last elm v2.4 / v2.5 exploit - gives EGID 12. This version works against almost all vulnerable versions of elm.
47fefa5230db61d38f353f0a5b82b73f911a8e966cb50c54a8092a788c5e4d9e
sms.c is a remote SMS 1.8.2 (mail2sms gateway) long subject line remote buffer overflow exploit. Send the mail generated by this program and a shell will be listening on port 2222. Offsets adjusted for redhat.
5263a1384cd6d126f626841f9e172551ca855196cc1ef2d42713cc721e51647b
TESO Security Advisory #10 - KDE KApplication {} configfile vulnerability. Due to insecure creation of configuration files via KApplication-class, local lusers can create arbitrary files when running setuid root KDE-programs. Tested with SuSE 6.4 standard installation under KDE 1.1.2.
004b3ec17b9d4970f5d766395aef75b5dbd5c2b046edf150e3773fa527b7f18b
BugzPL ADVISORY #1 - Bypassing restricted bash. bash-2 gives us the option to use a shell in restricted mode. Includes a patch to bash to eliminate most of the described attacks.
47bb68c6308df5ed6fe19a7497f029c4b854f395cc92453841f8d72aa441b418
Delphis Consulting Plc Security Team Advisory DST2K0009 - Userlisting Bug in Ipswitch WS_FTP Server 1.05E allows remote users to confuse the server manager.
c45c47e0f2f64311cef176002da746700559bf5930be62695ff30bd1c8a2b23b
Simple Web Server 0.5.1 stack overflow advisory. Allows eip to be overwritten.
48d728d1a0369d0efc66c0322f42866aafd5c4801aa62aeb3619a6c8cd355af1
ICQ Web Front Remote denial of service vulnerability - ICQ 2000a, 99b, and 99a contain a vulnerability in the personal web server. Guestbook.cgi, installed by default, crashes when sent a long name.
05ba8a95f1072921afea8cf60d91a06e244658a30f3a4b75372c90226af4d779
Remote Cart32 exploit - Though L0pht released an advisory and patch for the well known Cart32 bug, this is the first exploit released to date. Allows remote command execution.
b15ca1584e4ea0d26f2e39fd6253fdaeb6ec98bcc198aec4914a379e204b8f61
jolt2.c exploits the recent "IP Fragment Reassembly" Windows remote denial of service vulnerability described in here.
9c74ccde3ad936b28eeb3cbda652ab7c06bff0cb11932e31ee5ca38d6e17d3c6
Elm 2.5 PL3 exploit tested under linux Slackware 3.6, 4.0, 7.0.
b1de465cf7dc580d8cf33db3c0c853843c58120a663d26845e8f21b66cc0db14