Cognos PowerPlay Web Edition software for Microsoft NT Server contains a security vulnerability in which unauthenticated web users can access cube data. Negative vendor response. 8.688 kb.
0b738e5df294d5573c200c6b08586235de8961bfd2cc25aff789c8397786fa94Security vulnerability in the customer web interface at hustler.com allows malicious attacker to hijack any user accounts, and gain access to credit card and personal information. HTML exploit template included. 1.730 kb.
add2370cf21bee06621bdf7e4288deba5511fa40a7eff9ed51c8e2ddcfbbfa8bHack-A-Site I. A detailed kit on how to hack an Microsft IIS Server using the eEye exploit.
3938deff6439afd2832ba0c12379ee7feee4af22310842261e74484d666cdf03The Pine MUA up to and including v4.10 contains a security hole that allows a malicious remote attacker to potentially execute arbitrary code, resulting in possibility of root compromise. Exploit code included.
3054c916fc2bce91bd674955b51935253d8747420055d286dc452841681903ddexploit for ipop2 daemons shipped with the imap-4.4 package; remote attackers can spawn a shell with uid of user "nobody". 3.060 kb.
7d55ce13b8ecf9fd7866e3869768d4b34e2c843bd3582cd600a2c3c84a61674dLSM to kill modems using +++ATH0.
2386c8313663364e6ac207420d422f44b1039e3a236c379b238a6df54c8427ebkillmod.php3 is a php front end that calls a simple shell script (killmod.sh) that allows you to use the +++ath0 bug to hang up older modems.
9588b10240e4166ad8ac0237398350c808f935abb5404f1c4f5374f1044c1a8cSecurity vulnerability in Xi Graphics, Inc.'s Accelerated-X Server 4.x, 5.x (and possibly earlier versions) allows local users to gain administrative privileges by exploiting multiple buffer overflows in the Accelerated-X X server.
c4cd05a0c37cd2bee8385be2f61f1c7214528e9d88bfe332939118c591902703lsof 4.40 exploit, local root compromise. 0.901 kb.
fd57d63feaa510208b2a6f6141f559fb4c170ddba15ac5de626e6a8d166543b5Microsoft Outlook (all versions) does not properly handle X-UIDL: headers in email, resulting in the potential for denial of service attacks against MS Outlook users. Exploit details and patch included.
d12ee2aa4d12cb6711065f738ba3203b2e541dc23e4013b44f524e9ed4904b38HTML parsing bug in all versions of Netscape Communicator 4.x allows malicious web master to crash your browser using JavaScript. 1.269 kb.
6ced3284abc7396946a382d88d3c89a374b7179a6143a0b2878359668190c667Detailed description of the Brain File used to uncover the eEye NT4+IIS4 URL buffer overflow remote exploit.
9ccb8012a7fa14933beb8e4aa92ca1c05c22e3d03e3eed20ffe537042503fb10Details about how and why the eEye NT4+IIS4 URL buffer overflow remote exploit hole was exploited and released.
d4bc30711d23b93629e3af8119fa500bae9d918c2ecb58bc72ef2fa9b3d36f87General description of the eEye NT4+IIS4 URL buffer overflow remote exploit.
6a3eff4bb72d597d70ae5dc2c7d4680f46c2714618348baced0db5374695a7c8Older versions of rpc.statd and automountd for various platforms allow remote attackers to execute arbitrary commands and gain root privileges. Sun patches available.
a0f5e7d59ed9d1715787e9727cd5e407fdcf54f089374dbd6430da9214cb1c93Exploit code for remote ipop2d security vulnerability that gives attacker a shell as user 'nobody'.
5811bb6e6d8fe78e6b45fa1a280e0a20b4e12b452134c426650d3ed2168a6966shadow-980724 contains a security bug when used with '-p passwd' option, such that passwords are not encrypted. Solution: upgrade to shadow-19990607 or later.
e35d62a7a6581ebf288d91a5e22b505c48ab2307b22e33defd979153f9c148a3shadow-19990307 contains security bug that allows new user with UID 65536 to gain root access, without being logged at all, and with ability to bypass /etc/securetty restrictions.
3f3d3298dbb3069425aa0f0cc4b74c2dae96f5c061fbcffee06de675ff87084cExploitable buffer overflows in the smbval library leave numerous systems open to local and remote attacks that can potentially result in root compromise.
c46d2d7f82df8ad5c62ec97082f0995992637a02c840f7768a22188307e8b043Sun Solaris 2.5 and earlier contain security hole in the 'su' program that allows scripted brute force attacks on the superuser password without the attacker being logged. Exploit script (coded in Expect) and detailed description included.
bd95eaff399fd0d686613816ee376617456fc414c51f46f76e35100dc7c9da3essh-2.0.12 allows remote attacker to verify userids.
e159897760527f3e3ce7099c6ed5cf87f3e973ff81e295ebe8d0293cedadc7d1Red Hat PAM version of the 'su' utility allows any local user to easily brute force the superuser (root) password with fast scripted (automated) attacks, avoiding all logging via syslog too.
c23abd14c9e2881dca4bfad7645174d90c764fbcf557a71897e7f5dda127b21fSudo v1.5.6p2-2, a program that provides limited superuser privileges, does not properly handle improper file access attempts, revealing information about file existence.
d81be80f43f14771ac7b8428d07e62304fc1814ba6697f40b29a6e5dfb69ccfb"Big Brother" feature that sends lists of your C compiler commands to "ut-cc@sunpro.Eng.Sun.COM" exists in alpha and beta versions of Sun's SUNWspro C compiler package.
24e59d2817633be6d77dc3cc11da5272724e5f3b2396939511a810aafe8126a2Time to upgrade your Sun 5.5.1 and 5.6 sendmail software to version 8.8.8. Sun describes it as "taking advantage of new security enhancements"; I call it "plugging all the security holes in v8.6.9". :)
3cb50955abb9fb4a7fa6f7f8c1c6f2d021336ba39d2f265772ad077d373a6ada
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed