Twenty Year Anniversary
Showing 1 - 6 of 6 RSS Feed

Files

BWL-00-04.txt
Posted Dec 7, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-04 (April 6, 2000) - BizDB is a database and search engine software by Cnctek. Part of the installation is a CGI script, ?bizdb-search.cgi? which is used to search the bizdb database. This script is vulnerable to modification of its paramater, in such way that causes it to run user provided shell commands on the server. Exploit URL's included. These issues have been resolved in newer versions of this software, make sure to upgrade!

tags | shell, cgi
MD5 | 8865d9c1eafd735f0d6148dc82d1579c
BWL-00-01.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-01 (Feb 17, 2000) - Search Engines (e.g. AltaVista and InfoSeek) can be used to reveal potential application-level vulnerabilities in indexed web sites. Easily formed queries which incorporate the "signature" of a suspected vulnerability can be used to list the sites which match the signature, that is, which contain the "suspicious" content. In some cases, hundreds of thousands of web sites can be located with one query. Check your site with the Site Checker, available here.

tags | web, vulnerability
MD5 | 9fbfd0d2e0985d6e96184db55903265c
BWL-00-02.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-02 (March 6, 2000) - Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data. A mail application used by some free mail services employs a weak security scheme. It assigns session-IDs ("tokens") for logged-in users which allow reading of arbitrary users' messages and private information.

tags | arbitrary
MD5 | 5afcf43693f2eba277fc5c2e50a93792
BWL-00-03.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-03 (March 21, 2000) - Some Infonautics' applications utilize the getdoc.cgi CGI in such a way that allows attackers to gain (read) access to a document they would otherwise have to pay in order to view. Exploit information included.

tags | cgi
MD5 | c0dd5f36d7ad60f4402a21122192d752
BWL-00-05.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-05 (May 5, 2000) - Gossamer Threads DBMan (db.cgi) allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. DBMan dumps useful information (e.g. script location, HTTP root, version of Perl, server_admin, server_name, path) to the browser when the database file provided is incorrect. Perl exploit included.

tags | web, cgi, root, perl
MD5 | d9a9c73617fc0034d47ea59f768dc342
BWL-00-06.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-06 (May 10, 2000) - Environment and Setup Variables can be Viewed through FormMail.cgi Script. The FormMail.cgi script allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. The script will also happily send mail to an attackers mail account instead for analysis.

tags | cgi
MD5 | e78b8ac6213cf3df7d22c2596be2581f
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Script Kiddie Gets 20 Months After DDoSing 911
Posted Jun 20, 2018

tags | headline, hacker, government, denial of service
Hackers Rob Bithumb Of $32m
Posted Jun 20, 2018

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
China-Based Hackers Burrow Inside Satellite, Defense, And Telecom Firms
Posted Jun 20, 2018

tags | headline, hacker, government, china, cyberwar
Tesla Sues Former Worker For Hacking
Posted Jun 20, 2018

tags | headline, hacker, data loss
Hackers Who Sabotaged The Olympic Games Return For More Mischief
Posted Jun 19, 2018

tags | headline, hacker, cyberwar
Alleged Leaker Of Vault7 Cache Busted By Poor OpSec
Posted Jun 19, 2018

tags | headline, government, usa, data loss, cyberwar, password, fbi, cia
7 Time Jeopardy! Winner Pleads Guilty To Hacking
Posted Jun 19, 2018

tags | headline, hacker, privacy, email
FBI Recovers WhatsApp, Signal Data Stored On Michael Cohen's BlackBerry
Posted Jun 18, 2018

tags | headline, government, usa, phone, russia, fraud, fbi
US Exposes North Korea Government's Typeframe Malware
Posted Jun 18, 2018

tags | headline, government, malware, usa, cyberwar, korea
PageUp Confirms Some Data Compromised In Breach
Posted Jun 18, 2018

tags | headline, hacker, data loss
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close