what you don't know can hurt you
Showing 1 - 25 of 44 RSS Feed

Files from Atstake

Email addressatstake at symantec.com
First Active2000-12-03
Last Active2004-10-07
Atstake Security Advisory 04-09-28.1
Posted Oct 7, 2004
Authored by Atstake, Cory Scott | Site atstake.com

Atstake Security Advisory A092804-1 - In the default installation of Vignette portal software, the utility is not secured against anonymous and unauthenticated access. Since many portal deployments are on the Internet or exposed to untrusted networks, this results in an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2004-0917
MD5 | b6a593e3808ad16fe1530ec03f9314eb
Atstake Security Advisory 04-09-13.2
Posted Sep 15, 2004
Authored by Atstake, James Vaughan | Site atstake.com

Atstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.

tags | advisory, remote, web
MD5 | 2ea283111df43583fca089a9abd1b03a
Atstake Security Advisory 04-09-13.1
Posted Sep 15, 2004
Authored by Atstake, Katie Moussouris, Luis Miras | Site atstake.com

Atstake Security Advisory A091304-1 - JumpDrive Secure(tm) Version 1.0 and Lexar Safe Guard(tm) software fail to securely store the device's password. The password is located on the JumpDrive device. It can be read directly from the device without any authentication. It is stored in an XOR encrypted form and can be read directly from the device without any authentication.

tags | advisory
MD5 | f47fec62d0df3b5e7c5576597ea6ffd1
Atstake Security Advisory 04-07-22.1
Posted Jul 23, 2004
Authored by Atstake, Jeremy Jethro | Site atstake.com

Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.

tags | advisory, overflow, arbitrary, root, tcp
advisories | CVE-2004-0716
MD5 | fd8f19b877043fc9057dcf36fce043c2
Atstake Security Advisory 04-07-13.1
Posted Jul 14, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.

tags | advisory, overflow, local, php, vulnerability
MD5 | 46a6d79962855470a1303bb27c4b5f7c
Atstake Security Advisory 04-05-03.1
Posted May 7, 2004
Authored by David Goldsmith, Atstake, Dino Dai Zovi | Site atstake.com

Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.

tags | advisory, overflow, root, protocol
systems | apple, osx
advisories | CVE-2004-0430
MD5 | 5de2bae707073a58346e46a1633898bb
Atstake Security Advisory 04-04-22.1
Posted Apr 24, 2004
Authored by Atstake, Jeremy Jethro | Site atstake.com

Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.

tags | advisory, overflow
systems | windows, solaris, hpux
advisories | CVE-2004-0425
MD5 | 3e5b35e4323fe96cea4d9218a69b73c3
Atstake Security Advisory 04-02-23.1
Posted Feb 24, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2004-0165
MD5 | d6b94cbbeede03a57a36522e07c9415f
Atstake Security Advisory 04-02-10.1
Posted Feb 11, 2004
Authored by Atstake, George Gal | Site atstake.com

Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2004-0115
MD5 | ce23594390cee0db9de4e209ed81783e
Atstake Security Advisory 04-01-27.1
Posted Jan 29, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.

tags | advisory, arbitrary, root
systems | apple, osx
MD5 | ef3249d227b311b24f7d6ae925005c3a
Atstake Security Advisory 03-11-17.2
Posted Nov 17, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.

tags | advisory, remote, web, overflow
advisories | CVE-2003-0940, CVE-2003-0941, CVE-2003-0942, CVE-2003-0943, CVE-2003-0944, CVE-2003-0945
MD5 | d4f74469008126bdd4695266129b0bf7
Atstake Security Advisory 03-11-17.1
Posted Nov 17, 2003
Authored by Atstake, Ollie Whitehouse, Dino Dai Zovi | Site atstake.com

Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.

tags | advisory, remote, overflow, local, tcp
advisories | CVE-2003-0938, CVE-2003-0939
MD5 | a5303bd1de0df515730eff5878db363d
Atstake Security Advisory 03-10-28.3
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.

tags | kernel, local
systems | apple, osx
MD5 | bef10aee5d88035bc65507a618971cbb
Atstake Security Advisory 03-10-28.1
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.

tags | shell, local, root
systems | apple, osx
MD5 | ac6a7fa0e8348991b06323304526a603
Atstake Security Advisory 03-10-20.1
Posted Oct 21, 2003
Authored by Atstake, Jesse Burns | Site atstake.com

Atstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.

tags | remote, web, overflow, code execution
systems | linux, windows, xp
MD5 | 5f1aead79ce8a8c78a4898084989e4aa
Atstake Security Advisory 03-09-15.1
Posted Sep 16, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091503-1 - The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.

tags | advisory, web, root, javascript, vulnerability, xss
MD5 | b4df814d512c0d20f09aba5be244c6d2
Atstake Security Advisory 03-09-11.1
Posted Sep 13, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.

tags | advisory, sql injection
advisories | CVE-2003-0779
MD5 | a2417515aa626b86776f829019430129
Atstake Security Advisory 03-09-04.1
Posted Sep 6, 2003
Authored by Atstake, Ollie Whitehouse, Graham Murphy, Stephen Kapp | Site atstake.com

Atstake Security Advisory A090403-1 - The Asterisk software PBX has a flaw in its SIP protocol implementation that could allow an attacker to obtain remote and unauthenticated access to the system.

tags | advisory, remote, protocol
MD5 | ec40d681b0c5e7643054191c3fe3b81b
Atstake Security Advisory 03-08-07.2
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.

tags | advisory, tcp
MD5 | ca93fa9e4f55ae6a7bc8a23a5c4cc902
Atstake Security Advisory 03-08-07.1
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.

tags | advisory, arbitrary, root
MD5 | e895c3e6c19786b601cabf6cc3f79ebd
Atstake Security Advisory 03-07-31.1
Posted Aug 5, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A073103-1 - Three vulnerabilities exist in the McAfee Security ePolicy Orchestrator Server and Agent that allow an attacker to anonymously execute arbitrary code.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2003-0148, CVE-2003-0149, CVE-2003-0616
MD5 | eaa57e9ee28759a45c62cf606144ccb5
Atstake Security Advisory 03-07-23.3
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.

tags | advisory, local
advisories | CVE-2003-0232
MD5 | c0863db9db0f348cca07e5e8a49600c9
Atstake Security Advisory 03-07-23.2
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.

tags | advisory
advisories | CVE-2003-0231
MD5 | 5c20ea51f88f02fef72b548ecfedeb50
Atstake Security Advisory 03-07-23.1
Posted Jul 24, 2003
Authored by Jeremy Rauch, Atstake, Matthew Miller | Site atstake.com

Atstake Security Advisory A072303-1 - A flaw exists in the Windows NT 4.0 file name processing. The flaw can cause heap corruption to occur when a long string is passed to the file name functions. This results in the program calling the NT 4.0 file name processing functions to crash. One attack vector identified is through a Java servlet running on the IBM JVM.

tags | advisory, java
systems | windows, nt
advisories | CVE-2003-0525
MD5 | 08ce9136c1ac1d6d13057638d830fee7
Atstake Security Advisory 03-07-08.1
Posted Jul 9, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A070803-1 - By specifying the name of a named pipe instead of a file, as an argument to Microsoft SQL Server's xp_fileexist extended stored procedure, one can impersonate the user account Microsoft SQL Server is running under. This is due to the behavior of the CreateFile system call and Windows named pipe impersonation. This is not limited to Microsoft SQL Server, but a system wide problem.

tags | advisory
systems | windows
MD5 | 03b80c464a9be7e2fabaa4a546652611
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close