Twenty Year Anniversary
Showing 1 - 6 of 6 RSS Feed


Posted Nov 24, 2002

Foundstone Research Labs Advisory - 112002 - MDAC : Microsoft Data Access Components (MDAC) is a collection of components that provide the back-end technology which enables database access for Windows platforms. One of the components within MDAC, Remote Data Services (RDS), enables controlled Internet access to remote data resources through Internet Information Services (IIS). Such access allows users to execute files including .dll and .exe extensions, thereby providing increased site functionality. In general RDS embodies two functional technologies: Data Space and Data Control. The technology exploited within MDAC utilizes the DataSpace object of RDS which acts as a middle layer between the local command execution and the web front end. Due to incorrect string handling within the RDS interface, it is possible for a malicious user to gain control of the remote system via over-running a buffer.

tags | remote, web, local
systems | windows
MD5 | cba0ad778b52dd0d49ce91b4594980b3
Posted Sep 19, 2002
Authored by Tony Bettini | Site

Foundstone Labs Advisory 091802-ISSC - A vulnerability found in the manner used by Internet Scanner to parse certain types of non-standard HTTP responses can result in a remotely exploitable buffer overflow condition. This affects Internet Scanner version 6.2.1 for Windows (NT/2000) and has been corrected with X-Press Update 6.17.

tags | web, overflow
systems | windows
advisories | CVE-2002-1122
MD5 | 06e22daad9aaac55f9dfda00e560e8d3
Posted Sep 11, 2002
Authored by Robin Keir | Site

Foundstone Security Advisory FS-091002-SVWS - A buffer overflow exists in versions 3.1 and previous of Savant Web Server. Exploitation of this vulnerability allows remote execution of arbitrary code with daemon privileges. Sending a GET request containing a URL of approximately 291 characters or more causes Savant Web Server to crash. Exploitation is possible and proof of concept code has been authored to demonstrate this problem.

tags | remote, web, overflow, arbitrary, proof of concept
MD5 | 99b8e77654a232b752bea47a2145e7f0
Posted Sep 6, 2002
Authored by Tony Bettini | Site

Foundstone Labs Advisory 090502-PCRO - A remotely exploitable buffer overflow has been found in PGP Corporate Desktop 7.1.1 for Windows 2000 and XP which allows remote code execution and sometimes allows the attacker to find the passphrase of the target user. PGP crashes immediately after the decryption of the malicious file and before the memory containing the passphrase is overwritten. Fix available here.

tags | remote, overflow, code execution
systems | windows, 2k
MD5 | b6217d072c5286376437f519b4e2c972
Posted Aug 11, 2002
Authored by Marshall Beddoe, Tony Bettini | Site

Foundstone Security Advisory FS-080902-APIL - An information leakage vulnerability exists in Orinoco and Compaq OEM access points, disclosing the unique SNMP community string. As a result, an attacker can query the community string and gain the ability to change system configuration including Wired Equivalent Privacy (WEP) keys and Domain Name Service (DNS) information.

MD5 | 75b0e79ec99aef540e79a176bb706bd9
Posted Aug 24, 2000
Authored by Foundstone Labs | Site

The Sun Java Web Server for Solaris and NT allows a remote attacker to execute arbitrary commands on the target system.

tags | java, remote, web, arbitrary
systems | solaris
MD5 | d145ec080a9634c7d5945aaac04fea0d
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Hackers Who Sabotaged The Olympic Games Return For More Mischief
Posted Jun 19, 2018

tags | headline, hacker, cyberwar
Alleged Leaker Of Vault7 Cache Busted By Poor OpSec
Posted Jun 19, 2018

tags | headline, government, usa, data loss, cyberwar, password, fbi, cia
7 Time Jeopardy! Winner Pleads Guilty To Hacking
Posted Jun 19, 2018

tags | headline, hacker, privacy, email
FBI Recovers WhatsApp, Signal Data Stored On Michael Cohen's BlackBerry
Posted Jun 18, 2018

tags | headline, government, usa, phone, russia, fraud, fbi
US Exposes North Korea Government's Typeframe Malware
Posted Jun 18, 2018

tags | headline, government, malware, usa, cyberwar, korea
PageUp Confirms Some Data Compromised In Breach
Posted Jun 18, 2018

tags | headline, hacker, data loss
Huawei Rejects Australia Security Concerns
Posted Jun 18, 2018

tags | headline, government, australia, china, flaw, cyberwar, backdoor
Ex-Fitbit Employees Indicted For Allegedly Stealing Secrets
Posted Jun 15, 2018

tags | headline, data loss, fraud
This New Android Malware Delivers Banking Trojan, Keylogger And Ransomware
Posted Jun 15, 2018

tags | headline, malware, phone, google
Xen Project Patches Intel's Lazy FPU Flaw
Posted Jun 15, 2018

tags | headline, flaw, patch, intel
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By