Symantec Vulnerability Research SYMSA-2006-003 - Cisco Secure ACS 3.x for Windows stores passwords for administrative users in the registry. The passwords are encrypted using the Crypto API Microsoft Base Cryptographic Provider version 1.0. Along with the passwords, ACS also stores the key used to encrypt the information.
b304fda49e4522962451e9d0ea78704e0db872b7bbf32470161e1c81ea12df57Atstake Security Advisory A073103-1 - Three vulnerabilities exist in the McAfee Security ePolicy Orchestrator Server and Agent that allow an attacker to anonymously execute arbitrary code.
39c4da258d3c16be42e6d5d36b203ec57d8400c5e932a4dfde6e4c3688971f66Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.
117cbb53e11b5d137ca26262d9725ad4c4f1bef3dd4ac8e5e18f9278df670308Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.
4da882968c57e3021287c2926f476d383da49f08fd6b93c99584ab7e7a62fd5eAddition to Atstake Security Advisory A070803-1 clarifying that the named pipe vulnerability discussed lies within the Windows NT/XP/2000 platform and that SQL Server 7.0 can be used as an attack vector along with potentially many other applications.
26389446575344782062c92749190328e8a6e10abf5b4d0f5b30a7cea7e76538Atstake Security Advisory A070803-1 - By specifying the name of a named pipe instead of a file, as an argument to Microsoft SQL Server's xp_fileexist extended stored procedure, one can impersonate the user account Microsoft SQL Server is running under. This is due to the behavior of the CreateFile system call and Windows named pipe impersonation. This is not limited to Microsoft SQL Server, but a system wide problem.
a0e2cd066322faccbeda17b525edc1bfe19a840681e371d62018efeea6586415Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.
a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8Atstake Security Advisory A080802-1 - WS_FTP server v3.1.1 for Windows NT/2000/XP contains a buffer overflow that allows remote users to execute code when they change their password. Since the WS_FTP Server is running as a service, an attackers code will be executing as SYSTEM.
217640519642343dd537e34149f73960fd350a4359bf54a02275a74e046990c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed