what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2000-06-01

iss.summary.5.5
Posted Jun 1, 2000

ISS Security Alert Summary June 1, 2000 - 78 new vulnerabilities have been reported in this quarter. This document has links to more information and full advisories on each. Includes: linux-cdrecord-execute, xlock-bo-read-passwd, bsd-syscall-cpu-dos, win-browser-hostannouncement, nai-webshield-config-mod, nai-webshield-bo, mdbms-bo, mailsite-get-overflow, hp-jetadmin-malformed-url-dos, hp-jetadmin-directory-traversal, deerfield-mdaemon-dos, cayman-dsl-dos, carello-file-duplication, netscape-ssl-certificate, cobalt-cgiwrap-bypass, gnome-gdm-bo, linux-fdmount-bo, qualcomm-qpopper-euidl, cart32-price-change, gauntlet-cyberdaemon-bo, ip-fragment-reassembly-dos, domino-doc-modify, domino-web-apps-access, axent-netprowler-ipfrag-dos, lotus-domino-esmtp-bo, linux-masquerading-dos, netice-icecap-alert-execute, netice-icecap-default, beos-tcp-frag-dos, ie-frame-domain-verification, ie-malformed-component-attribute, kerberos-krb-rd-req-bo, kerberos-krb425-conv-principal-bo, kerberos-ksu-bo, kscd-shell-env-variable, cproxy-http-dos, emurl-account-access, eudora-long-attachment-filename, ie-active-movie-control, antisniff-dns-overflow, delphi-ics-dot-attack, netscape-invalid-ssl-sessions, sol-netpr-bo, ie-cookie-disclosure, iis-malformed-information-extension, iis-url-extension-data-dos, netscape-import-certificate-symlink, ssh-zedz-consultants, coldfusion-cfcache-dos, http-cgi-formmail-environment, libmytinfo-bo, netopia-snmp-comm-strings, gnapster-view-files, netstructure-root-compromise, netstructure-wizard-mode, allaire-clustercats-url-redirect, aolim-file-path, iis-shtml-reveal-path, http-cgi-dbman-db, http-cgi-dnews-bo, ultraboard-cgi-dos, aladdin-etoken-pin-reset, http-cgi-dmailweb-bo, interscan-viruswall-bo, quake3-auto-download, ultraboard-printabletopic-fileread, cart32-expdate, cisco-online-help, hp-shutdown-privileges, http-cgi-listserv-wa-bo, aaabase-execute-dot-files, aaabase-file-deletion, macos-appleshare-invalid-range, win-netbios-source-null, linux-knfsd-dos, macos-filemaker-anonymous-email, and macos-filemaker-email. ISS X-Force homepage here.

tags | web, overflow, shell, cgi, root, tcp, vulnerability
systems | cisco, linux, bsd, beos
MD5 | ec9562e711414470d3f982f7b743141d
resecure-0.3.1.tar.gz
Posted Jun 1, 2000
Authored by Doxavg | Site danger.ms

resecure was created out of the need for a program to re-chmod and chflag literally hundreds of files after system upgrades. This program was created on OpenBSD and NetBSD, your mileage may (and will) vary on other operating systems.

tags | tool
systems | netbsd, unix, openbsd
MD5 | e8b27b81e63a2017aede4f622544bec1
spad01.txt
Posted Jun 1, 2000
Authored by SecPoint | Site secpoint.com

Security Point Advisory #001 - Java Internet Shop allows users to change the prices on items. The Danish Shopexpress, and the English Zilron StoreCreator version 3.0 and below are vulnerable, an estimated 2500 online shops are running this software.

tags | exploit, java
MD5 | 907c97580c5ffb6efce6cc71d6f7e3c3
netbsd.2000-006.ftpchroot
Posted Jun 1, 2000

NetBSD Security Advisory 2000-006 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.

tags | kernel, local
systems | netbsd
MD5 | 6805e4d1e8eeae8ff316502ad6fe5dfe
netbsd.2000-005.cpu-hog
Posted Jun 1, 2000

NetBSD Security Advisory 2000-005 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.

tags | kernel, local
systems | netbsd
MD5 | 9068fabf8d12d34c31c12d820100f32a
netbsd.2000-004.semaphore
Posted Jun 1, 2000

NetBSD Security Advisory 2000-004 - An undocumented system call permits any user process to lock up the entire semaphore subsystem, preventing processes using semaphores from locking or unlocking them, and preventing processes holding semaphores from exiting.

systems | netbsd
MD5 | 8113384b76d2a42786fe67eb1c07ed8d
rhsa.2000-05-05.majordomo
Posted Jun 1, 2000

Red Hat Security Advisory RHSA-2000:005-05 - New majordomo packages are available to fix local security problems in majordomo. A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of arbitrary commands with elevated privileges.

tags | arbitrary, local
systems | linux, redhat
MD5 | 4b3cc0962b68277a991bb189f9fa5ccd
Srv_gIrC1_81-4.zip
Posted Jun 1, 2000
Authored by RazboiniK | Site members.xoom.com

IRC plugin for BO2K v1.0. It is an IRC client, Channel Bot style. Is fully customizable and once logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc. Archive password is set to p4ssw0rd. Use at your own risk.

Changes: Added a packet flooder for taking down connections.
tags | remote, trojan
MD5 | f7eb60f086b75d8ed1fe1d6c4f1e4e94
elmex.c
Posted Jun 1, 2000
Authored by Funkysh

Elm 2.4 PL25 local GID mail exploit. Tested under Slackware 3.6, 4.0, Redhat 5.0, and 5.1.

tags | exploit, local
systems | linux, redhat, slackware
MD5 | 84c2a42060c93dc35a0981f76b4efbd8
mailx.c
Posted Jun 1, 2000
Authored by Funkysh

Mailx local exploit - Tested on Slackware 3.6, 4.0, and 7.0 and Debian 2.0r2, 2.1, 2.2. Gives GID mail shell.

tags | exploit, shell, local
systems | linux, slackware, debian
MD5 | 08c53728f4446e04a48ab38c31599773
lsi_v1.0_RH.sh
Posted Jun 1, 2000
Authored by Wouter ter Maat | Site team-tss.online.cx

TSS v1.0beta1 is a shell script to check the local security of a Red Hat 6.0 / 6.1 / 6.2 machine. It checks for crontab, userhelper, shadow passwords, and the piranha account.

tags | shell, local
systems | linux, redhat
MD5 | dd0d87e7c5d58c77d4b9974c8149408d
Cidspecs.zip
Posted Jun 1, 2000

This document provides specifications for the Austrailian Calling Line Identification presentation for Analogue (CLIPA) service. The service may also be as Calling Number Display or Caller ID. Thanks to Biftek

tags | telephony
MD5 | ca15db17f56dcc8b22cb9214f474c8c3
mdbms.c
Posted Jun 1, 2000
Authored by TDP

MDBMS V0.96b6 remote root exploit - This code demonstrates a MDBMS v0.96b6 vulnerability which allows any remote user to exec a root shell. Tested on Linux SuSE 6.3.

tags | exploit, remote, shell, root
systems | linux, suse
MD5 | edd974162529ec9ffcd752497820e4ba
kill_sntsd.pl
Posted Jun 1, 2000
Authored by Ben Taylor

A remote buffer overflow has been disvovered in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. Possible remote root compromise - denial of service exploit included.

tags | exploit, remote, denial of service, overflow, root
systems | linux, redhat
MD5 | fc66c9697479aa4ab0a4f562f54f625b
winsd.053100.txt
Posted Jun 1, 2000
Authored by winsd | Site win2000mag.com

Windows Security Update - May 31, 2000. In this issue: Think You're Safe from Sniffing?, Windows Computer Browser Denial of Service, Master Browser Denial of Service, WebShield SMTP Buffer Overflow Condition, Buffer Overflows in PDGSoft Shopping Cart, Mailsite Buffer Overflow, News: Beware of Killer Resumes, News: Microsoft Delays Outlook Security Update, Tip: Microsoft's Online Security Papers, and Windows 2000 Security: Creating a Custom Password-Reset MMC.

tags | denial of service, overflow, magazine
systems | windows, 2k
MD5 | a49ad721719853c3a55860414e5e4af0
freeswan-1.4.tar.gz
Posted Jun 1, 2000
Site xs4all.nl

Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) allowing you to build secure tunnels through untrusted networks. The 1.00 version can work with with other IPSEC and IKE systems already deployed by other vendors such as OpenBSD.

Changes: Fix for a nasty sequence number bug which would cause all subsequent packets in the connection to be rejected, automatic RSA key generation, assorted bug fixes and speed improvements.
tags | tool, kernel, firewall
systems | linux, unix, openbsd
MD5 | 4c81067f1c17864c9e0a31e69acf9aa5
Mail_bof.c
Posted Jun 1, 2000
Authored by vade79, realhalo | Site realhalo.org

/usr/bin/Mail local linux exploit which gives gid=12 shell. Tested against Slackware 3.6 and 7.0.

tags | exploit, shell, local
systems | linux, slackware
MD5 | 13e6349984d9264e78e788520645cbf1
hammer2k.c
Posted Jun 1, 2000
Authored by Threx | Site inferno.tusculum.edu

hammer2k.c v0.8 is a simple denial of service tool which makes multiple open connections to a destination host/port.

tags | denial of service
MD5 | 7e5e8357e538c41b9000c0d7681fdfc4
motion-0.2.tar.gz
Posted Jun 1, 2000
Authored by Jeroen Vreeken | Site motion.technolust.cx

motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email and SMS messages when detecting motion.

systems | linux
MD5 | e3280869e177cf67ba92ed9902b8fc96
kdbg-1.1.3.tar.gz
Posted Jun 1, 2000
Site members.telecom.at

KDbg is a graphical user interface to gdb, the GNU debugger. It provides an intuitive interface for setting breakpoints, inspecting variables, and stepping through code.

Changes: This is the newest developmental version.
systems | linux
MD5 | d88148a3c5fd93d5245e6abd34b0206f
magdalena.pl
Posted Jun 1, 2000
Authored by r00tabega, Futant | Site r00tabega.com

Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.

tags | web, cgi, perl
MD5 | 61c76bb5db7783afa4a66946d68bfe06
wordmake0.2.pl
Posted Jun 1, 2000
Authored by Linga

WordMake is a dictionary file creator. It takes a text file and makes dictionary files from them.

Changes: There was a minor bug with filtering word sizes which has been corrected and I added some extra functionality which I found to be necessary - Now accepts a whole directory of text files to merge.
tags | cracker
MD5 | 62a95cbc5f48def60838a3f0df5df787
majordomo.txt
Posted Jun 1, 2000
Authored by Federico Schwindt | Site core-sdi.com

The mailinglist software majordomo has several local vulnerabilties. Local commands can be run wuth the UID and GID equal to the one used for majordomo. Exploit details and patch included.

tags | exploit, local
MD5 | bb09677397e1aae2595b1dfa15e916f8
phpfwgen-1.0.tar.gz
Posted Jun 1, 2000
Authored by Del | Site phpfwgen.sourceforge.net

The PHP firewall generator is a simple PHP script that generates a firewall script for ipchains-based firewalls. The aim is to support an easily configurable rule set similar to those supported by commercial firewall systems.

Changes: First stable release - a few minor script generation changes were made.
tags | tool, php, firewall
systems | linux
MD5 | 40ac8bef3abcbb3e307e1e07a19e797a
b0g-5.txt
Posted Jun 1, 2000
Authored by b0g | Site b0g.org

B0g Issue 5 - In this issue: Interview with rfp, how to beat credit card verifications and all about credit card algorythms, The truth about ICQ, Programming your Nokia cellphone, Coding GTK+ and GNOME, and much more.

tags | magazine
MD5 | 84118c631fb08e8b0e0f43b864595742
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close