L0pht Security Advisory - Rainbow Technologies' iKey 1000 contains vulnerabilities which allow an attacker to login as administrator and access all private information stored on the device with no detection by the legitimate user. The attack requires physical access to the device and a EEPROM programmer. Includes a proof of concept tool, iSpy, which retrieves and displays configuration data for the inserted iKey and displays ll public and private data.
b09f4d1b30cd7023b8dba22307ee8935b43313f10168392ba0b354ee1febc1d5L0pht Security Advisory - Passwords can be easily decrypted by exploiting NetZero's encryption algorithm. Includes proof of concept code to decode the password stored in jnetz.prop.
18ccbc25607e0b2335bd76b829e896cac1e0716922f3dfbdd160e52c8cc11c82asniff_advisory.txt
9c092b58aa07ac434aee0ef897f8615870dd2e5f792cc2145cd0351d1a1c40f5L0pht Security Advisory - Microsoft Office 2000 UA Control Scripting is categorized as being "safe for scripting", allowing malicious active content to execute regardless of macro virus protection settings. Scripts can be executed without users consent from any HTML page viewed with active scripting enabled, including both Internet Explorer and Outlook e-mail in their default configurations. Online demonstration of this vulnerability in action here.
07e38831f23656433eb66a5e66acce7f1054bd81c2b6772ad482436a56ee2957Heimlich, Proof-of-concept tool for Win98 (47kB), can be used in regards to the eToken vulnerability.
e5390c8b75806baaa27c74a678646870c5365f289d405ed1d4af243d35942274l0pht Security Advisory - eToken Private Information Extraction and Physical Attack. Aladdin Knowledge Systems' (http://www.ealaddin.com) eToken is a portable USB (Universal Serial Bus) authentication device providing complete access control for digital assets. eToken stores private keys, passwords or electronic certificates in a hardware token the size of a house key. The eToken makes use of two-factor authentication. Using the legitimate user's PIN number ("what you know") and the physical USB key ("what you have"), access to the public and private data within the key will be granted.
5e11a6c4d048dd58ac24b30009579e749a7e507f27f37ea2471b6b99db381e0el0pht Security Advisory - NetStructure 7180 remote backdoor vulnerability. The NetStructure 7180 can be compromised via the admin console even after the admin password has been changed. Root access can be obtained via the Internet when used in a poorly configured or default configuration. Additionally, web based management authentication is done in the clear.
4854fb06112b66ca72941157560b7a842a404d0f516aea9f03dae226f42d97c8l0pht Security Advisory - NetStructure 7110 console backdoor. The NetStructure 7110 can be compromised via the admin console even after the admin password has been changed. An undocumented command list exists known as 'wizard' mode. Through this mode there is a password that overides the admin password and allows full access to the internal components of the NetStructure 7110. This password can be used from within the admin command line interface or to overide the admin password at an initial login prompt.
4ead9479ca81ffd872a5fc81c32f7f1d4fdb5da8fd4ac54122f3ad5287bd75f0No information is available for this file.
d4236c24f82faf078ea29ac0df486fa639385efad4536c2cc18103b96f308d07TBA is the first wardialer for the PalmOS platform. Using a Palm device with a modem, you can wardial from anywhere a phone line is available - throw it in a phone can to retrieve later, toss it up in the ceiling during a security audit - the possibilities are endless.
1801181a24d4d625d53dc3a84decaaa06032ff50a5c99d5974c4f30297e2b37fDocumentation for TBA, the first wardialer for the PalmOS platform. In Microsoft Word format.
d4b35eadb78e27a5a58a73b4f11e9f560f66ca811fb3fbb960cd8dcf4bff0229BeamCrack is a simple application that will set or reset the bit in each application's database header which tells the launcher that it should or shouldn't be beamable, thus bypassing the PalmPilot's infantile copy-protection.
217629f25097a18e38f40fa24472ef4c6bc44bbf1af6810bb6f8fd8c62739cb8Enables you to examine all of the registers inside the Motorola DragonBall processor (running the show on the PalmPilot). Very nifty. Use at your own risk. For devices running MC68328 only.
1afeb3c239746512da4d830517a97a5af937d98be43466aadfae50e591a26945L0pht Advisory - A remote user can execute arbitrary code on a properly configured Linux LPD server.
09a305e3e24195a53ab09f9a992de2f278d9d4743d6570f174bdd602e7df59f1Application: Cactus Software's shell-lock. (a) A trivial encoding mechanism is used for obfuscating the shell code in the "compiled" binary. Anyone with read permissions to the file in question can decode and retrieve the original shell code. Another vulnerability exists where the user can retrieve the un-encoded shell script without needing to actually decode the binary. (b) The vendors claim the program to be useful in creating SUID binaries on systems that do not honor SUID shell scripts and also to protect against the security problems with SUID shell scripts. As it turns out any shell-lock "compiled" program that is SUID root will allow any user to execute any program with root privileges.
fbc992a6624e12b0216864edca92c85c28dcac58f61f8ee50642f370d5371b9al0pht.97-10-08.imap4.1
75c62c8e12da3ff293c8f060d7066d1302cd8b77454905eb47edcb472b71ec2al0pht.97-11-01.mie.40
383c5bb1b861b6f1e26f1cddee09f95749f9f98edfdcfcfd363646d2c1b70ea1l0pht.98-01-20.lotus_domino
dc69cc360ced228347fa4734fc5c8f7dce7c4d0edcace2da6687694701681182l0pht.98-02-06.nt.port.binding.vuln
a4fe39037b27c7f845d0a4ee3dd37187d7ee5a8669047fe27a167dc9d8b097abl0pht.98-02-23.solaris.printd
f771b9a31f96ab617bf36db349535d5381359f08d88f5872b112739c9aaa6ba1l0pht.98-10-09.lotus.domino
156f098252e78d5c308f696d7e6dd9db578e99cabf0e50bac2cb6c9a96c173fcl0pht.99-01-03.suguard
45dbd6719889c8fea92ef668815ebd040404b87f7166cd628446549c88d2f7d9l0pht.99-01-08.clearcase
b734d0371f8ce00bd9ef453c9ff84a72575a6dec8c1e33a3421e439ac65275c1l0pht.99-01-08.tmp-watch
b1eb0b79d4e220cd0f0b617c0387d28ed71d4361483b579c42b178459ebb88f2l0pht.99-01-21.password_appraiser
455c305ce22a709bfe7fae0aba824c32c04502db09331699cb09140b834bdcaf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed