Exploit the possiblities
Showing 1 - 19 of 19 RSS Feed


Posted Dec 30, 2003
Authored by Arman Nayyeri

A flaw exists in Microsoft Internet Explorer 5.x-6.0 that allows a remote attacker to execute a file using chm in showHelp().

tags | advisory, remote
MD5 | db3591cd11cf5acd1b4f20246b92e736
Posted Dec 29, 2003
Authored by Tri Huynh

The Landesk Management Suite versions 8.0 and below suffer from a buffer overflow in their SetClientAddress function inside of YAUTO.DLL.

tags | advisory, overflow
MD5 | 57a53a16c4e22b83ec3f1c09bba1301b
Posted Dec 29, 2003
Authored by Nesumin | Site opera.rainyblue.org

Opera versions 7.22 and below allow for a remote site to overwrite local files during temporary file creation due to a lack of sanitizing filenames.

tags | advisory, remote, local
MD5 | e78538b84ad2cce8c0ef254d8ad4b666
Posted Dec 23, 2003
Authored by James Bercegay | Site gulftech.org

osCommerce versions 2.2-MS1 and 2.2-MS2 allow a remote attacker to send a malformed URI that can effectively deny a user legitimate access to their account via a denial of service attack that will cause an unremovable item to be placed in the users shopping cart. These releases are also subject to SQL injection attacks and cross-site scripting problems as well.

tags | advisory, remote, denial of service, xss, sql injection
MD5 | de6676ce25d954cf7f2323181c899635
Posted Dec 23, 2003
Authored by J.A. Gutierrez

Xerox Document Centre 470, 255ST, and possibly others allow for remote unauthorized access to files, access to plaintext passwords for the HTTP administration interface, access to DES passwords for the operating system, and read-write access to HTTP users and passwords.

tags | advisory, remote, web
MD5 | f0452ef2d30a2eefe58e85537d1a0978
Posted Dec 18, 2003
Authored by Bryan Mayland, Todd Chapman

Weak encryption in the client for the game Dark Age of Camelot exposes customer billing and authentication information during transmission.

tags | advisory
MD5 | 1dfff93a9bbcb6a2afbd0aa4cf9c911e
Posted Dec 18, 2003
Authored by Ulf Harnhammar

Two buffer overflows exist in lftp versions 2.3 to 2.6.9. When using the ls and rels commands during an HTTP/HTTPS connection, an attacker has the opportunity to exploit a sscanf() call in try_netscape_proxy() and try_squid_eplf().

tags | advisory, web, overflow
MD5 | d2894fe2b9da4cd4c30f1be22ebbd95c
Posted Dec 16, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

Eznet v3.5.0 and below contains a stack overflow in eZnet.exe which can be exploited in a GET request to SwEzModule.dll.

tags | advisory, overflow
MD5 | b6d0777de9561f7859ee2ce1737e0d02
Posted Dec 15, 2003
Authored by Nesumin | Site opera.rainyblue.org

Opera for Windows v7.x prior to v7.23 build 3227 contains a file overwrite vulnerability which allows remote downloads to overwrite any file on the filesystem.

tags | advisory, remote
systems | windows
MD5 | bc964b0a57f1c10f4a420e98d0615705
Posted Dec 15, 2003
Authored by Juliano Rizzo, Javier Kohen | Site coresecurity.com

Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.

tags | advisory, udp, spoof, vulnerability
MD5 | 9c7743f34e19d9d5df652ce24486acd8
Posted Dec 15, 2003
Authored by Mark Litchfield, Sherief Hammad, Rob Horton | Site ngssoftware.com

Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.

tags | advisory, denial of service, overflow, vulnerability
MD5 | ccf2d70529b44d3c0360904cc678eac0
Posted Dec 5, 2003
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations Advisory SRT2003-12-04-0723 - Ebola, the AntiVirus scanning daemon system versions 0.1.4 and below, contain a remotely exploitable buffer overflow in their authentication sequence.

tags | advisory, overflow
MD5 | 37cd2c6d2a19964ef4b8d6995fc4be9e
Posted Dec 5, 2003
Authored by carbon

Sending a blank GET request to a Linksys WRT54G v1.0 (firmware v 1.42.3) router results in a denial of service.

tags | advisory, denial of service
MD5 | bd02832f325bfcfbdc03ab33a76be405
Posted Dec 5, 2003
Authored by Mr. P. Taylor

Websense Enterprise versions 4.3.0 to 5.1 are susceptible a cross-site scripting attack where an end user may be tricked into running malicious code in their trusted zone.

tags | advisory, xss
MD5 | b7d8ac826dfb36df10c244c7e1799081
Posted Dec 5, 2003
Authored by Tri Huynh

Yahoo Instant Messenger versions and below is susceptible to a buffer overflow attack in the YAUTO.DLL file when a long URL is passed to the Open(String Url) function.

tags | advisory, overflow
MD5 | d90ddb31ed0fd25b93586c1d032b050d
Posted Dec 5, 2003
Authored by Martin Macok

The pxboard executable in XBoard versions 4.2.6 and below creates and writes to a file with a predictable filename in the /tmp directory.

tags | advisory
MD5 | 545deee60e1a9126e7a6b1c9e992782d
Posted Dec 4, 2003
Site gentoo.org

Gentoo Linux Security Announcement 200312-01 - On December 2nd, the rsync.gentoo.org server was compromised via a heap overflow in the rsync 2.56 server implementation.

tags | advisory, overflow
systems | linux, gentoo
MD5 | f64a8b01d607c8eda8af189ecd37fd84
Posted Dec 3, 2003
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.

tags | advisory, kernel, local, root
systems | linux
MD5 | 56a41fe0f4e1ca9efb7d67d8792fc80e
Posted Dec 2, 2003
Site debian.org

Linux v2.4.x below v2.4.23 was found to contain a local root vulnerability when a multiple servers of the Debian project were compromised using a new kernel exploit. Due to an integer overflow in the do_brk() system call, it is possible for local users to gain root access. Users of kernel v2.4.22 and below should upgrade.

tags | advisory, overflow, kernel, local, root
systems | linux, debian
MD5 | 8f03236e3167734a591cdb5eae7fa1e0
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
What Ends With X And Won't Sue Security Researchers?
Posted Mar 22, 2018

tags | headline, hacker
Old Banking Trojan TrickBot Has Been Taught New Tricks
Posted Mar 22, 2018

tags | headline, malware, bank, trojan, cybercrime, fraud
Surgeon Thinks Hack Led To Syrian Air Strike
Posted Mar 22, 2018

tags | headline, hacker, cyberwar, syria
The NSA Tried Tracking Bitcoin Users In 2013
Posted Mar 22, 2018

tags | headline, government, privacy, usa, nsa, cryptography
IoT Security Spending To Reach $1.5 Billion In 2018
Posted Mar 21, 2018

tags | headline
"Tamper-Proof" Currency Wallet Backdoored By 15 Year Old
Posted Mar 21, 2018

tags | headline, flaw, backdoor, cryptography
The Motherboard Guide To Using Facebook Securely
Posted Mar 21, 2018

tags | headline, privacy, facebook, social
What A Bad Trip - Orbitz Loses Credit Card Data In Hack
Posted Mar 21, 2018

tags | headline, privacy, bank, cybercrime, data loss, fraud
AMD Promises Firmware Fixes For Security Processor Bugs
Posted Mar 21, 2018

tags | headline, flaw
FBI Raids Home Of Spy Sat Techie Over Leak Of Secret Comms Source Code On Facebook
Posted Mar 21, 2018

tags | headline, government, usa, data loss, spyware, fbi
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By