pss_slug.php3
bf686e81c8a2429744fc0ac23dbc9a8d4a6e8a115f53ada07a6a1c11added214There are form tampering vulnerabilities present in several web-based shopping cart applications. Over the past couple of years, form tampering vulnerabilities have been discussed on security forums. ISS X-Force has continued to research this area due to the constant increase in e-commerce. ISS X-Force has identified eleven shopping cart applications that are vulnerable to price changing using form tampering. It is possible for an attacker to take advantage of the form tampering vulnerabilities and order items at a reduced price on an e-commerce site. The web store operator should verify the price of each item ordered in the shopping cart application database or email invoice.
4e49ddcf76c7d43aff54b6f35b14fa8d635f0a485568afd5cbfc1c5163eeb820Microsoft has released a patch for a security hole Windows NT 4.0. A malicious user can create, delete or modify files in the Recycle Bin of another user who shared the machine. Microsoft FAQ on this issue available here.
11228601908ab92ae5813913cdd25a303bade844965290771bf98d426fd85546Another security hole in Microsoft Virtual Machine for Java has been discovered that allows a java applet to read any file on the system. This vulnerability is quite dangerous and immediate de-activation of the IE Java function provided by Microsoft is highly recommended.
b676c447d63a02f62a89b9ff3f9af087212f58f35bc9ad6a0a9796b988ac19d5Packet Storm new exploits for January, 2000.
cf20a80116f44e359c36f1310d2c241720193d078bd1fd5fe61f8611ffb51f6eThe Falcon Project (Free Application-Level CONnection kit) is an open firewall project with the intention of developing a free, secure and OS-independent firewall system. Falcon consists of three major modules: Falcons's own proxies (written in Perl); 3rd-party proxies (squid / qmail / BIND8), each modified for chroot environment; and general concepts for OS hardening, chrooting etc.
7a2b9a3992b33872cbc9dd94d248ae64bd67bd4678aadc13796e21844816a3edTiny FTPd 0.52 beta3 (Windows FTP Server) has remotely exploitable buffer overflow vulnerabilities. Even anonymous users can execute code. Exploit tested on Windows98(+IE5.01).
784d73176bc53e3f6a8141164175f061c982b7f2a9ab4e69dbf1be32a39bf336Bill Gates is Hitler.
eec2b550bd8e4a48c38075657c3295ef92095e0a0ee03e41bfcf18dd968837c7The Lost Art Of BBSing - Believe it or not, here in the year 2000 BBSing is not dead. Of course its not what it used to be, but its something for us who missed those days can look at and enjoy.
fadf0a36fd4b5fe43bb1c6adbb9d34b96c19170cd019a4b7532ffd48f185d971Sometimes administrators put directories in robots.txt that they want to hide from the search engines, without securing the directory. Sometimes the directories in robots.txt have interesting things in them.
8cd25df885343c07873c734d6dff7a63f38d84a3bfe29d8a677a4592abd2db5dCobalt Security Advisory 01.31.2000 - For RaQ 1 and RaQ 2, through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of the admin (root) account on the system. For RaQ 3, Through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of any regular user or Site Administrator on the system, but not admin(root). Bug and exploit by Chuck Pitre
b49a8243c0c2fd68ace840f156f0cecd581a55d7c322c6c72f4d02c5e21d6629RightFax Web Client v5.2 allows anyone to hijack user's faxes.
b1cf8e924a8955fbca00ac2f800a2f581144ff0653bec1c93bfc51551e925f07The "Strip Script Tags" feature in Firewall-1 can be circumvented by adding an extra less than sign before the SCRIPT tag. The code will still execute in both Navigator and Explorer.
63dba9e4776e49be0b9d685899d424e7c95359cd0499b13e8116377966747f78Recent PAM implementations allow you to use su to rapidly crack accounts without being logged. Tested on RH 6.1.
4e4445f9726601745b246b699479483fc7dc3fcd4f33a94228ee97377938b11aAutobuse.pl and angel.pl both use /tmp insecurely.
e96bc5a5d6a58a6d99fdf4f2b48f5919198db48c8383ae0c341ec5531f114accMany virus checking software skips directories entitled \\recycled or similar. This allows viruses and trojans a safe haven on many Windows 95, 98, and NT systems. Exploit code included.
9af5bd16d81c2440188d7267390a604c3a9aeef78af9be14823271983235e84eAn HP-UX 10.30/11.00 system can be used as an IP traffic amplifier. Small amounts of inbound traffic can result in larger amounts of outbound traffic, using ICMP MTU discovery packets.
b3dffec06406efee5100394c7eea5048622424f48ab11e19e3b911f471aaa935All flavors of BSD have local root procfs holes. Exploit included.
e80e268b12d42082937d820c1735685b1ec66dfb9078018b2f08715860ebe7c5There is a buffer overflow in Subseven 2.1a causing it to quit quietly, crash, or overwrite variables.
2f07ff322bd1707e1b2be738ea6088e6ee158ab41f6b739e2469343c59791e72SMS 2.0 Remote Control (for Windows NT) introduces a security risk that will allow the attacker to run programs in system context, due to the fact that the executable used for the remote control service is copied to the workstation without any special permission settings to prevent a user from replacing the executable.
ecf9194e228fffca1536075875597aa164caa88678a47c7b00c8b7811224195dMicroimages X server for Windows allows anyone to kill your session and start an xterm on your machine if they know you are using the software.
10a6a6ff142ffc7403a9e257d610ba412944eefa8619914e8a9757e90c52692aWindows NT webservers using ASP can under some circumstances reveal the path of the server. A variable holds information about the internal structure of the website.
aba865749f3c5363d49501aae179dd49f09d90b3beee7aa18d9c77e0e0529287IIScat exploits the recent Microsoft Index Server vulnerability to read any file on the server.
b7c4b6e010dfdef10ec42ca86fdf3e1f5edf403060a1d669be6df35af0740e79FreeVSD facilitates true Linux Virtual Servers within a 'chroot' environment, allowing Web servers and other applications to be deployed and administered discretely, without compromise to security. Each Virtual Server has its own IP address(es), Apache webserver, and view of the process table. FreeVSD expands the Linux system by creating a pseudo-'super user' (admin) for each Virtual Server. The admin user has the ability to create extra POP3/FTP and Telnet users and also administrate vital services such as the webserver.
450b8dc422ad5366cfc335c9af54a4be96a45abbb7891a147208d187307c6ce8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
