exploit the possibilities
Showing 1 - 25 of 44 RSS Feed

Files from Atstake

Email addressatstake at symantec.com
First Active2000-12-03
Last Active2004-10-07
Atstake Security Advisory 04-09-28.1
Posted Oct 7, 2004
Authored by Atstake, Cory Scott | Site atstake.com

Atstake Security Advisory A092804-1 - In the default installation of Vignette portal software, the utility is not secured against anonymous and unauthenticated access. Since many portal deployments are on the Internet or exposed to untrusted networks, this results in an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2004-0917
SHA-256 | a8325ff2a0095531d4190a7c7f60437fa2c9dbffbca33fe8c429792d88f520fb
Atstake Security Advisory 04-09-13.2
Posted Sep 15, 2004
Authored by Atstake, James Vaughan | Site atstake.com

Atstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.

tags | advisory, remote, web
SHA-256 | 06fd96368b13cff6c5011a555781244b333d9af19a094cd41d33e938beb1d104
Atstake Security Advisory 04-09-13.1
Posted Sep 15, 2004
Authored by Atstake, Katie Moussouris, Luis Miras | Site atstake.com

Atstake Security Advisory A091304-1 - JumpDrive Secure(tm) Version 1.0 and Lexar Safe Guard(tm) software fail to securely store the device's password. The password is located on the JumpDrive device. It can be read directly from the device without any authentication. It is stored in an XOR encrypted form and can be read directly from the device without any authentication.

tags | advisory
SHA-256 | 19e3c98687b101bb6f65531e4ac0c37464aec24b77de3b222fbb5a7d29c84e77
Atstake Security Advisory 04-07-22.1
Posted Jul 23, 2004
Authored by Atstake, Jeremy Jethro | Site atstake.com

Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.

tags | advisory, overflow, arbitrary, root, tcp
advisories | CVE-2004-0716
SHA-256 | 758ce6bde29696c5e492573e6a282d47923e4dc99f30fa67a78d10b987b58df4
Atstake Security Advisory 04-07-13.1
Posted Jul 14, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.

tags | advisory, overflow, local, php, vulnerability
SHA-256 | 3687cf4f4805ebd7619c3a629f029fcea5cc0d6baf1031b38b9528d9e63c3d7c
Atstake Security Advisory 04-05-03.1
Posted May 7, 2004
Authored by David Goldsmith, Atstake, Dino Dai Zovi | Site atstake.com

Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.

tags | advisory, overflow, root, protocol
systems | apple, osx
advisories | CVE-2004-0430
SHA-256 | d0a99458eaeba41776f013f6acd2684183376fa3765005d3b0854d047a21d569
Atstake Security Advisory 04-04-22.1
Posted Apr 24, 2004
Authored by Atstake, Jeremy Jethro | Site atstake.com

Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.

tags | advisory, overflow
systems | windows, solaris, hpux
advisories | CVE-2004-0425
SHA-256 | 147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cf
Atstake Security Advisory 04-02-23.1
Posted Feb 24, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2004-0165
SHA-256 | ac39259d91e80a21a84083dd2d5ed03a1ab274c26fa3d74162b3afe90c544152
Atstake Security Advisory 04-02-10.1
Posted Feb 11, 2004
Authored by Atstake, George Gal | Site atstake.com

Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2004-0115
SHA-256 | 957d7e39e1983bcf0c08476d79bf23df3df003fbce3396e952ea4e50e60e12a6
Atstake Security Advisory 04-01-27.1
Posted Jan 29, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.

tags | advisory, arbitrary, root
systems | apple, osx
SHA-256 | 8ce54a8fef937890cb1f9d170aa0c3d29ca49c9cf3641d06a4d384befd8331e6
Atstake Security Advisory 03-11-17.2
Posted Nov 17, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.

tags | advisory, remote, web, overflow
advisories | CVE-2003-0940, CVE-2003-0941, CVE-2003-0942, CVE-2003-0943, CVE-2003-0944, CVE-2003-0945
SHA-256 | cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bd
Atstake Security Advisory 03-11-17.1
Posted Nov 17, 2003
Authored by Atstake, Ollie Whitehouse, Dino Dai Zovi | Site atstake.com

Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.

tags | advisory, remote, overflow, local, tcp
advisories | CVE-2003-0938, CVE-2003-0939
SHA-256 | 3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125b
Atstake Security Advisory 03-10-28.3
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.

tags | kernel, local
systems | apple, osx
SHA-256 | 319ce15f5986529ed5010d67654eb62e5341d237edf4d5f20e5bf93b121fe0a7
Atstake Security Advisory 03-10-28.1
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.

tags | shell, local, root
systems | apple, osx
SHA-256 | 55cac7ecd548a05acacef22ad370bb0adceada6e580cad95af9f0d9d18d3a9cc
Atstake Security Advisory 03-10-20.1
Posted Oct 21, 2003
Authored by Atstake, Jesse Burns | Site atstake.com

Atstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.

tags | remote, web, overflow, code execution
systems | linux, windows
SHA-256 | 47be7130d5351ee1e6a51c87a74d5a02b3e5f28749ce4d47d3f097a00a9f49bd
Atstake Security Advisory 03-09-15.1
Posted Sep 16, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091503-1 - The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.

tags | advisory, web, root, javascript, vulnerability, xss
SHA-256 | 4924ba9b5946a4e3970ccd2e0126327f9de57382c0d428f532349345aa409bd4
Atstake Security Advisory 03-09-11.1
Posted Sep 13, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.

tags | advisory, sql injection
advisories | CVE-2003-0779
SHA-256 | 5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7
Atstake Security Advisory 03-09-04.1
Posted Sep 6, 2003
Authored by Atstake, Ollie Whitehouse, Graham Murphy, Stephen Kapp | Site atstake.com

Atstake Security Advisory A090403-1 - The Asterisk software PBX has a flaw in its SIP protocol implementation that could allow an attacker to obtain remote and unauthenticated access to the system.

tags | advisory, remote, protocol
SHA-256 | e061dbc54a00034594ef6c63ace2f2be44df7efdf3eda421fd1ced83e4fab944
Atstake Security Advisory 03-08-07.2
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.

tags | advisory, tcp
SHA-256 | b4f0c4f5a717ad038f3eb39e9c687e11d5766b61d2e3b9b83c77992f43bb0bcf
Atstake Security Advisory 03-08-07.1
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.

tags | advisory, arbitrary, root
SHA-256 | e9e60f02bd40ae6f22a3de8966d31b5d80e4df271203a7ad9f1e8286a57adf29
Atstake Security Advisory 03-07-31.1
Posted Aug 5, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A073103-1 - Three vulnerabilities exist in the McAfee Security ePolicy Orchestrator Server and Agent that allow an attacker to anonymously execute arbitrary code.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2003-0148, CVE-2003-0149, CVE-2003-0616
SHA-256 | 39c4da258d3c16be42e6d5d36b203ec57d8400c5e932a4dfde6e4c3688971f66
Atstake Security Advisory 03-07-23.3
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.

tags | advisory, local
advisories | CVE-2003-0232
SHA-256 | 117cbb53e11b5d137ca26262d9725ad4c4f1bef3dd4ac8e5e18f9278df670308
Atstake Security Advisory 03-07-23.2
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.

tags | advisory
advisories | CVE-2003-0231
SHA-256 | 4da882968c57e3021287c2926f476d383da49f08fd6b93c99584ab7e7a62fd5e
Atstake Security Advisory 03-07-23.1
Posted Jul 24, 2003
Authored by Jeremy Rauch, Atstake, Matthew Miller | Site atstake.com

Atstake Security Advisory A072303-1 - A flaw exists in the Windows NT 4.0 file name processing. The flaw can cause heap corruption to occur when a long string is passed to the file name functions. This results in the program calling the NT 4.0 file name processing functions to crash. One attack vector identified is through a Java servlet running on the IBM JVM.

tags | advisory, java
systems | windows
advisories | CVE-2003-0525
SHA-256 | 0e3ea90058d665a67768d87daa55ed99b0140ecb0adefcc560fee055b21f3437
Atstake Security Advisory 03-07-08.1
Posted Jul 9, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A070803-1 - By specifying the name of a named pipe instead of a file, as an argument to Microsoft SQL Server's xp_fileexist extended stored procedure, one can impersonate the user account Microsoft SQL Server is running under. This is due to the behavior of the CreateFile system call and Windows named pipe impersonation. This is not limited to Microsoft SQL Server, but a system wide problem.

tags | advisory
systems | windows
SHA-256 | a0e2cd066322faccbeda17b525edc1bfe19a840681e371d62018efeea6586415
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close