Exploit the possiblities
Showing 1 - 25 of 33 RSS Feed


Posted Aug 27, 2003
Site cert.org

CERT Advisory CA-2003-22 - Microsoft Internet Explorer contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. Versions affected are 5.01, 5.50, and 6.01.

tags | advisory, remote, arbitrary, vulnerability
MD5 | a1267ad85158abcd9012ae69ae2ef7e9
FreeBSD Security Advisory 2003.11
Posted Aug 27, 2003
Authored by The FreeBSD Project, Oleg Bulyzhin | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:11.sendmail - Some versions of sendmail (8.12.0 through 8.12.8) contain a programming error in the code that implements DNS maps. A malformed DNS reply packet may cause sendmail to crash its child process and may lead to further possible exploitation.

tags | advisory
systems | freebsd
MD5 | 2f56fcaeeb06dc2f4dfb543e16022f39
HexView Security Advisory 2003-08-03.01
Posted Aug 26, 2003
Authored by HexView, SGI Security Coordinator | Site sgi.com

SGI Security Advisory 20030803-01-P - A vulnerability has been reported by sendmail.org that the 8.12.8 and earlier releases shipped with a potential problem in DNS mapping that could lead to a remote denial or service or root compromise. Relatedd CVE Number: CVE-2003-0688.

tags | advisory, remote, root
MD5 | 2a166f4afe5f37ea2cce1777428e4770
Posted Aug 26, 2003
Authored by Dave Aitel

Helix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers.

tags | advisory, root, protocol
MD5 | 75229ac833221a0cdcde4387fd65ffad
Posted Aug 26, 2003
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-08-22-104 - widz, the 802.11 wireless IDS system version 1.5 and below, makes use of untrusted input with a system call. If this utility were to be used in a production environment with any non-root users on the system, they would be able to easily escalate their privileges to root.

tags | advisory, root
MD5 | 588c2add27529a05aff0d4c686fd4bff
Posted Aug 26, 2003
Authored by Drew Copley | Site eEye.com

eEye Advisory - There is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed almost all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a web page as silently and as easily as Internet Explorer parses image files or any other safe HTML content. Version affected: Microsoft Internet Explorer 5.01, 5.5, 6.0, and 6.0 for Windows Server 2003.

tags | advisory, remote, web, trojan, activex
systems | windows
MD5 | 9f6eb7569411e2aba0bb119b689e9c2a
Posted Aug 26, 2003
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-08-11-072 - ViRobot 2.0, the Linux-based antivirus solution, has multitudes of suids that are vulnerable to abuse.

tags | advisory
systems | linux
MD5 | 392d3e308ffde41354f4acc4646bf47e
Posted Aug 16, 2003
Authored by Frog Man | Site phpsecure.info

A cross site scripting vulnerability was found in the 1.3.x and below versions of the NewBB PHP forum.

tags | advisory, php, xss
MD5 | ae6455e1c4817b7d3eab8becc36d196c
Posted Aug 16, 2003
Authored by cmthemc

Mapquest.com suffers from a cross site scripting vulnerability due to limited bounds checking.

tags | advisory, xss
MD5 | a9635ec200733268423268731d51420d
Posted Aug 14, 2003
Site cert.org

CERT Advisory CA-2003-21 - The systems housing the primary FTP servers for the GNU software project were compromised. Valid hostnames for this machine were gnuftp.gnu.org, ftp.gnu.org, and alpha.gnu.org. The compromise took place in March of 2003 and it is possible that malicious code may have been injected into various software distributed from this server.

tags | advisory
MD5 | cb33660519a29d4e14f0bc179ef577c0
HexView Security Advisory 2003-08-01.01
Posted Aug 14, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030801-01-P - It is possible to create a Denial of Service attack on the IRIX nfsd through the use of carefully crafted packets which cause XDR decoding errors. This can lead to kernel panicing the system. No local account or access to an NFS mount point is required, so this could be constructed as a remote exploit.

tags | advisory, remote, denial of service, kernel, local
systems | irix
advisories | CVE-2003-0576
MD5 | a98675283906a5666114c8e4e784cb4b
FreeBSD Security Advisory 2003.9
Posted Aug 13, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:09.signal - Systems with the device driver spigot added into the kernel configuration are susceptible to a denial of service attack due to improper validation of signal numbers.

tags | advisory, denial of service, kernel
systems | freebsd
MD5 | dfcb65305db0be7eca10ed36fedf519b
Posted Aug 12, 2003
Authored by Chris | Site cr-secure.net

The D-Link 704p router with firmware version 2.70 is susceptible to multiple denial of service attacks via excessively populated URLs.

tags | advisory, denial of service
MD5 | 573789d2afe027e36cfa297f4b1bca11
Posted Aug 12, 2003
Site cert.org

CERT Advisory CA-2003-20 - CERT announces that the exploitation of the RPC/DCOM vulnerability on Windows has now taken the form of a worm known as the W32/Blaster worm. This worm retrieves a binary that is then used to launch further attacks and is poised to launch a denial of service against windowsupdate.com.

tags | advisory, worm, denial of service
systems | windows
MD5 | 898d2e72d1a796536200f33ea934c9c4
Posted Aug 12, 2003
Authored by Ferruh Mavituna | Site ferruh.mavituna.com

VBulletin version 3.0 Beta 2 is susceptible to a cross site scripting vulnerability in its new member page (register.php).

tags | advisory, php, xss
MD5 | 01b0100f2ccf4672278a9fa299c0f45c
Posted Aug 12, 2003
Authored by Sylvain Descoteaux

Information regarding one variant of the Microsoft Windows DCOM worm that is circulating around the Internet.

tags | advisory, worm
systems | windows
MD5 | ac3d0bb9ecfa6f918b66dcbb2005a692
FreeBSD Security Advisory 2003.10
Posted Aug 11, 2003
Authored by The FreeBSD Project, David Rhodus | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:10.ibcs2 - The iBCS2 system call translator for statfs(2) erroneously used the user-supplied length parameter when copying a kernel data structure into userland. If the length parameter were larger than required, then instead of copying only the statfs-related data structure, additional kernel memory would also be made available to the user. If iBCS2 support were enabled, a malicious user could call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory.

tags | advisory, kernel
systems | freebsd
MD5 | b810c239f09f2d210e6af149dbb9e258
Atstake Security Advisory 03-08-07.2
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.

tags | advisory, tcp
MD5 | ca93fa9e4f55ae6a7bc8a23a5c4cc902
Atstake Security Advisory 03-08-07.1
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.

tags | advisory, arbitrary, root
MD5 | e895c3e6c19786b601cabf6cc3f79ebd
Posted Aug 10, 2003
Authored by mycelium

Normal Lotus SameTime login credential encryption with 1.5 and 3.0 Windows clients use RC2 to encrypt the password, and even sends the key along with the login packet allowing an attacker to decrypt the credentials and steal a user's IM identity.

tags | advisory
systems | windows
MD5 | bfdcc120627b2d27979f765090c28b98
Posted Aug 10, 2003
Authored by Eduardo Cruz, Emilin Garcia, Jordi Andre | Site s21sec.com

The Cisco CSS 11000 Series is vulnerable to a denial of service when there is a heavy storm of TCP SYN packets directed to the circuit address. It may also cause a high CPU load or sudden reboots.

tags | advisory, denial of service, tcp
systems | cisco
MD5 | 3652b70f4b151fe576347103ddca7d0a
Posted Aug 10, 2003
Authored by Corey Bridges | Site zonelabs.com

Response from Corey Bridges of ZoneAlarm in regards to the vulnerability originally discovered by Lord YuP in their device driver VSDATANT and the exploit that is circulating for it.

tags | advisory
MD5 | 95f301d4c5a678a50fe744fa5947cdbd
Posted Aug 10, 2003
Authored by Zerash | Site evicted.org

Meteor FTP server version 1.5 is vulnerable to a remote denial of service when large amounts of data are fed to the USER directive.

tags | advisory, remote, denial of service
MD5 | 5c90f542a48125ff2d7c458a92953e3f
Posted Aug 5, 2003
Authored by Adam Gray | Site novacoast.com

Novacoast Security Advisory - Novacoast has discovered that Novell GroupWise 6.5 Wireless Webaccess logs all usernames and passwords in clear text.

tags | advisory
MD5 | 773f027903baa1b8e6862f9dd4cbb5f1
Posted Aug 5, 2003
Authored by Peter Winter-Smith

EF Commander versions 3.54 and below are vulnerable to various buffer overflows that can allow for remote arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | 911cec30afd6194fd36add27b5e0569f
Page 1 of 2

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By