Cerberus Information Security Advisory (CISADV000718) - A buffer overflow has been discovered in webfind.exe which comes with O'Reilly's WebSite Pro. This overflow can be exploited by an attacker to execute arbitrary code. If webfind.exe receives a search string of over 1024 bytes the stack is overwritten. A proof of concept exploit is included.
12b26b233ae8e86c75290b8e6e7d8e59ce23a84ea10e6ac5d0c3e8d5251236b9Cerberus Information Security Advisory (CISADV000717) - A buffer overflow has been found in O'Reilly's Website Pro 2.4. This overflow can be exploited by an attacker to execute arbitrary code.
d3fab097c78c31f8e65dddbeda370b181d0fbaa21fbc7ef9e47c6007ad36adcbCerberus Information Security Advisory (CISADV000525) - The Cerberus Security Team has found a remotely exploitable buffer overrun in two executables that come with PDGSoft's Shopping Cart. Redirect.exe and changepw.exe are both accessable over the web to all users. If supplied an overly long query string both will overflow an internal buffer overwriting the saved return address.
47c5ccd9102dac8b0ab89dab0a306e546e5bd7ae581a145be2b627262530e2acCerberus Information Security Advisory CISADV000327 - Windows NT systems running IIS allows attackers to obtain contents of files users should not be able to access via ISM.DLL. For example text based files (eg .txt,.log and .ini) in the /scripts directory are not normally accessible due to the virtual directory have only script and execute access. Using this vulnerability it is possible to gain access to these files' contents.
00e929943643e31acf39909a9091acdfbdc49af62b6d8fad63373c8f500279bfCerberus Information Security Advisory CISADV000427 - Cart32 secret password Backdoor. he Cerberus Security Team has discovered a serious security hole in Cart32 (http://www.cart32.com/) that can only be described as a blatant backdoor. Within cart32.exe, the main file that provides the cart's functionality, there is a secret hidden password that can be used to gain vital information such as other passwords and using these an attacker can modify the shopping cart's properties so that arbitary commands may be run on the server as well as gain access to customers' credit card details, shipping addresses and other highly sensitive information.
98e03c0e0706b6a43501efe12529016b65d8e31ed23baff38c1bc950534d95afCerberus Information Security Advisory CISADV000420 - Windows NT/2000 cmd.exe overflow. Web servers that will execute batch files as CGI scripts on behalf of a client are therefore opened up to a Denial of Service attack. By providing an overly long string as an argument to a CGI based batch file it is possible to crash the command interpreter in the "clean up" stages.
0dcbdc1ab5da7d7148582f2f06ad1011474b95363fe58c05094dfee1821bee25Cerberus Information Security Advisory (CISADV000330) - The Cerberus Security Team has found a third issue with Microsoft's Index Server that affects any web site running Internet Information Server 4 or 5 with Index Server even if the recent Index Server patch has been installed and even if no .htw files exist. These systems are at risk from having the source of ASP pages or other files such as the global.asa being revealed.
16498bff2cc18ac3aa8a8693229ee77d942225f291834076974c5fbdf2c6727aCerberus Information Security Advisory - Windows NT systems running Frontpage Server Extentions reveals the name of the anonyous Internet account and leaks physical paths on system.
a8f1405807d2ae29e4358d0e21c3a9db4d9b8e951dd86aab8ada6504e64ae1b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed