Twenty Year Anniversary
Showing 1 - 14 of 14 RSS Feed

Files Date: 2000-09-15

Posted Sep 15, 2000

ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.

tags | java, remote, shell, cgi, perl, spoof
systems | linux, windows, solaris, irix
MD5 | a8fcb99a030ab278b4a826a50c1ba680
Posted Sep 15, 2000
Authored by Ratware

Ratware Win9x Screen Saver Buster V1.0 is a tool for busting into a Win9x PC that has a screen saver/password active. It needs to be cut to a CD, inserted into the said PC, and works by exploiting the autoplay 'feature' to disable the screen saver password.

systems | windows
MD5 | caf4e25a09189d1c2dca3bd38fc1ded4
Posted Sep 15, 2000
Authored by ERADiCATOR/Ceara Ratz

Dicgen is dictionary file creator (DOS). Easy to use interface and options, extremely fast, introduce any variables and generate any combination type.

tags | cracker
MD5 | 8184ba3fb25e32a7a9020e3416c8daf6
Posted Sep 15, 2000
Authored by Bjarni R. Einarsson | Site

The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.

Changes: Fixed a bug which caused HTML to be sanitized in message headers, fixed a problem with inline uuencoded attachments, added protection against empty boundary string attacks against Exchange Server 5.5.
tags | trojan, perl, javascript, virus
systems | unix
MD5 | fbe97ac9224ed25db858c62b6f9d24cc
Posted Sep 15, 2000
Authored by Monti

The Windows 2000 Telnet client can be launched via email or browser and automatically passes NTLM authentication credentials to a telnet server. Proof of concept exploit includes a modified telnet server which causes the w2k telnet client to auto authenticate and prehash-ntlm.c which can be used to launch a dictionary attack against a retrieved hash.

tags | exploit, proof of concept
systems | windows, 2k
MD5 | 25a1847eda14ef7855f49a94e3437a45
Posted Sep 15, 2000
Authored by Niels Heinen

MultiHTML (/cgi-bin/ a CGI script which has a vulnerability allowing remote users to read any file on the webserver.

tags | exploit, remote, cgi
MD5 | 5e573ce26e9b981f75ae9e567ede7b4d
Posted Sep 15, 2000

Red Hat Security Advisory - A format string vulnerability in screen allows local users to become root.

tags | local, root
systems | linux, redhat
MD5 | 79f6ea093dd9a800a7dc0ea91aef303d
Posted Sep 15, 2000

@Stake Advisory A091400-1 - The Windows 2000 telnet client, which relies upon NTLM authentication protocol, may be launched via email or a browser and automatically attempts to authenticate with any host it contacts without prompting the user for any information. A malicious user can crack the authentication to reveal passwords.

tags | protocol
systems | windows, 2k
MD5 | 6450bf7d01648d500e1c689e465bc4dc
FreeBSD Security Advisory 2000.44
Posted Sep 15, 2000
Authored by The FreeBSD Project | Site

FreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.

tags | root
systems | freebsd
MD5 | 3686546aaf47ba4acc5953a980da41ab
Posted Sep 15, 2000
Authored by JimJones | Site

Coding with the DNS protocol v2 - Includes DNS basics, How to decode DNS packets by hand, Parsing DNS replies, advanced DNS techniques, and DNS Security Mechanisms. Well written, contains lots of in depth information and example code.

tags | paper, protocol
MD5 | 504a075312f23bbc251cd6ae19242a62
Posted Sep 15, 2000
Authored by Dethy | Site

Sambar Server 4.4 Beta 3 and below for WinNT, Win95 OSR2, (possibly Linux affected) contains a vulnerability which allows remote users to browse the filesystem of the webserver. Fix available here.

tags | exploit, remote
systems | linux, windows, 9x
MD5 | 6453edd84b9a1cd9146493d0063a1de0
Posted Sep 15, 2000
Authored by Kaox

Very basic guide to sending fakemail.

tags | paper
MD5 | ce426d903f50c581278696ac4a2fa86e
Posted Sep 15, 2000
Authored by Tim Waugh | Site

UNIX/misc/vtgrab-0.1.2.tar.gz 0 Vtgrab is a utility for monitoring the screen of another machine. It only works for text consoles.

systems | unix
MD5 | 22ac3f83315ed270c6546c4e34b97fc5
Posted Sep 15, 2000
Authored by set | Site

Saqueadores Edicion Tecnica Issue #23 (En Espanol) - Features articles on RPC hacking, MIPS R2000, electronics, an interview with Mixter, Domino tips & hacks, ADSL.

tags | magazine
MD5 | 8326393886ca8c3aadf055057d471909
Page 1 of 1

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By