Netscape Communicator find() vulnerabilities allow remote attacker to use JavaScript and HTML to read user cache, browse user directories, much more. Exploit code examples and workaround included.
4f61dc62dc914e8d4aed2e5fd85dd0c61fdab87c003607e464c6c4a7b28f862f
Windows NT Case Sensitivity vulnerability allows any non-privileged user to use the permissions on the "\??" object directory and to exploit the case sensitivity of object manager and trojan any system executables. Windows NT 3.51, 4.0, and 5.0 are all vulnerable. No fix.
725eb61400f085ff8b5dd8d1473df4a7d602bf39b3489c0fffd4a8a3e8029895
Windows NT Domain Denial of Service attack and Security Exploit with SAMBA Server. Detailed descriptions of problems and suggested solutions included.
88c73f58b148c07c8df0d14cd46d14e7b7f650cce27784508aa7f63fd11327db
Windows NT 3.51+SP*, 4.0+SP*, and 5.0b1-b2 screen saver vulnerability in Winlogon.Exe does not properly check for errors, allowing non-privleged user to gain access to admin group.
1da52ee8837a339891a2f9624d9c20d7a7e132cde5dcfe910a9552bb925cd5b1
Microsoft's Index Server 2.0 allows anybody to discover the physical path to directories being indexed, or if a directory found in a network share is being indexed, they can learn the name of the machine on which the share resides and the name of the user account used to access that share on behalf of Index and Internet Information Server 4.
1d0ab1349677a5f4764c564c47751f2d857b11dce433226ba5d17336d4e2c794
The Microsoft Java Virtual Machine that installs with Internet Explorer from the Service Pack 4 CD is NOT Y2K complaint.
3f4a2cd53320931c771db2a79f87f4326e707943d0d320721ec1a81a0edeb029
Windows NT Service Pack 4 is not Y2K compliant??? You might want to hold off on that network-wide deployment .... or did you already make the mistake?
245df61576ec612d1d83752f8e01edf4ea0c1ae11796a6edb4517c72f5db0b37
OpenSSL and SSLeay Security Alert - packages that use SSLeay and OpenSSL may suffer from a security problem: under some circumstances, SSL sessions can be reused in a different context from their original one. This may allow access controls based on client certificates to be bypassed. If you are using SSLeay, OpenSSL, Apache-SSL, mod_ssl, Raven, or Stronghold, among others, then read the advisory and upgrade your software now.
1efb63aab27a6aaf28524bf45ff14185f654030c448b36063be1901e3d62865f
Oracle 8.0.3 Enterprise Edition (maybe other versions too?) for Windows NT 4.0 leaves master password in plaintext and world readable with each new database creation.
db8b9c512d33d204a6583b78cb9853857031781ad3f23c0e1cafa36c7f9d06c4
Add-in components for Microsoft Outlook such as custom forms or folders, even though supposedly password protected, are left in memory as plaintext.
bb9bea9113fcd786108221755b1a6bfb4df38ad994ed208900d4fa116d694ca0
Mainstream press coverage of the "Major UNIX Flaw" referred to as "process table attacks" that we have all known about for quite some time. This ZDNN article though includes comments by Simson Garfinkel, Gene Spafford, Steven Bellovin, Bill Earl, and Peter G. Neumann, among others. Good read.
6a80c85f4aedc5d6d3853a9ffcc0117707da0f28c17d9a59450e82c1921d620c
ProMail v1.21, an advanced freeware mail program spread through several worldwide distribution networks (SimTel.net, Shareware.com and others), is a trojan. More details will follow as we investigate this matter ourselves.
6e87a410f79e2131996d7919cd91cb30c39bd6dd93b3f4d18dd281969449b947
Demonstration exploit code for the Linux Blind TCP Spoofing Advisory just discovered/released involving Linux kernels <= 2.0.35. Check the files out for details.
e85dc6dfaf0e8f7119f3a60865ce18e6c6ac5bffc7cbc8358c6e1929283d5fa8
bouncer to user with wingate or socks proxys.
775c1ffde2c192b8ecbd9df1646ab8bd9d45b5f0fe4cd7a606cfd4757bbe41be
SCO OpenServer exploit shell script that allows non-privleged user to erase any file on the system.
3c08620145706430fd5e60cf19851ba25bcba0543fa3a235fa893388a90168ec
Denial of Service exploit code (and patch) for Linux 2.1.89 - 2.2.3: a zero length fragment bug permits remote attacker to effectively disable a target's IP connectivity.
cdb222f4e08850d179b9100dfd9348bd964db504b3436ce7d25edd83a7bd8660
Shockwave 7 sends personal user information, including passwords, back to Macromedia. Macromedia, like Intel and Microsoft have responded when confronted with recent similar revelations regarding Big Brotherish privacy invading software/hardware, claims ignorance and promises to release a patch RSN (real soon now).
4ad7942b027dadac7c6ac13abc60e8ba10345b60c66b8d8ad9afb13c6e72a27b
SMTP server account probing by Earthonline's GeoList Professional software compromises all common user email accounts.
6399ef1044e4ed4300053b270815830f4ea53beb3f955ec3c41636fb6cfeacd3
64 bit Solaris 7 procfs vulnerability allows any non-privileged user to execute local Denial of Service attack. Simple exploit description included.
447321c4fb047172a26bba8c3a4b71da7552db502332d609284160cc76ce6964
Exploitable buffer overflow exists in all versions of Solaris 2.6 and 2.7 (possibly other Solaris versions too) /usr/bin/write program.
e1373957c5904946c05e77ecf128c1362da8f2ca7c76114e4affe96ba316c016
Linux Blind TCP Spoofing Advisory: An implementation flaw in the Linux TCP/IP stack allows remote attackers to forge TCP connections without predicting sequence numbers and pass data to the application layer before a connection is established. Linux kernels <= 2.0.35 are vulnerable.
b7b2b6d8172bb4e203ee67317afea8e0592ce0328f3010c237d3a876a8f49e9f
Seapine Software's TestTrack bug-tracking software (how ironic!) contains several security vulnerabilities that allow remote attackers to retrieve userids and passwords, and to launch Denial of Service attacks. Exploit descriptions included; no patches or fixes available.
bc982c9d60651a11f326311cef44d34dd4ccf77444861fa4c7d5944956b73c48
WarFTPD v1.70b1 stores all user passwords in plaintext.
795a70c6d975a2fbcd03bb867d5f134dc33a48e4865bc3ac8e68e567851b0cd2
wu-ftpd v2.4.2-beta18 remote root exploit code.
ff5f289be4b8d331af7c9e7046de74ca38af956f91541790b9a0232b832d89c4
A Time/Date bug in ALL Windows Operating Systems can prove to be a killer. Read this depressing, yet humorous, advisory. A classic.
8d520e6615c0aa38b97e3dec1bf40a0a4cf48585c2c93381935c25b6ebe97f58