This whitepaper focuses on discussing how to use the SQL XFS deviation to execute cross site scripting attacks.
d5389cf7c67fab6b3327828f65c48169a619c6b29291a442aab792d853abc3f4
Remote exploit for Sendmail versions below 8.9 that makes use of the buffer overflow in HELO to send completely spoofed emails.
3d6881cde3b31dc842c49104042ab24e0e162e20e9e27f80f3a49df9dceababe
Con Fusion is an extremely user-friendly Win32 program that exploits the security holes found in Cold Fusion web server software. [re:L0pht's Cold Fusion security advisory]
6a52a84ee59905798bcd901f6606bfff3f8990048a30e611a920ec2d9973cff5
Security Vulnerability in MPEi/X debug for HP3000 systems allows any user to gain increased privileges. Vendor patches available.
4683ef2dca3edf06ba73e444998120596021c9ff1c001cdb9e23c4101fefe11e
sendmail 8.8.6 for various HP platforms is vulnerable to simple Denial of Service attacks. Vendor solution/patch details included.
e624bab9c22fdcd4e21f16568c365b1f963dd133ec45f45074f77ad9366b4f42
Security vulnerabilities in the ICQ99a ICQ-Webserver allows remote attacker to execute Denial of Service attacks, hijack ICQ accounts, and even download any files from Hard Drive, including Registry and password files. Detailed step-by-step descriptions of all exploits included.
dc40d572a74e48ff19155e4347f3576aa5a85eeb98546defaf163c50963d1d6f
ICQ stores passwords in plain text? And now you know where too. Find one of the millions of people utilizing the ICQ-Webserver and you can Hacking ICQ-Webservers for Dummies file if you have problems.
c1f2b3559dbc973c1ce6ce63ef3585dc063684610de32e96ad01fdbe3d29ca06
Security vulnerability in ICQ99 WebServer allows anybody to access your entire hard drive, including password files and registry. Exploit described; no fix available. Mirabilis obviously does not consider security to be of any importance.
9152529e4a891de78701b2169f6e55dedd00d35c4b195f51f7a21a8ad9c3026b
Linux insmod security vulnerabilities allow local attacker to potentially gain root compromise. Detailed descriptions of the various vulnerabilities and basic exploit description included.
c7baec334bad4c6390faa3bbf1bd3113d444dbb3112451dd82e0825ca68a2a13
Security vulnerability in IPFilter v3.2.10 and earlier versions allows local user to gain increased privileges and/or destroy arbitrary system files, due to improper handling of lockfiles by the ipfilter program. Download the new beta version, or apply patch included in advisory.
e8906ca4b706529903dcf7bbaf52d094df40cadaed92a90e4b71368a8167d4d3
Buffer overflow in CAC.Washington.EDU ipop3d 4.xx can be used by malicious local user to gain superuser access.
f57e075d2bd20ff871bbd522759d7fd328efcbbdb7c1545a2a81102495a05c23
Lockfile vulnerability in CAC.Washington.EDU ipop3d 4.xx can be used to launch local Denial of Service attacks. Exploit code and recommended fix included.
81a3b6fc6e5152ca333c14b0c70252eca117d675a7505fc009a910164c511f93
Bug in Services for IRC Networks 4.2.2 allows any IRC user to launch a simple Denial of Service attack. Exploit description and software upgrade information included.
66deac9e1d35cfab66c8966457650fa973c27a57152b832250ca43f876539558
Security Hole in Java 2 (and JDK 1.1.x) allows an attacker to create a booby-trapped Web page, so that when a victim views the page, the attacker seizes control of the victim's machine and can do whatever he wants, including reading and deleting files, and snooping on any data and activities on the victim's machine. No vendor patch available yet.
5eec14ed273562dddc1104f273eb4b080a4d9969eefe3ae05c62e931fb2dcf7b
KKIS.28041999.002.b Security Advisory describes a common vulnerability with a wide variety of software applications that utilize tcp connections and do not properly close connections within a reasonable, secure time frame. Exploit code included to test for "inactive connection" vulnerabilities. KKI Security Team
9a8c098e306bcc5628b1d35272ddab934481419144fdc4fcbe006f17c442fb4c
Security vulnerabilities in several RPC implementations allow remote attacker to execute Denial of Service attacks. Exploit code included.
80bf64597b925cfc658fd34388749328f3a822cf5bba07966af6c3be386eeb3d
Linux 2.x IPC vulnerability permits local users to exhaust memory, launching effective Denial of Service attack. Exploit code and recommended fix included.
e93b741c537f8d1eecad296d8ae042d0f05f574c0743b867a438796e232899c6
Linux 2.x mmap vulnerability permits local users to exhaust memory, launching effective Denial of Service attack. Exploit code and recommended fix included.
6399afa92c537d0aac41891c4ccc44d90f47c49ea14224248661579bc138a6b3
This patch sets the tos field for IP headers to high priority and optimizes the IP connection for throughput, which has real effects on cisco routers.
b74ee64c8bbcf69a849cb4e8d698f915898080ceafe7d04faece77387dcf92a5
Exploit code for Pine 4.xx and CAC.Washington.EDU ipop3d 4.xx lockfile vulnerabilities, allowing local Denial of Service execution by non-privileged users.
4b3d468e1fce900a532b0ac67fad6f92b840a5b7fd9229af55060cc57628a244
Lotus Notes handles time zones and system time improperly, resulting in missed meetings, luser time-space confusion, black holes, mass hysteria, disorientation, and, in extreme cases, impotence and the contraction of obscure fungal infections. Patch included. The real solution is for everybody to switch to GMT/UTC though. :-)
55ba69d5a49d6bcb7edb2bd83ef36b2241e5df8e129b2d4b1fce68c20e302fba
The popular Responder.cgi script for MacHTTP CGI Servers contains a buffer overflow that allows remote attacker to launch Denial of Service attack. Exploit description, program, source code included.
8ad6f09675a7cc0bc247ee37ac32f61347cd2186dc60add5ed36316c889e2b9a
Yet another bug in Midnight Commander 4.xx - this security hole allows local user to potentially gain root privileges due to improper handling of negative file sizes by MC and resulting core dumps.
d9be9334ccae908006a722bfc3d2c16782d3e46589d80e3bcd06ea5519e5cd55
An excellent report analyzing the Melissa macro virus by melissavirus.com for more detailed information.
acc5867ac7112e6dab0867f2eaf66b86743420ecbd521954f5f202fa6d07d3a0
Microsoft releases virus infected MS Word documents on their own web site! If you have visited http://www.microsoft.com/uk/business_technology/dns/ecommerce/financial/case.htm recently to find out more about MS Exchange and E-commerce, then you should scan for the W97M/Marker.C virus on your network. This has happened numerous times!
b245925141c0ac86bf1b2a25d1c4d2c92ee04d4cfa02ca3edd7d0b8555a44375