exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files

Atstake Security Advisory 03-10-28.3
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.

tags | kernel, local
systems | apple, osx
SHA-256 | 319ce15f5986529ed5010d67654eb62e5341d237edf4d5f20e5bf93b121fe0a7
Atstake Security Advisory 03-10-28.1
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.

tags | shell, local, root
systems | apple, osx
SHA-256 | 55cac7ecd548a05acacef22ad370bb0adceada6e580cad95af9f0d9d18d3a9cc
Atstake Security Advisory 03-10-20.1
Posted Oct 21, 2003
Authored by Atstake, Jesse Burns | Site atstake.com

Atstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.

tags | remote, web, overflow, code execution
systems | linux, windows
SHA-256 | 47be7130d5351ee1e6a51c87a74d5a02b3e5f28749ce4d47d3f097a00a9f49bd
Atstake Security Advisory 03-03-17.1
Posted Mar 18, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A031703-1 - McAfee ePolicy Orchestrater v2.5.1, an enterprise antivirus management tool for Windows 2000, contains a remote format string vulnerability which allows code execution as SYSTEM if tcp port 8081 is accessible.

tags | remote, tcp, code execution
systems | windows
SHA-256 | 57b85495432c8e5ec8fc8404b83aa9c7607157c7553eda5446874f8bbc55c20c
Atstake Security Advisory 03-03-13.2
Posted Mar 14, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A031303-2 - Nokia SGSN (DX200 Based Network Element) is a platform that exists between legacy GSM networks and the new IP core of the GPRS network. The SGSN, or Serving GPRS Support Node, is vulnerable in that it allows any attackers to read the SNMP options with any community string.

SHA-256 | a743e83228a8aa4690b234f2fa9cd8ae048f018026c6d5f4f2c72ee4558edd4d
Atstake Security Advisory 03-03-13.1
Posted Mar 14, 2003
Authored by Atstake, Kevin Dunn, Chris Eng | Site atstake.com

Atstake Security Advisory A031303-1 - A stack buffer overflow exists in the Connector Module that ships with the Sun ONE Application Server. The module is an NSAPI plugin that integrates the Sun ONE Web Server (formerly iPlanet Enterprise Server) with the Application Server. Incoming HTTP request URLs are handled by the module and an unbounded string operation causes the overflow.

tags | web, overflow
SHA-256 | d3e56ce7b90eff64e31f495c396f7513465f86ec2348d3cd53df4ab0ba8e61dc
Atstake Security Advisory 03-02-14.1
Posted Feb 19, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A021403-1 - Mac OS X v10.2.3 contains a local root vulnerability in the TruBlueEnvironment portion of the MacOS Classic Emulator, which is suid root and installed by default.

tags | local, root
systems | apple, osx
SHA-256 | 922979add04dd03a99e8b8cf1546f75144cba14cd5ed8c57ec889932256bc0db
atstake_etherleak_report.pdf
Posted Jan 6, 2003
Authored by Ofir Arkin | Site atstake.com

Multiple platforms ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory due to poor programming practices. Several implementation methods are discussed in this white paper.

tags | kernel
SHA-256 | daec269b3fe04ddf8ce145fdfc529beb7cb202da14e9fcd184457b800d6f711d
Atstake Security Advisory 03-01-06.1
Posted Jan 6, 2003
Authored by Ofir Arkin, Atstake | Site atstake.com

Atstake Security Advisory A010603-1 - Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest method to implement this attack is to send ICMP packets and watch for kernel memory in the replies. PDF report on this issue available here.

tags | kernel
SHA-256 | 08e892f8893b2271d8dd4a438785fa2838ad83e1bafff8e9b8f1aa5864ceb555
Atstake Security Advisory 02-10-28.1
Posted Oct 29, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.

tags | web, denial of service, vulnerability
systems | windows
SHA-256 | a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8
kerb4.tar.Z
Posted Oct 4, 2002
Authored by Mudge | Site atstake.com

Kerberos 4 cracker.

SHA-256 | 1e2ec4124c5ea5abc860098482da56da54827ff1882ff0bc51e8a78488c36135
skey_paper_and_tool.txt
Posted Oct 4, 2002
Authored by Mudge | Site atstake.com

Monkey S/Key challenge/response auditor and white paper. Works similarly in nature to Alec Muffet's CRACK. In essence it takes the md4 value in either HEX or English words and compares it to a dictionary.

SHA-256 | 91361b4f1c1136c90bd9c318b67f64854190eb95ae32e1899a0166c2aa19e602
Atstake Security Advisory 02-09-10.1
Posted Sep 11, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A091002-1 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.

tags | web, overflow, arbitrary, local, activex
systems | apple
SHA-256 | 67fa04ee26e8153f5ebac2a4e8afbc94afbd217f0c2391f6d6bcc01b0c137578
Atstake Security Advisory 02-08-28.1
Posted Aug 29, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.

tags | web, overflow, local, activex
SHA-256 | 56359c9b96a1991a0e4e4ca0c9bcd9337adab1526626b1bdc5b1cae7f982e8e1
Atstake Security Advisory 02-08-16.1
Posted Aug 21, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.

systems | windows
SHA-256 | e5fefbae46a457866facd5d4caafcae07329a7508e7d9764de60f72b741eb0ba
Atstake Security Advisory 02-08-08.1
Posted Aug 9, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A080802-1 - WS_FTP server v3.1.1 for Windows NT/2000/XP contains a buffer overflow that allows remote users to execute code when they change their password. Since the WS_FTP Server is running as a service, an attackers code will be executing as SYSTEM.

tags | remote, overflow
systems | windows
SHA-256 | 217640519642343dd537e34149f73960fd350a4359bf54a02275a74e046990c7
Atstake Security Advisory 02-07-15.1
Posted Jul 17, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Advisory A071502-1 - Norton Personal Internet Firewall 2001 v3.0.4.91 for Windows NT and 2000 contains buffer overflows in the HTTP proxy which allows attackers to overwrite the first 3 bytes of the EDI register, which can lead to remote code execution.

tags | remote, web, overflow, code execution
systems | windows
SHA-256 | b638be2b6c12ee1233b0973e42fb9455d457e7c5b99317fa57810587b7da13b0
Atstake-Pingtel-Xpressa.txt
Posted Jul 15, 2002
Site atstake.com

Atstake Security Advisory - Several vulnerabilities found in Pingtel Xpressa SIP VoIP phones model PX-1 v1.2.5-1.2.7.4 can lead to the disclosure of user credentials, the hijacking of calls, unauthorized access on phone devices and much more. Pingtel released a workaround that can be used by affected customers, available here.

tags | vulnerability
SHA-256 | 137c467df7a52e511bc1a0959f6c9113896a816a356cc78d4266270c84c5e3e0
Atstake Security Advisory 02-06-05.1
Posted Jun 5, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.

tags | vulnerability
SHA-256 | 6c550edb79304b779ac8aac4982d3ad3e6fb9a08a6d7394b3520dc74a6e1c066
Atstake Security Advisory 02-04-10.1
Posted Apr 11, 2002
Authored by Atstake, Dave Aitel | Site atstake.com

Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.

tags | remote, overflow, code execution
systems | windows
SHA-256 | d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddca
Atstake Security Advisory 00-12-04.1
Posted Dec 6, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120400-1 - IIS 4.0/5.0 Phone Book server buffer overrun vulnerability. The Phone Book Service was created by Microsoft to help provide dial in services to the corporation and ISPs. As part of the functionality of the service when users dial in their client software can be configured to download phone book updates from a web server. The ISAPI application that serves the update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can allow the execution of arbitrary code or at best crash the Internet Information Server process, inetinfo.exe.

tags | web, overflow, arbitrary
SHA-256 | 7822463a0e0c98a33b81e6be0d33e5d289f446c0bcfff7a90e516e33823ba258
sqladv-poc.c
Posted Dec 3, 2000
Site atstake.com

Microsoft SQL Server Extended Stored Procedure remote proof of concept exploit. Affects MS SQL Server 7.0 and MS SQL Server 2000 for Windows NT 4.0 / 2000.

tags | remote, proof of concept
systems | windows
SHA-256 | 5fd70a776c270907c1dab025d719f1bc0ed94cb93096e57c8d76c639e5402a46
Atstake Security Advisory 00-12-01.1
Posted Dec 3, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120100-1 - Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowing an attacker to gain complete control of the server. In situations where the SQL Server is protected by a firewall, it may still be possible to launch this attack through a connecting web server - though this depends on how secure the web server's application is. Proof of concept code available here.

tags | web, overflow, arbitrary, vulnerability, proof of concept
SHA-256 | 7a62c36595e25982e5eb61be78940b169d48a8771ddd9252d29796af5fbdf890
Atstake Security Advisory 00-12-01.2
Posted Dec 3, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120100-2 - This advisory details multiple vulnerabilities in Microsoft SQL Server 2000 that allow an attacker to run arbitrary code on the SQL server in the context of a local administrator account. SQL Server provides a mechanism by which a database query can result in a call into a function called an "extended stored procedure". Several extended stored procedures supplied with SQL Server 2000 are vulnerable to buffer overflow attacks. Furthermore, in a default configuration these extended stored procedures can be executed by any user. Proof of concept code available here.

tags | overflow, arbitrary, local, vulnerability, proof of concept
SHA-256 | ec739fab767d599a0ee58f32f2ff762f3b6dfc21601af5994abc47bc96a9b5ec
sqladv2-poc.c
Posted Dec 3, 2000
Site atstake.com

SQL2KOverflow.c - This code creates a file called 'SQL2KOverflow.txt' in the root of the c: drive. Requires a SQL username and password.

tags | overflow, root
SHA-256 | fee58ba23f9c0ccef37684361da716327f6fff17eb2a15ff91fee59fd97842a4
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close