FAQ on removing many different trojans. Updated frequently. Archive password is set to p4ssw0rd. Use at your own risk.
ce1c9542330a52c57585294e2e8631b1bf1baef9c32254906872f794d1b1af20LoWNOISE - ISMyASP - IIS ASP source code viewer using the ISM.DLL buffer truncation bug.
9241f106e5a1324d8a3d58d2cb7e0f90b573f60e513c6fc2476e0f44a3d799b3New Vulnerability found in Allmanage. This one gives access to the main admin panel where you can set a lot of options and variables. Websites using Allmanage Website Administration Software 2.6 with the upload ability contain an easily exploited vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main directory of the CGI script.
0e8435060a9e6771f7386b3732f06e361de8d7c64759e6a4602769a0519d780fFTP Server (Version 6.2/OpenBSD/Linux-0.10) and 6.3 ?? getwd() overflow. linux exploit, remote penetration. Submitted Anonymously.
82deb3b1e336420b047ae22a065a37491bc71fc6c6c4453cf3461919f13bcbfdNew TESO kscd exploit (cd player is KDE multimedia package)
e2cfafa7ac798db283b6758278403a70baea8c1bc09a51fe0721f706e1a5989aBlack Watch Labs Security Advisory #00-01 (Feb 17, 2000) - Search Engines (e.g. AltaVista and InfoSeek) can be used to reveal potential application-level vulnerabilities in indexed web sites. Easily formed queries which incorporate the "signature" of a suspected vulnerability can be used to list the sites which match the signature, that is, which contain the "suspicious" content. In some cases, hundreds of thousands of web sites can be located with one query. Check your site with the Site Checker, available here.
b23b5c9a49d3431454f6f18165fc7b311b2ec51ba209fb0c03bbdb689e5d4cb5Black Watch Labs Security Advisory #00-02 (March 6, 2000) - Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data. A mail application used by some free mail services employs a weak security scheme. It assigns session-IDs ("tokens") for logged-in users which allow reading of arbitrary users' messages and private information.
7815a9188518f7dca9bb895ee2d46cbe8a4c31d7ce086fa88d7be614939b7586Black Watch Labs Security Advisory #00-03 (March 21, 2000) - Some Infonautics' applications utilize the getdoc.cgi CGI in such a way that allows attackers to gain (read) access to a document they would otherwise have to pay in order to view. Exploit information included.
452d7b13a78df9296b9e59cb7fe9b53a341a3e312bef4a8b78dbb6ff6b070cbaBlack Watch Labs Security Advisory #00-05 (May 5, 2000) - Gossamer Threads DBMan (db.cgi) allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. DBMan dumps useful information (e.g. script location, HTTP root, version of Perl, server_admin, server_name, path) to the browser when the database file provided is incorrect. Perl exploit included.
485c3ed371b4d4908dc15aa1b5897004475b7ec04963a5c0d18aa9f693cc295dBlack Watch Labs Security Advisory #00-06 (May 10, 2000) - Environment and Setup Variables can be Viewed through FormMail.cgi Script. The FormMail.cgi script allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. The script will also happily send mail to an attackers mail account instead for analysis.
135d0a527bf7c613354d24bb5a6f2d074464d55112223f28116ab0b356802998netprex.c is a SPARC / i386 buffer overflow root exploit for /usr/lib/lp/bin/netpr. Tested on Solaris 2.6 & 2.7.
21278b338507f51451755de48454f9dbe57552b2e6b8eb5518d045548be3b193
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed