what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2000-06-01

iss.summary.5.5
Posted Jun 1, 2000

ISS Security Alert Summary June 1, 2000 - 78 new vulnerabilities have been reported in this quarter. This document has links to more information and full advisories on each. Includes: linux-cdrecord-execute, xlock-bo-read-passwd, bsd-syscall-cpu-dos, win-browser-hostannouncement, nai-webshield-config-mod, nai-webshield-bo, mdbms-bo, mailsite-get-overflow, hp-jetadmin-malformed-url-dos, hp-jetadmin-directory-traversal, deerfield-mdaemon-dos, cayman-dsl-dos, carello-file-duplication, netscape-ssl-certificate, cobalt-cgiwrap-bypass, gnome-gdm-bo, linux-fdmount-bo, qualcomm-qpopper-euidl, cart32-price-change, gauntlet-cyberdaemon-bo, ip-fragment-reassembly-dos, domino-doc-modify, domino-web-apps-access, axent-netprowler-ipfrag-dos, lotus-domino-esmtp-bo, linux-masquerading-dos, netice-icecap-alert-execute, netice-icecap-default, beos-tcp-frag-dos, ie-frame-domain-verification, ie-malformed-component-attribute, kerberos-krb-rd-req-bo, kerberos-krb425-conv-principal-bo, kerberos-ksu-bo, kscd-shell-env-variable, cproxy-http-dos, emurl-account-access, eudora-long-attachment-filename, ie-active-movie-control, antisniff-dns-overflow, delphi-ics-dot-attack, netscape-invalid-ssl-sessions, sol-netpr-bo, ie-cookie-disclosure, iis-malformed-information-extension, iis-url-extension-data-dos, netscape-import-certificate-symlink, ssh-zedz-consultants, coldfusion-cfcache-dos, http-cgi-formmail-environment, libmytinfo-bo, netopia-snmp-comm-strings, gnapster-view-files, netstructure-root-compromise, netstructure-wizard-mode, allaire-clustercats-url-redirect, aolim-file-path, iis-shtml-reveal-path, http-cgi-dbman-db, http-cgi-dnews-bo, ultraboard-cgi-dos, aladdin-etoken-pin-reset, http-cgi-dmailweb-bo, interscan-viruswall-bo, quake3-auto-download, ultraboard-printabletopic-fileread, cart32-expdate, cisco-online-help, hp-shutdown-privileges, http-cgi-listserv-wa-bo, aaabase-execute-dot-files, aaabase-file-deletion, macos-appleshare-invalid-range, win-netbios-source-null, linux-knfsd-dos, macos-filemaker-anonymous-email, and macos-filemaker-email. ISS X-Force homepage here.

tags | web, overflow, shell, cgi, root, tcp, vulnerability
systems | cisco, linux, bsd, beos
SHA-256 | 4db0d03fb6271c35418d4d58ecec415169ad7a59e0467e9f65044a7c79068f6e
resecure-0.3.1.tar.gz
Posted Jun 1, 2000
Authored by Doxavg | Site danger.ms

resecure was created out of the need for a program to re-chmod and chflag literally hundreds of files after system upgrades. This program was created on OpenBSD and NetBSD, your mileage may (and will) vary on other operating systems.

tags | tool
systems | netbsd, unix, openbsd
SHA-256 | cf268a40cda3c253f74847e77badba0f59b3062ca9c016564d1266b4e2b47c2f
spad01.txt
Posted Jun 1, 2000
Authored by SecPoint | Site secpoint.com

Security Point Advisory #001 - Java Internet Shop allows users to change the prices on items. The Danish Shopexpress, and the English Zilron StoreCreator version 3.0 and below are vulnerable, an estimated 2500 online shops are running this software.

tags | exploit, java
SHA-256 | 259866f2adad0030783104f4b506b750a78f941517845084f067935aba3a0cf3
netbsd.2000-006.ftpchroot
Posted Jun 1, 2000

NetBSD Security Advisory 2000-006 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.

tags | kernel, local
systems | netbsd
SHA-256 | cac750a58cf9b85d2630794215188083198ea320a7a11c55b56b766d530a2dea
netbsd.2000-005.cpu-hog
Posted Jun 1, 2000

NetBSD Security Advisory 2000-005 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.

tags | kernel, local
systems | netbsd
SHA-256 | f386ac97b48ce8e1bd94b4c276d31ed35256067003b8a2673f30c9f9fe95f974
netbsd.2000-004.semaphore
Posted Jun 1, 2000

NetBSD Security Advisory 2000-004 - An undocumented system call permits any user process to lock up the entire semaphore subsystem, preventing processes using semaphores from locking or unlocking them, and preventing processes holding semaphores from exiting.

systems | netbsd
SHA-256 | c73d42a54f6b2912c562ac008d2fceb0d23730edbc94c5372e844549d8e71073
rhsa.2000-05-05.majordomo
Posted Jun 1, 2000

Red Hat Security Advisory RHSA-2000:005-05 - New majordomo packages are available to fix local security problems in majordomo. A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of arbitrary commands with elevated privileges.

tags | arbitrary, local
systems | linux, redhat
SHA-256 | 335a18f69e394b56f77517ae17b776dfea41714d7b2f7061ba20ed1b34fc910f
Srv_gIrC1_81-4.zip
Posted Jun 1, 2000
Authored by RazboiniK | Site members.xoom.com

IRC plugin for BO2K v1.0. It is an IRC client, Channel Bot style. Is fully customizable and once logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc. Archive password is set to p4ssw0rd. Use at your own risk.

Changes: Added a packet flooder for taking down connections.
tags | remote, trojan
SHA-256 | 18cd597a1c6e11fcc902e1acf7ffa0538203c48f8ea6ba475b97f1cc3139c423
elmex.c
Posted Jun 1, 2000
Authored by Funkysh

Elm 2.4 PL25 local GID mail exploit. Tested under Slackware 3.6, 4.0, Redhat 5.0, and 5.1.

tags | exploit, local
systems | linux, redhat, slackware
SHA-256 | 558a726bce68d1bb599a32adc7f23c60678255c07a67495d810c8a54c8097694
mailx.c
Posted Jun 1, 2000
Authored by Funkysh

Mailx local exploit - Tested on Slackware 3.6, 4.0, and 7.0 and Debian 2.0r2, 2.1, 2.2. Gives GID mail shell.

tags | exploit, shell, local
systems | linux, slackware, debian
SHA-256 | a39f3080841f007cde7492636ec28cae360eb3bb27286828a964f551aab0e2c5
lsi_v1.0_RH.sh
Posted Jun 1, 2000
Authored by Wouter ter Maat | Site team-tss.online.cx

TSS v1.0beta1 is a shell script to check the local security of a Red Hat 6.0 / 6.1 / 6.2 machine. It checks for crontab, userhelper, shadow passwords, and the piranha account.

tags | shell, local
systems | linux, redhat
SHA-256 | 9fa3b6ef947a7571137474a5b4bf84a40a8686f6ff8439281116a26b4c4cad24
Cidspecs.zip
Posted Jun 1, 2000

This document provides specifications for the Austrailian Calling Line Identification presentation for Analogue (CLIPA) service. The service may also be as Calling Number Display or Caller ID. Thanks to Biftek

tags | telephony
SHA-256 | 42494334b00e46047d8803c98d10d0c7bc403c4d1dcd2298b5688d9197519881
mdbms.c
Posted Jun 1, 2000
Authored by TDP

MDBMS V0.96b6 remote root exploit - This code demonstrates a MDBMS v0.96b6 vulnerability which allows any remote user to exec a root shell. Tested on Linux SuSE 6.3.

tags | exploit, remote, shell, root
systems | linux, suse
SHA-256 | de6ae98a613246fac73e111c7f8a950caf984cf19ee3796d0a0406e994e6fd8a
kill_sntsd.pl
Posted Jun 1, 2000
Authored by Ben Taylor

A remote buffer overflow has been disvovered in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. Possible remote root compromise - denial of service exploit included.

tags | exploit, remote, denial of service, overflow, root
systems | linux, redhat
SHA-256 | 55b117d15f47c9c6692c959b4980c558e51d2b5eb35a168825c610287185c171
winsd.053100.txt
Posted Jun 1, 2000
Authored by winsd | Site win2000mag.com

Windows Security Update - May 31, 2000. In this issue: Think You're Safe from Sniffing?, Windows Computer Browser Denial of Service, Master Browser Denial of Service, WebShield SMTP Buffer Overflow Condition, Buffer Overflows in PDGSoft Shopping Cart, Mailsite Buffer Overflow, News: Beware of Killer Resumes, News: Microsoft Delays Outlook Security Update, Tip: Microsoft's Online Security Papers, and Windows 2000 Security: Creating a Custom Password-Reset MMC.

tags | denial of service, overflow, magazine
systems | windows
SHA-256 | 484221b76e8570ae37972f242cef601dbca92c164131328b25d3201000aaae4d
freeswan-1.4.tar.gz
Posted Jun 1, 2000
Site xs4all.nl

Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) allowing you to build secure tunnels through untrusted networks. The 1.00 version can work with with other IPSEC and IKE systems already deployed by other vendors such as OpenBSD.

Changes: Fix for a nasty sequence number bug which would cause all subsequent packets in the connection to be rejected, automatic RSA key generation, assorted bug fixes and speed improvements.
tags | tool, kernel, firewall
systems | linux, unix, openbsd
SHA-256 | 7ce8735430b823650c4c4f20631372405c2421e0ed3a37d258f050957ec2a17b
Mail_bof.c
Posted Jun 1, 2000
Authored by vade79, realhalo | Site realhalo.org

/usr/bin/Mail local linux exploit which gives gid=12 shell. Tested against Slackware 3.6 and 7.0.

tags | exploit, shell, local
systems | linux, slackware
SHA-256 | fed3606029a826006dd84ce7fd68f8f7eb73b112fa86dd79c0364186eaf429cf
hammer2k.c
Posted Jun 1, 2000
Authored by Threx | Site inferno.tusculum.edu

hammer2k.c v0.8 is a simple denial of service tool which makes multiple open connections to a destination host/port.

tags | denial of service
SHA-256 | 3db6d684de52e8e44e6cfa3a11986fd7ca4fe6eda5993221e841496a363a7549
motion-0.2.tar.gz
Posted Jun 1, 2000
Authored by Jeroen Vreeken | Site motion.technolust.cx

motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email and SMS messages when detecting motion.

systems | linux
SHA-256 | 441eef8eb61edb77f26df740256f7b34baa2eb5960ecbfe547741c607c31efd4
kdbg-1.1.3.tar.gz
Posted Jun 1, 2000
Site members.telecom.at

KDbg is a graphical user interface to gdb, the GNU debugger. It provides an intuitive interface for setting breakpoints, inspecting variables, and stepping through code.

Changes: This is the newest developmental version.
systems | linux
SHA-256 | f27294a1a3939c2f7b928d6c143799e533f840cc88ee7a4f439ed3073340ba0b
magdalena.pl
Posted Jun 1, 2000
Authored by r00tabega, Futant | Site r00tabega.com

Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.

tags | web, cgi, perl
SHA-256 | ccc299ad0540b9e3f12b44614383906c104dcf932edf981963b113749e28fa08
wordmake0.2.pl
Posted Jun 1, 2000
Authored by Linga

WordMake is a dictionary file creator. It takes a text file and makes dictionary files from them.

Changes: There was a minor bug with filtering word sizes which has been corrected and I added some extra functionality which I found to be necessary - Now accepts a whole directory of text files to merge.
tags | cracker
SHA-256 | e741416659649408bd045bbcd4e66fd8dee9dcc602fa6b1a6867ce6bb2b61e89
majordomo.txt
Posted Jun 1, 2000
Authored by Federico Schwindt | Site core-sdi.com

The mailinglist software majordomo has several local vulnerabilties. Local commands can be run wuth the UID and GID equal to the one used for majordomo. Exploit details and patch included.

tags | exploit, local
SHA-256 | e5ee7bb2c827ab5e443ead682e7790a52f4edeadd0ca30218cadd5031c86e15b
phpfwgen-1.0.tar.gz
Posted Jun 1, 2000
Authored by Del | Site phpfwgen.sourceforge.net

The PHP firewall generator is a simple PHP script that generates a firewall script for ipchains-based firewalls. The aim is to support an easily configurable rule set similar to those supported by commercial firewall systems.

Changes: First stable release - a few minor script generation changes were made.
tags | tool, php, firewall
systems | linux
SHA-256 | 75870a3ad66d565d8ec1e15c416368805578c8f019f751eb48ebfaa0683fbbe0
b0g-5.txt
Posted Jun 1, 2000
Authored by b0g | Site b0g.org

B0g Issue 5 - In this issue: Interview with rfp, how to beat credit card verifications and all about credit card algorythms, The truth about ICQ, Programming your Nokia cellphone, Coding GTK+ and GNOME, and much more.

tags | magazine
SHA-256 | 0ac488742cceb9a224cc8f6cf5ade5557185405aaa74c9379cf2688d37ea82b8
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close