Twenty Year Anniversary
Showing 1 - 14 of 14 RSS Feed

Files Date: 2000-09-15

iss.summary.5.8
Posted Sep 15, 2000
Site xforce.iss.net

ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.

tags | java, remote, shell, cgi, perl, spoof
systems | linux, windows, solaris, irix
MD5 | a8fcb99a030ab278b4a826a50c1ba680
RWSaverBust.zip
Posted Sep 15, 2000
Authored by Ratware

Ratware Win9x Screen Saver Buster V1.0 is a tool for busting into a Win9x PC that has a screen saver/password active. It needs to be cut to a CD, inserted into the said PC, and works by exploiting the autoplay 'feature' to disable the screen saver password.

systems | windows
MD5 | caf4e25a09189d1c2dca3bd38fc1ded4
Dicgen.zip
Posted Sep 15, 2000
Authored by ERADiCATOR/Ceara Ratz

Dicgen is dictionary file creator (DOS). Easy to use interface and options, extremely fast, introduce any variables and generate any combination type.

tags | cracker
MD5 | 8184ba3fb25e32a7a9020e3416c8daf6
anomy-sanitizer-1.26.tar.gz
Posted Sep 15, 2000
Authored by Bjarni R. Einarsson | Site mailtools.anomy.net

The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.

Changes: Fixed a bug which caused HTML to be sanitized in message headers, fixed a problem with inline uuencoded attachments, added protection against empty boundary string attacks against Exchange Server 5.5.
tags | trojan, perl, javascript, virus
systems | unix
MD5 | fbe97ac9224ed25db858c62b6f9d24cc
win_2000.telnet.tgz
Posted Sep 15, 2000
Authored by Monti

The Windows 2000 Telnet client can be launched via email or browser and automatically passes NTLM authentication credentials to a telnet server. Proof of concept exploit includes a modified telnet server which causes the w2k telnet client to auto authenticate and prehash-ntlm.c which can be used to launch a dictionary attack against a retrieved hash.

tags | exploit, proof of concept
systems | windows, 2k
MD5 | 25a1847eda14ef7855f49a94e3437a45
MultiHTML.txt
Posted Sep 15, 2000
Authored by Niels Heinen

MultiHTML (/cgi-bin/multihtml.pl)is a CGI script which has a vulnerability allowing remote users to read any file on the webserver.

tags | exploit, remote, cgi
MD5 | 5e573ce26e9b981f75ae9e567ede7b4d
rhsa.2000-058-03.screen
Posted Sep 15, 2000
Site redhat.com

Red Hat Security Advisory - A format string vulnerability in screen allows local users to become root.

tags | local, root
systems | linux, redhat
MD5 | 79f6ea093dd9a800a7dc0ea91aef303d
A091400-1
Posted Sep 15, 2000
Site atstake.com

@Stake Advisory A091400-1 - The Windows 2000 telnet client, which relies upon NTLM authentication protocol, may be launched via email or a browser and automatically attempts to authenticate with any host it contacts without prompting the user for any information. A malicious user can crack the authentication to reveal passwords.

tags | protocol
systems | windows, 2k
MD5 | 6450bf7d01648d500e1c689e465bc4dc
FreeBSD Security Advisory 2000.44
Posted Sep 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.

tags | root
systems | freebsd
MD5 | 3686546aaf47ba4acc5953a980da41ab
coding-with-the-dns-protocol.txt
Posted Sep 15, 2000
Authored by JimJones | Site zsh.interniq.org

Coding with the DNS protocol v2 - Includes DNS basics, How to decode DNS packets by hand, Parsing DNS replies, advanced DNS techniques, and DNS Security Mechanisms. Well written, contains lots of in depth information and example code.

tags | paper, protocol
MD5 | 504a075312f23bbc251cd6ae19242a62
sambar-http.txt
Posted Sep 15, 2000
Authored by Dethy | Site synnergy.net

Sambar Server 4.4 Beta 3 and below for WinNT, Win95 OSR2, (possibly Linux affected) contains a vulnerability which allows remote users to browse the filesystem of the webserver. Fix available here.

tags | exploit, remote
systems | linux, windows, 9x
MD5 | 6453edd84b9a1cd9146493d0063a1de0
mailspoof.txt
Posted Sep 15, 2000
Authored by Kaox

Very basic guide to sending fakemail.

tags | paper
MD5 | ce426d903f50c581278696ac4a2fa86e
vtgrab-0.1.2.tar.gz
Posted Sep 15, 2000
Authored by Tim Waugh | Site people.redhat.com

UNIX/misc/vtgrab-0.1.2.tar.gz 0 Vtgrab is a utility for monitoring the screen of another machine. It only works for text consoles.

systems | unix
MD5 | 22ac3f83315ed270c6546c4e34b97fc5
set23.zip
Posted Sep 15, 2000
Authored by set | Site thepentagon.com

Saqueadores Edicion Tecnica Issue #23 (En Espanol) - Features articles on RPC hacking, MIPS R2000, electronics, an interview with Mixter, Domino tips & hacks, ADSL.

tags | magazine
MD5 | 8326393886ca8c3aadf055057d471909
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    14 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close