This whitepaper focuses on discussing how to use the SQL XFS deviation to execute cross site scripting attacks.
d5389cf7c67fab6b3327828f65c48169a619c6b29291a442aab792d853abc3f4Remote exploit for Sendmail versions below 8.9 that makes use of the buffer overflow in HELO to send completely spoofed emails.
3d6881cde3b31dc842c49104042ab24e0e162e20e9e27f80f3a49df9dceababeCon Fusion is an extremely user-friendly Win32 program that exploits the security holes found in Cold Fusion web server software. [re:L0pht's Cold Fusion security advisory]
6a52a84ee59905798bcd901f6606bfff3f8990048a30e611a920ec2d9973cff5Security Vulnerability in MPEi/X debug for HP3000 systems allows any user to gain increased privileges. Vendor patches available.
4683ef2dca3edf06ba73e444998120596021c9ff1c001cdb9e23c4101fefe11esendmail 8.8.6 for various HP platforms is vulnerable to simple Denial of Service attacks. Vendor solution/patch details included.
e624bab9c22fdcd4e21f16568c365b1f963dd133ec45f45074f77ad9366b4f42Security vulnerabilities in the ICQ99a ICQ-Webserver allows remote attacker to execute Denial of Service attacks, hijack ICQ accounts, and even download any files from Hard Drive, including Registry and password files. Detailed step-by-step descriptions of all exploits included.
dc40d572a74e48ff19155e4347f3576aa5a85eeb98546defaf163c50963d1d6fICQ stores passwords in plain text? And now you know where too. Find one of the millions of people utilizing the ICQ-Webserver and you can Hacking ICQ-Webservers for Dummies file if you have problems.
c1f2b3559dbc973c1ce6ce63ef3585dc063684610de32e96ad01fdbe3d29ca06Security vulnerability in ICQ99 WebServer allows anybody to access your entire hard drive, including password files and registry. Exploit described; no fix available. Mirabilis obviously does not consider security to be of any importance.
9152529e4a891de78701b2169f6e55dedd00d35c4b195f51f7a21a8ad9c3026bLinux insmod security vulnerabilities allow local attacker to potentially gain root compromise. Detailed descriptions of the various vulnerabilities and basic exploit description included.
c7baec334bad4c6390faa3bbf1bd3113d444dbb3112451dd82e0825ca68a2a13Security vulnerability in IPFilter v3.2.10 and earlier versions allows local user to gain increased privileges and/or destroy arbitrary system files, due to improper handling of lockfiles by the ipfilter program. Download the new beta version, or apply patch included in advisory.
e8906ca4b706529903dcf7bbaf52d094df40cadaed92a90e4b71368a8167d4d3Buffer overflow in CAC.Washington.EDU ipop3d 4.xx can be used by malicious local user to gain superuser access.
f57e075d2bd20ff871bbd522759d7fd328efcbbdb7c1545a2a81102495a05c23Lockfile vulnerability in CAC.Washington.EDU ipop3d 4.xx can be used to launch local Denial of Service attacks. Exploit code and recommended fix included.
81a3b6fc6e5152ca333c14b0c70252eca117d675a7505fc009a910164c511f93Bug in Services for IRC Networks 4.2.2 allows any IRC user to launch a simple Denial of Service attack. Exploit description and software upgrade information included.
66deac9e1d35cfab66c8966457650fa973c27a57152b832250ca43f876539558Security Hole in Java 2 (and JDK 1.1.x) allows an attacker to create a booby-trapped Web page, so that when a victim views the page, the attacker seizes control of the victim's machine and can do whatever he wants, including reading and deleting files, and snooping on any data and activities on the victim's machine. No vendor patch available yet.
5eec14ed273562dddc1104f273eb4b080a4d9969eefe3ae05c62e931fb2dcf7bKKIS.28041999.002.b Security Advisory describes a common vulnerability with a wide variety of software applications that utilize tcp connections and do not properly close connections within a reasonable, secure time frame. Exploit code included to test for "inactive connection" vulnerabilities. KKI Security Team
9a8c098e306bcc5628b1d35272ddab934481419144fdc4fcbe006f17c442fb4cSecurity vulnerabilities in several RPC implementations allow remote attacker to execute Denial of Service attacks. Exploit code included.
80bf64597b925cfc658fd34388749328f3a822cf5bba07966af6c3be386eeb3dLinux 2.x IPC vulnerability permits local users to exhaust memory, launching effective Denial of Service attack. Exploit code and recommended fix included.
e93b741c537f8d1eecad296d8ae042d0f05f574c0743b867a438796e232899c6Linux 2.x mmap vulnerability permits local users to exhaust memory, launching effective Denial of Service attack. Exploit code and recommended fix included.
6399afa92c537d0aac41891c4ccc44d90f47c49ea14224248661579bc138a6b3This patch sets the tos field for IP headers to high priority and optimizes the IP connection for throughput, which has real effects on cisco routers.
b74ee64c8bbcf69a849cb4e8d698f915898080ceafe7d04faece77387dcf92a5Exploit code for Pine 4.xx and CAC.Washington.EDU ipop3d 4.xx lockfile vulnerabilities, allowing local Denial of Service execution by non-privileged users.
4b3d468e1fce900a532b0ac67fad6f92b840a5b7fd9229af55060cc57628a244Lotus Notes handles time zones and system time improperly, resulting in missed meetings, luser time-space confusion, black holes, mass hysteria, disorientation, and, in extreme cases, impotence and the contraction of obscure fungal infections. Patch included. The real solution is for everybody to switch to GMT/UTC though. :-)
55ba69d5a49d6bcb7edb2bd83ef36b2241e5df8e129b2d4b1fce68c20e302fbaThe popular Responder.cgi script for MacHTTP CGI Servers contains a buffer overflow that allows remote attacker to launch Denial of Service attack. Exploit description, program, source code included.
8ad6f09675a7cc0bc247ee37ac32f61347cd2186dc60add5ed36316c889e2b9aYet another bug in Midnight Commander 4.xx - this security hole allows local user to potentially gain root privileges due to improper handling of negative file sizes by MC and resulting core dumps.
d9be9334ccae908006a722bfc3d2c16782d3e46589d80e3bcd06ea5519e5cd55An excellent report analyzing the Melissa macro virus by melissavirus.com for more detailed information.
acc5867ac7112e6dab0867f2eaf66b86743420ecbd521954f5f202fa6d07d3a0Microsoft releases virus infected MS Word documents on their own web site! If you have visited http://www.microsoft.com/uk/business_technology/dns/ecommerce/financial/case.htm recently to find out more about MS Exchange and E-commerce, then you should scan for the W97M/Marker.C virus on your network. This has happened numerous times!
b245925141c0ac86bf1b2a25d1c4d2c92ee04d4cfa02ca3edd7d0b8555a44375
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed