Exploit the possiblities
Showing 1 - 6 of 6 RSS Feed

Files

FS-112002-MDAC
Posted Nov 24, 2002
Site foundstone.com

Foundstone Research Labs Advisory - 112002 - MDAC : Microsoft Data Access Components (MDAC) is a collection of components that provide the back-end technology which enables database access for Windows platforms. One of the components within MDAC, Remote Data Services (RDS), enables controlled Internet access to remote data resources through Internet Information Services (IIS). Such access allows users to execute files including .dll and .exe extensions, thereby providing increased site functionality. In general RDS embodies two functional technologies: Data Space and Data Control. The technology exploited within MDAC utilizes the DataSpace object of RDS which acts as a middle layer between the local command execution and the web front end. Due to incorrect string handling within the RDS interface, it is possible for a malicious user to gain control of the remote system via over-running a buffer.

tags | remote, web, local
systems | windows
MD5 | cba0ad778b52dd0d49ce91b4594980b3
091802-ISSC
Posted Sep 19, 2002
Authored by Tony Bettini | Site foundstone.com

Foundstone Labs Advisory 091802-ISSC - A vulnerability found in the manner used by Internet Scanner to parse certain types of non-standard HTTP responses can result in a remotely exploitable buffer overflow condition. This affects Internet Scanner version 6.2.1 for Windows (NT/2000) and has been corrected with X-Press Update 6.17.

tags | web, overflow
systems | windows
advisories | CVE-2002-1122
MD5 | 06e22daad9aaac55f9dfda00e560e8d3
FS-091002-SVWS
Posted Sep 11, 2002
Authored by Robin Keir | Site foundstone.com

Foundstone Security Advisory FS-091002-SVWS - A buffer overflow exists in versions 3.1 and previous of Savant Web Server. Exploitation of this vulnerability allows remote execution of arbitrary code with daemon privileges. Sending a GET request containing a URL of approximately 291 characters or more causes Savant Web Server to crash. Exploitation is possible and proof of concept code has been authored to demonstrate this problem.

tags | remote, web, overflow, arbitrary, proof of concept
MD5 | 99b8e77654a232b752bea47a2145e7f0
FS-090502-PCRO
Posted Sep 6, 2002
Authored by Tony Bettini | Site foundstone.com

Foundstone Labs Advisory 090502-PCRO - A remotely exploitable buffer overflow has been found in PGP Corporate Desktop 7.1.1 for Windows 2000 and XP which allows remote code execution and sometimes allows the attacker to find the passphrase of the target user. PGP crashes immediately after the decryption of the malicious file and before the memory containing the passphrase is overwritten. Fix available here.

tags | remote, overflow, code execution
systems | windows, 2k
MD5 | b6217d072c5286376437f519b4e2c972
FS-080902-APIL
Posted Aug 11, 2002
Authored by Marshall Beddoe, Tony Bettini | Site foundstone.com

Foundstone Security Advisory FS-080902-APIL - An information leakage vulnerability exists in Orinoco and Compaq OEM access points, disclosing the unique SNMP community string. As a result, an attacker can query the community string and gain the ability to change system configuration including Wired Equivalent Privacy (WEP) keys and Domain Name Service (DNS) information.

MD5 | 75b0e79ec99aef540e79a176bb706bd9
FS-082200-11-JWS
Posted Aug 24, 2000
Authored by Foundstone Labs | Site foundstone.com

The Sun Java Web Server for Solaris and NT allows a remote attacker to execute arbitrary commands on the target system.

tags | java, remote, web, arbitrary
systems | solaris
MD5 | d145ec080a9634c7d5945aaac04fea0d
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
Keylogger Uncovered On Hundreds Of HP PCs
Posted Dec 11, 2017

tags | headline, flaw, spyware, backdoor
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close