what you don't know can hurt you
Showing 1 - 25 of 32 RSS Feed

Files

Atstake Security Advisory 03-10-28.3
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.

tags | kernel, local
systems | apple, osx
MD5 | bef10aee5d88035bc65507a618971cbb
Atstake Security Advisory 03-10-28.1
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.

tags | shell, local, root
systems | apple, osx
MD5 | ac6a7fa0e8348991b06323304526a603
Atstake Security Advisory 03-10-20.1
Posted Oct 21, 2003
Authored by Atstake, Jesse Burns | Site atstake.com

Atstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.

tags | remote, web, overflow, code execution
systems | linux, windows, xp
MD5 | 5f1aead79ce8a8c78a4898084989e4aa
Atstake Security Advisory 03-03-17.1
Posted Mar 18, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A031703-1 - McAfee ePolicy Orchestrater v2.5.1, an enterprise antivirus management tool for Windows 2000, contains a remote format string vulnerability which allows code execution as SYSTEM if tcp port 8081 is accessible.

tags | remote, tcp, code execution
systems | windows, 2k
MD5 | 83113362ffe42403459772d7b8127fa9
Atstake Security Advisory 03-03-13.2
Posted Mar 14, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A031303-2 - Nokia SGSN (DX200 Based Network Element) is a platform that exists between legacy GSM networks and the new IP core of the GPRS network. The SGSN, or Serving GPRS Support Node, is vulnerable in that it allows any attackers to read the SNMP options with any community string.

MD5 | 17b96914b2b0ed0fe6762d00554f6ef6
Atstake Security Advisory 03-03-13.1
Posted Mar 14, 2003
Authored by Atstake, Kevin Dunn, Chris Eng | Site atstake.com

Atstake Security Advisory A031303-1 - A stack buffer overflow exists in the Connector Module that ships with the Sun ONE Application Server. The module is an NSAPI plugin that integrates the Sun ONE Web Server (formerly iPlanet Enterprise Server) with the Application Server. Incoming HTTP request URLs are handled by the module and an unbounded string operation causes the overflow.

tags | web, overflow
MD5 | 77c32a91e9be968cc1e789bf727e589f
Atstake Security Advisory 03-02-14.1
Posted Feb 19, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A021403-1 - Mac OS X v10.2.3 contains a local root vulnerability in the TruBlueEnvironment portion of the MacOS Classic Emulator, which is suid root and installed by default.

tags | local, root
systems | apple, osx
MD5 | 03fd6ebae2a65a1b65ef812e828ad599
atstake_etherleak_report.pdf
Posted Jan 6, 2003
Authored by Ofir Arkin | Site atstake.com

Multiple platforms ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory due to poor programming practices. Several implementation methods are discussed in this white paper.

tags | kernel
MD5 | dc1b2f043642d7802fcb5687ef95ef1d
Atstake Security Advisory 03-01-06.1
Posted Jan 6, 2003
Authored by Ofir Arkin, Atstake | Site atstake.com

Atstake Security Advisory A010603-1 - Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest method to implement this attack is to send ICMP packets and watch for kernel memory in the replies. PDF report on this issue available here.

tags | kernel
MD5 | 77a6e132bfbb80d08c1dc2b84f9b7d0f
Atstake Security Advisory 02-10-28.1
Posted Oct 29, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.

tags | web, denial of service, vulnerability
systems | windows, nt
MD5 | 89e8742a8f5ef59e9dd916b6987f7ad5
kerb4.tar.Z
Posted Oct 4, 2002
Authored by Mudge | Site atstake.com

Kerberos 4 cracker.

MD5 | 608064fa20bdbb9120f7c081a95296ab
skey_paper_and_tool.txt
Posted Oct 4, 2002
Authored by Mudge | Site atstake.com

Monkey S/Key challenge/response auditor and white paper. Works similarly in nature to Alec Muffet's CRACK. In essence it takes the md4 value in either HEX or English words and compares it to a dictionary.

MD5 | 802803a8355ddb08f4b92b46416ddce9
Atstake Security Advisory 02-09-10.1
Posted Sep 11, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A091002-1 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.

tags | web, overflow, arbitrary, local, activex
systems | apple
MD5 | 2035fdbc2b58bd5d2de0d23e0f70cc5b
Atstake Security Advisory 02-08-28.1
Posted Aug 29, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.

tags | web, overflow, local, activex
MD5 | aa29f9dd929358961c4cc95ce9050483
Atstake Security Advisory 02-08-16.1
Posted Aug 21, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.

systems | windows, 2k, nt
MD5 | 4624c1d7cc3f99be57cb7d7edd81f4bf
Atstake Security Advisory 02-08-08.1
Posted Aug 9, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A080802-1 - WS_FTP server v3.1.1 for Windows NT/2000/XP contains a buffer overflow that allows remote users to execute code when they change their password. Since the WS_FTP Server is running as a service, an attackers code will be executing as SYSTEM.

tags | remote, overflow
systems | windows, nt
MD5 | 305ff1ef2bd047188e5966a0f5a349cd
Atstake Security Advisory 02-07-15.1
Posted Jul 17, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Advisory A071502-1 - Norton Personal Internet Firewall 2001 v3.0.4.91 for Windows NT and 2000 contains buffer overflows in the HTTP proxy which allows attackers to overwrite the first 3 bytes of the EDI register, which can lead to remote code execution.

tags | remote, web, overflow, code execution
systems | windows, nt
MD5 | ac7d34c4766b3e7becec8c60afb25891
Atstake-Pingtel-Xpressa.txt
Posted Jul 15, 2002
Site atstake.com

Atstake Security Advisory - Several vulnerabilities found in Pingtel Xpressa SIP VoIP phones model PX-1 v1.2.5-1.2.7.4 can lead to the disclosure of user credentials, the hijacking of calls, unauthorized access on phone devices and much more. Pingtel released a workaround that can be used by affected customers, available here.

tags | vulnerability
MD5 | 1cd19862c8230299c2bd9f2c58287e05
Atstake Security Advisory 02-06-05.1
Posted Jun 5, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.

tags | vulnerability
MD5 | 93e0a0bb3304a943dca559475b045269
Atstake Security Advisory 02-04-10.1
Posted Apr 11, 2002
Authored by Atstake, Dave Aitel | Site atstake.com

Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.

tags | remote, overflow, code execution
systems | windows, nt
MD5 | 26351148114738a6cf7321e2e6251ad8
Atstake Security Advisory 00-12-04.1
Posted Dec 6, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120400-1 - IIS 4.0/5.0 Phone Book server buffer overrun vulnerability. The Phone Book Service was created by Microsoft to help provide dial in services to the corporation and ISPs. As part of the functionality of the service when users dial in their client software can be configured to download phone book updates from a web server. The ISAPI application that serves the update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can allow the execution of arbitrary code or at best crash the Internet Information Server process, inetinfo.exe.

tags | web, overflow, arbitrary
MD5 | f18a7bfdb81142148ecb52864c79166e
sqladv-poc.c
Posted Dec 3, 2000
Site atstake.com

Microsoft SQL Server Extended Stored Procedure remote proof of concept exploit. Affects MS SQL Server 7.0 and MS SQL Server 2000 for Windows NT 4.0 / 2000.

tags | remote, proof of concept
systems | windows, nt
MD5 | 4478a0a83e5ace1529ee4de8a96b53b9
Atstake Security Advisory 00-12-01.1
Posted Dec 3, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120100-1 - Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowing an attacker to gain complete control of the server. In situations where the SQL Server is protected by a firewall, it may still be possible to launch this attack through a connecting web server - though this depends on how secure the web server's application is. Proof of concept code available here.

tags | web, overflow, arbitrary, vulnerability, proof of concept
MD5 | 712363e28a633c45f30f2d36b1f4920c
Atstake Security Advisory 00-12-01.2
Posted Dec 3, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120100-2 - This advisory details multiple vulnerabilities in Microsoft SQL Server 2000 that allow an attacker to run arbitrary code on the SQL server in the context of a local administrator account. SQL Server provides a mechanism by which a database query can result in a call into a function called an "extended stored procedure". Several extended stored procedures supplied with SQL Server 2000 are vulnerable to buffer overflow attacks. Furthermore, in a default configuration these extended stored procedures can be executed by any user. Proof of concept code available here.

tags | overflow, arbitrary, local, vulnerability, proof of concept
MD5 | e535624d02c4f06503cff14d101eaae7
sqladv2-poc.c
Posted Dec 3, 2000
Site atstake.com

SQL2KOverflow.c - This code creates a file called 'SQL2KOverflow.txt' in the root of the c: drive. Requires a SQL username and password.

tags | overflow, root
MD5 | 93adf425a1abd64d4f71ee7072709a9c
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close