what you don't know can hurt you
Showing 76 - 100 of 128 RSS Feed

Files from David Litchfield

Email addressdavid at davidlitchfield.com
First Active1999-08-17
Last Active2017-09-14
adobexfdf.txt
Posted Mar 4, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR03022004 - Adobe Acrobat Reader version 5.1 is susceptible to a buffer overflow when an xfdf file is parsed and an unsafe call to sprintf is made.

tags | advisory, overflow
MD5 | cf88517aeae796f8b73eaa462901dafc
NGSoracle.txt
Posted Nov 6, 2003
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR05112003 - Multiple Oracle Application Server SQL injection vulnerabilities exist for all OS platforms with Oracle 9i Application Server Release 1 and 2 and RDBMS.

tags | advisory, vulnerability, sql injection
MD5 | dc5e2479c8dc3f0501b05bf55c84ce0a
defeating-w2k3-stack-protection.pdf
Posted Sep 13, 2003
Authored by David Litchfield | Site ngssoftware.com

Thorough paper discussing how to defeat the stack based buffer overflow prevention mechanism in Microsoft Windows 2003 Server.

tags | paper, overflow
systems | windows
MD5 | f09f810282da026ea8ed89185fd641d9
NGSextproc.txt
Posted Jul 28, 2003
Authored by David Litchfield, Chris Anley | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR25072003 - In an attempt to fix previous vulnerabilities discovered by NGSSoftware, the Oracle RDBMS fix patched the hole but left a logging function vulnerable to a stack overflow.

tags | advisory, overflow, vulnerability
MD5 | 27e55d5c02eda32edbc230847cf26141
SLWebmail.txt
Posted May 8, 2003
Authored by Mark Litchfield, David Litchfield | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.

tags | advisory, overflow, arbitrary
MD5 | a5a523964f494ad0e022b05aea0acfa5
SLMail.txt
Posted May 8, 2003
Authored by Mark Litchfield, David Litchfield | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR07052003A - SLMail 5.1.0.4420 suffers from multiple remotely exploitable buffer overflows in its SMTP engine, poppasswd and pop3 server.

tags | advisory, overflow
MD5 | 55a87f6617585ffbcff18010b221bc7d
ngs-2904.txt
Posted Apr 30, 2003
Authored by David Litchfield | Site ngssoftware.com

Software Insight Security Research Advisory #NISR29042003 - A classic stack based buffer overflow vulnerability exists in the Oracle database server that can be set up for exploitation by providing an overly long parameter for a connect string with the 'CREATE DATABASE LINK' query.

tags | advisory, overflow
MD5 | 46721ac7a228404220a2a8e6b414e422
Hackproofing Lotus Domino Web Server
Posted Dec 12, 2002
Authored by David Litchfield

Whitepaper called Hackproofing Lotus Domino Web Server.

tags | paper, web
MD5 | c8148371ee4b1870ebe8f3bf9a6e7b2d
sql2.exe
Posted Nov 19, 2002
Authored by David Litchfield, Lion

MSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53. Windows binary, C++ source code here.

tags | exploit, remote, overflow, shell, udp, tcp
systems | windows
MD5 | 0c44bf698947b98ba405d11f6ce7a339
sql2.cpp
Posted Nov 19, 2002
Authored by David Litchfield, Lion

MSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53.

tags | exploit, remote, overflow, shell, udp, tcp
MD5 | 84ce83fb7a4607df03a928124093ee3a
ora-isqlplus.txt
Posted Nov 19, 2002
Authored by David Litchfield | Site ngssoftware.com

The Oracle iSQL*Plus 91 R1 and R2 web based application has an authentication buffer overflow on all OS's in the User ID parameter which allows remote attackers to execute arbitrary code as the oracle user on Unix and SYSTEM on Windows. Patch available here.

tags | exploit, remote, web, overflow, arbitrary, sql injection
systems | windows, unix
MD5 | 327019a2b3830dce9355dbcfa12783ea
mssql-webtasks.txt
Posted Oct 22, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory - Microsoft SQL Server 2000 and 7 allow attackers to gain control of the database by elevating their privileges by using the xp_runwebtask stored procedure. Fix available here.

MD5 | e648bbef1ca3f48173d7b5247c011cca
mssql-sp_MSSetServerProperties.txt
Posted Sep 4, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Research Advisory NISR03092002 - The sp_MSSetServerProperties stored procedure in Microsoft SQL Server 2000 contains a low risk issue which allows remote users to decide whether or not SQL server starts up automatically. This does not allow an attacker to com promise the server or data but may be used in conjunction with another attack.

tags | remote
MD5 | 6a530df76b00d0ada027d46ad8d34194
dotnet-msde.txt
Posted Sep 4, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Research Advisory NISR03092002B - The Microsoft Windows .NET Server Release Candidate contains a buffer overflow in name resolution which allows an attacker without a userID or password to take control of the server with a single packet to UDP port 1434 on the machine running MSDE. Fix available here.

tags | overflow, udp
systems | windows
MD5 | 3b9f3b15731521b216eba5262c3cd46e
mssql-udp.txt
Posted Sep 4, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Research Advisory NISR25072002 - Microsoft's database server SQL Server 2000 exhibits two buffer overrun vulnerabilities that can be exploited by a remote attacker without ever having to authenticate to the server. What further exacerbates these issues is that the attack is channeled over UDP port 1434. Whether the SQL Server process runs in the security context of a domain user or the local SYSTEM account, successful exploitation of these security holes will mean a total compromise of the target server and its data.

tags | remote, overflow, local, udp, vulnerability
MD5 | 3daa08f7f7c6bff4424bf333fe8aaa07
mssql-sp_MScopyscriptfile.txt
Posted Aug 23, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory NISR22002002A - Microsoft SQL Server 2000 SP 2 allows unprivileged users to insert and run arbitrary commands because a public stored procedure fails to validate user input before passing it to xp_cmdshell. Fix available here.

tags | arbitrary
MD5 | 6df0a3b2822f7175c46ba923a5ab8708
mssql-jobs2.txt
Posted Aug 21, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory NISR19002002A - Microsoft SQL Server 2000 and 7 come with a "helper" service which allows a low privileged user to create and overwrite arbitrary files on the SQL server. Includes proof of concept SQL code.

tags | arbitrary, proof of concept
MD5 | 53bf34eb7876570d53f8f4c97ba138be
mssql-esppu.txt
Posted Aug 16, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory - Microsoft SQL Server 2000 and 7's helper service allows an attacker to submit jobs to the SQL Agent to be executed with elevated privileges. Proof of concept sql code included. This vulnerability is discussed in ms02-042.

tags | proof of concept
MD5 | 87d7830015876a21d7cd1aa20ff458bb
oralist.txt
Posted Aug 16, 2002
Authored by David Litchfield | Site ngssoftware.com

Oracle provide a tool called the Listener Control utility (lsnrctl) to allow an Oracle DBA to remotely control the Listener. The Listener is responsible for dealing with client requests for database services. This control utility contains an indirect remotely exploitable format string vulnerability. By default the Oracle Listener is not protected against unauthenticated access and control. The configuration files of Listeners in such a state can be modified without the user needing to supply a password. By modifying certain entries in the listener.ora file, by inserting a format string exploit, an attacker can gain control of a Listener control utility.

MD5 | b2b6ef1f588109e8fda899a0116147d9
cracking-sql-passwords.pdf
Posted Jul 10, 2002
Authored by David Litchfield | Site ngssoftware.com

Information on cracking the Microsoft SQL pwdencrypt() hash function which is used to generate SQL hashes.

tags | paper, sql injection
MD5 | b5129583890cd61330d4032e897d12f5
iplanet.search.txt
Posted Jul 10, 2002
Authored by David Litchfield | Site ngssoftware.com

The Sun iPlanet Web Server iWS 4.1 and 6.0 contains a remotely exploitable buffer overflow if the search feature is enabled.

tags | web, overflow
MD5 | 7b2e5e7341018a3551b1780bb3e6e8de
ora-reports.txt
Posted Jun 13, 2002
Authored by David Litchfield | Site ngssoftware.com

The Oracle 9iAS Reports Server contains a remotely exploitable buffer overrun vulnerability in one of its CGI's. By supplying an overly long database name parameter to the rwcgi60 with the setauth method, an attacker can run code with the privileges of the web server, or SYSTEM on windows.

tags | web, overflow, cgi
systems | windows
MD5 | 43f7954c74d9d7d7896a723567964e74
ora-lsnr.txt
Posted Jun 13, 2002
Authored by David Litchfield | Site ngssoftware.com

The Oracle TNS Listener version 9i contains a buffer overflow vulnerability which can be exploited over tcp port 1521 to gain remote SYSTEM / root access. By supplying an overly long SERVICE_NAME parameter an attacker can execute code before any logging is done.

tags | remote, overflow, root, tcp
MD5 | 72e88e563e8390bb467305e9796bf793
jrun.txt
Posted May 30, 2002
Authored by David Litchfield | Site ngssoftware.com

Macromedia JRun v3.1 for IIS 4/5 on WinNT 4/Win2K contains buffer overflow which allows remote code execution as the local system account.

tags | remote, overflow, local, code execution
systems | windows, nt
MD5 | daee1fa63c2a3e8339c48182cf86a8b8
sparc.zip
Posted Jan 25, 2002
Authored by David Litchfield | Site atstake.com

This document describes buffer overrun vulnerabilities on Sun Microsystems SPARC machines. We will begin by examining the SPARC architecture, looking at the registers and the stack. We will then go on to see exact how buffer overrun vulnerabilities occur and how control over the processes execution is gained under SPARC and then detail how, from here, the vulnerability can be exploited to gain control over the computer by looking at exploit code that spawns a shell under Solaris.

tags | paper, overflow, shell, vulnerability
systems | unix, solaris
MD5 | f84c8fdc8a46ebf7eb620006ec7dd07d
Page 4 of 6
Back23456Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close