Hotmail is vulnerable to yet another serious security problem involving javascript. Windows, MacOS, and Linux users are affected. Filters may be bypassed by putting line feeds in the middle of the javascript code, the browser will remove the line feeds and execute it.
38d619755398daddb4094c74d9e46a705ebf54917924ac7f57da9be93f94b110Packet Storm new exploits for May, 2000.
c855b45b4efb3e69651181ff39c4b5e46fb8b715542eaae404ecebef1fa8c2e7Jidentd 1.0 IDENT server remote exploit. Tested under Slackware 3.6 and 4.0, Debian 2.1, Redhat 4.1, 5.0, 5.1 and 5.2.
9bb5daf2edcaff51a09bef34d3664fe3ceeb2793878de4d7c1634fcf15c2396aDelphis Consulting Plc Security Team Advisory DST2K0003 - Buffer Overrun in NAI WebShield SMTP v4.5.44 Management Tool for Microsoft Windows NT v4.0 Server (SP6). Any user who can connect to tcp port 9999 can obtain a copy of the configuration. Secondly, if you pass an oversized buffer of 208 bytes or more within one of the configuration parameters the service will crash overwriting the stack but and the EIP with what ever was passed within the parameter.
5230eece683fd72a6c2495b32df00a21a3efe154506ea65502fe723b503ba75aDelphis Consulting Plc Security Team Advisory DST2K0007 - Buffer Overrun in ITHouse Mail Server v1.04 for Microsoft Windows NT v4.0 Workstation (SP6). Sending an email via SMTP to an IT House Mail Server with a recipient's name in excess of 2270 bytes causes the IT House Mail Server to buffer overrun overwriting the EIP, allowing an attacker to execute arbitrary code on the the server.
04158d4a5fa3738aa4bbf98b226f6ad9e374d75fe9a62e42b5df8f4909473a59Delphis Consulting Plc Security Team Advisory DST2K0008 - Buffer Overrun in Sambar Server 4.3 (Production). By using the default finger script shipped with Sambar server it is possible to cause an Buffer overrun in sambar.dll overwriting the EIP allowing the execution of arbitry code.
05b6dfa2ec29e75514de7fa8cbc730fb79c63434ccf49ad1b6c49e7cedffd1cbSecurity Point Advisory #001 - Java Internet Shop allows users to change the prices on items. The Danish Shopexpress, and the English Zilron StoreCreator version 3.0 and below are vulnerable, an estimated 2500 online shops are running this software.
259866f2adad0030783104f4b506b750a78f941517845084f067935aba3a0cf3Elm 2.4 PL25 local GID mail exploit. Tested under Slackware 3.6, 4.0, Redhat 5.0, and 5.1.
558a726bce68d1bb599a32adc7f23c60678255c07a67495d810c8a54c8097694Mailx local exploit - Tested on Slackware 3.6, 4.0, and 7.0 and Debian 2.0r2, 2.1, 2.2. Gives GID mail shell.
a39f3080841f007cde7492636ec28cae360eb3bb27286828a964f551aab0e2c5MDBMS V0.96b6 remote root exploit - This code demonstrates a MDBMS v0.96b6 vulnerability which allows any remote user to exec a root shell. Tested on Linux SuSE 6.3.
de6ae98a613246fac73e111c7f8a950caf984cf19ee3796d0a0406e994e6fd8aA remote buffer overflow has been disvovered in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. Possible remote root compromise - denial of service exploit included.
55b117d15f47c9c6692c959b4980c558e51d2b5eb35a168825c610287185c171/usr/bin/Mail local linux exploit which gives gid=12 shell. Tested against Slackware 3.6 and 7.0.
fed3606029a826006dd84ce7fd68f8f7eb73b112fa86dd79c0364186eaf429cfThe mailinglist software majordomo has several local vulnerabilties. Local commands can be run wuth the UID and GID equal to the one used for majordomo. Exploit details and patch included.
e5ee7bb2c827ab5e443ead682e7790a52f4edeadd0ca30218cadd5031c86e15bRFPickaxe2.pl is a windows port of RFP's RFPickaxe.pl demo exploit for the BlackICE IDS uses a management console.
7115ec33efe3130c21b7bf3b9c61e2b5d24620f2951e8ae5fe98bbc2b6ea2f29Slirp v1.0.10(RELEASE) local buffer overflow exploit for Linux which gives you a SGID shell if /usr/local/bin/slirp is mode 2755. Tested against Slackware 3.6. Includes perl script to find the offset.
12e61b047e8d24718f434c4d48b7b220b125ea133744046125a247842e78d76aOne last elm v2.4 / v2.5 exploit - gives EGID 12. This version works against almost all vulnerable versions of elm.
47fefa5230db61d38f353f0a5b82b73f911a8e966cb50c54a8092a788c5e4d9esms.c is a remote SMS 1.8.2 (mail2sms gateway) long subject line remote buffer overflow exploit. Send the mail generated by this program and a shell will be listening on port 2222. Offsets adjusted for redhat.
5263a1384cd6d126f626841f9e172551ca855196cc1ef2d42713cc721e51647bTESO Security Advisory #10 - KDE KApplication {} configfile vulnerability. Due to insecure creation of configuration files via KApplication-class, local lusers can create arbitrary files when running setuid root KDE-programs. Tested with SuSE 6.4 standard installation under KDE 1.1.2.
004b3ec17b9d4970f5d766395aef75b5dbd5c2b046edf150e3773fa527b7f18bBugzPL ADVISORY #1 - Bypassing restricted bash. bash-2 gives us the option to use a shell in restricted mode. Includes a patch to bash to eliminate most of the described attacks.
47bb68c6308df5ed6fe19a7497f029c4b854f395cc92453841f8d72aa441b418Delphis Consulting Plc Security Team Advisory DST2K0009 - Userlisting Bug in Ipswitch WS_FTP Server 1.05E allows remote users to confuse the server manager.
c45c47e0f2f64311cef176002da746700559bf5930be62695ff30bd1c8a2b23bSimple Web Server 0.5.1 stack overflow advisory. Allows eip to be overwritten.
48d728d1a0369d0efc66c0322f42866aafd5c4801aa62aeb3619a6c8cd355af1ICQ Web Front Remote denial of service vulnerability - ICQ 2000a, 99b, and 99a contain a vulnerability in the personal web server. Guestbook.cgi, installed by default, crashes when sent a long name.
05ba8a95f1072921afea8cf60d91a06e244658a30f3a4b75372c90226af4d779Remote Cart32 exploit - Though L0pht released an advisory and patch for the well known Cart32 bug, this is the first exploit released to date. Allows remote command execution.
b15ca1584e4ea0d26f2e39fd6253fdaeb6ec98bcc198aec4914a379e204b8f61jolt2.c exploits the recent "IP Fragment Reassembly" Windows remote denial of service vulnerability described in here.
9c74ccde3ad936b28eeb3cbda652ab7c06bff0cb11932e31ee5ca38d6e17d3c6Elm 2.5 PL3 exploit tested under linux Slackware 3.6, 4.0, 7.0.
b1de465cf7dc580d8cf33db3c0c853843c58120a663d26845e8f21b66cc0db14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed