Twenty Year Anniversary
Showing 1 - 6 of 6 RSS Feed


Posted Nov 24, 2002

Foundstone Research Labs Advisory - 112002 - MDAC : Microsoft Data Access Components (MDAC) is a collection of components that provide the back-end technology which enables database access for Windows platforms. One of the components within MDAC, Remote Data Services (RDS), enables controlled Internet access to remote data resources through Internet Information Services (IIS). Such access allows users to execute files including .dll and .exe extensions, thereby providing increased site functionality. In general RDS embodies two functional technologies: Data Space and Data Control. The technology exploited within MDAC utilizes the DataSpace object of RDS which acts as a middle layer between the local command execution and the web front end. Due to incorrect string handling within the RDS interface, it is possible for a malicious user to gain control of the remote system via over-running a buffer.

tags | remote, web, local
systems | windows
MD5 | cba0ad778b52dd0d49ce91b4594980b3
Posted Sep 19, 2002
Authored by Tony Bettini | Site

Foundstone Labs Advisory 091802-ISSC - A vulnerability found in the manner used by Internet Scanner to parse certain types of non-standard HTTP responses can result in a remotely exploitable buffer overflow condition. This affects Internet Scanner version 6.2.1 for Windows (NT/2000) and has been corrected with X-Press Update 6.17.

tags | web, overflow
systems | windows
advisories | CVE-2002-1122
MD5 | 06e22daad9aaac55f9dfda00e560e8d3
Posted Sep 11, 2002
Authored by Robin Keir | Site

Foundstone Security Advisory FS-091002-SVWS - A buffer overflow exists in versions 3.1 and previous of Savant Web Server. Exploitation of this vulnerability allows remote execution of arbitrary code with daemon privileges. Sending a GET request containing a URL of approximately 291 characters or more causes Savant Web Server to crash. Exploitation is possible and proof of concept code has been authored to demonstrate this problem.

tags | remote, web, overflow, arbitrary, proof of concept
MD5 | 99b8e77654a232b752bea47a2145e7f0
Posted Sep 6, 2002
Authored by Tony Bettini | Site

Foundstone Labs Advisory 090502-PCRO - A remotely exploitable buffer overflow has been found in PGP Corporate Desktop 7.1.1 for Windows 2000 and XP which allows remote code execution and sometimes allows the attacker to find the passphrase of the target user. PGP crashes immediately after the decryption of the malicious file and before the memory containing the passphrase is overwritten. Fix available here.

tags | remote, overflow, code execution
systems | windows, 2k
MD5 | b6217d072c5286376437f519b4e2c972
Posted Aug 11, 2002
Authored by Marshall Beddoe, Tony Bettini | Site

Foundstone Security Advisory FS-080902-APIL - An information leakage vulnerability exists in Orinoco and Compaq OEM access points, disclosing the unique SNMP community string. As a result, an attacker can query the community string and gain the ability to change system configuration including Wired Equivalent Privacy (WEP) keys and Domain Name Service (DNS) information.

MD5 | 75b0e79ec99aef540e79a176bb706bd9
Posted Aug 24, 2000
Authored by Foundstone Labs | Site

The Sun Java Web Server for Solaris and NT allows a remote attacker to execute arbitrary commands on the target system.

tags | java, remote, web, arbitrary
systems | solaris
MD5 | d145ec080a9634c7d5945aaac04fea0d
Page 1 of 1

Top Authors In Last 30 Days

Recent News

News RSS Feed
Equifax Fined By ICO Over Data Breach That Hit Britons
Posted Sep 20, 2018

tags | headline, privacy, britain, data loss, fraud, identity theft
Hackers Steal Credit Cards From Newegg, Researchers Say
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, data loss, fraud
Mirai Botnet Creators Praised For Helping FBI, Won't Serve Prison Time
Posted Sep 19, 2018

tags | headline, hacker, government, malware, usa, botnet, fbi
US State Department Confirms Staff Email Hack
Posted Sep 19, 2018

tags | headline, hacker, government, privacy, email, usa, data loss, cyberwar
Hackers Peddle Thousands Of Air Miles On The Dark Web For Pocket Money
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, fraud
US Judge Allows E-Voting Despite Hack Fears
Posted Sep 19, 2018

tags | headline, government, usa, fraud, flaw
Facebook Now Offers Bounties For Access Token Exposure
Posted Sep 19, 2018

tags | headline, hacker, data loss, facebook, social
A History Of Badgelife, Def Con's Unlikely Obsession With Artistic Circuit Boards
Posted Sep 19, 2018

tags | headline, hacker, conference
14 Million Records Exposed In GovPayNow Leak
Posted Sep 18, 2018

tags | headline, government, privacy, usa, data loss
"Lawful Intercept" Pegasus Spyware Found Deployed In 45 Countries
Posted Sep 18, 2018

tags | headline, government, phone, google, spyware, apple
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By