exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2000-10-31

netsec36.txt
Posted Oct 31, 2000
Site net-security.org

Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: The phpinfo() function in PHP gives out lots of server information, NAV misses certain folers, JRun problems with web-inf directory, JRun 2.3 arbitrary file retrieval and command execution, Microsoft Session ID cookie marking bug patch, Hotjava Browser 3.0 Javascript bug, Windows ME printer sharing vulnerability, SuSE ncurses vulnerability, NetBSD global 3.55 vulnerability, NetBSD GNU CFEngine remote vulnerability, Cisco VCO/4000 SNMP bug, PAM_MYSQL local and remote bugs, cisco catalyst 3500 xl remote command execution. Security news: Virus threats getting worse, final vote on secret searches expected, protecting freedom of expression, islamic attackers crash israeli web sites, global hacker agreement could affect bug hunters, and more.

tags | remote, web, arbitrary, local, php, javascript, virus
systems | cisco, linux, netbsd, windows, suse
SHA-256 | 7946ce1e34bb08f6ee159d00e5bccf582526f5ce73138c2b15024beed0e4b20b
labs56.txt
Posted Oct 31, 2000
Site ussrback.com

USSR Advisory #56 - The Ultraseek search engine v3.1 and 3.1.10 is vulnerable to a denial of service attack on many platforms.

tags | denial of service
SHA-256 | 90c4e91688a86ece22a4ad94f1018be2229bf35b7ed5ded7017f91face078428
FreeBSD Security Advisory 2000.60
Posted Oct 31, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:60 - The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root, because it did not correctly restrict URL-encoded requests containing ".." in the path. In addition, if CGI support is enabled, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server, allowing untrusted binary execution.

tags | remote, web, arbitrary, cgi, root
systems | freebsd
SHA-256 | 62dc6503a4f7104ca90055b77c10f1e33e686c834aef01bda51f317de99c4cb4
FreeBSD Security Advisory 2000.59
Posted Oct 31, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory - The pine4 port, versions 4.21 and before, contains a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder.

tags | remote, overflow, arbitrary, local
systems | freebsd
SHA-256 | 22f95fa5a1bb94352d57dbff940db325531e61a409d28dea0615f9726b8a7e94
FreeBSD Security Advisory 2000.58
Posted Oct 31, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:58 - Passwd, chfn, chpass, chsh, ypchfn, ypchpass, and ypchsh are suid root utilities for changing account information. Format string buffer overflow vulnerabilities have been found in code shared by these commands which allows local users to obtain root access.

tags | overflow, local, root, vulnerability
systems | freebsd
SHA-256 | 0239919c44b289f0c7136f858a10eef64a286094e512d74b2268e52d62481e96
sscan2k-pre6.HWA.tar.gz
Posted Oct 31, 2000
Authored by eth0 | Site hwa-security.net

Sscan2k is a remote auditing tool which scans for more than 200 known vulnerabilities that are able to be found remotely. Features remote OS detection to prevent unecessary bandwidth usage, a scripting language, modules, improved multiple host scanning, and easy configuration.

Changes: Bug fixes, enhancments, and more vulnerabilities checked for.
tags | remote, vulnerability
SHA-256 | 3523683cf6c1ec13cc211610d4c5467915a0ef2f6ce1ec789979c6fd67fc545c
emailscan-0.12.tar.gz
Posted Oct 31, 2000
Site download.sourceforge.net

EmailScan checks incoming multipart e-mails for bad file types, filenames, trojans, and viruses using procmail, calling Norton AntiVirus for scanning.

tags | trojan
systems | unix
SHA-256 | bd0d234ad1eab9bd06ac25d7a2e211ac83c0fc4595fbf936cbf974562f1da50d
A102600-1.txt
Posted Oct 31, 2000
Authored by David Goldsmith, Brian Carrier, Rex Warren | Site atstake.com

Atstake security advisory - This advisory describes a vulnerability that exists in Cisco Systems Virtual Central Office 4000 (VCO/4K). There is a vulnerability in the SNMP interface that allows an attacker to enumerate username and obfuscated password pairs for the Telnet interface. Since the obfuscation method used on the passwords is reversible, administrative access to the VCO/4K can be obtained. Perl proof of concept exploit included.

tags | perl, proof of concept
systems | cisco
SHA-256 | 7efd12964efef16b759d3fcdb2af9a30829c39d81b2e68ec5426c943032bfa96
core-sdi.iPlanet
Posted Oct 31, 2000
Site core-sdi.com

Core SDI Advisory CORE-20001026 - Netscape iPlanet webserver contains a directory traversal vulnerability and the administrator password is stores in clear text.

SHA-256 | 300fb8de9aa07985bdbd7012195021afed7dec5be63cb0b052c0a0dcd55162b7
netbsd.2000-015.passwd
Posted Oct 31, 2000

NetBSD Security Advisory 2000-015 - The pw_error() function of the system libutil library, used by several programs including the setuid passwd program, was vulnerable to a format string attack resulting in local root compromise.

tags | local, root
systems | netbsd
SHA-256 | 0bd58837c2ea7980937b6ae199b243b9a170c7e4f70bff757e2e5df990146a4b
netbsd.2000-014.global
Posted Oct 31, 2000

NetBSD Security Advisory 2000-014 - Global-3.55 and below allows remote users to execute arbitrary commands.

tags | remote, arbitrary
systems | netbsd
SHA-256 | e00899c0e255208ded76f38b9812dad970932a7c963afdc4d518d7ba7d807b8f
netbsd.2000-013.cfengine
Posted Oct 31, 2000

NetBSD Security Advisory 2000-013 - The cfd daemon in GNU CFEngine port contains several format string vulnerabilities in syslog() calls. This could permit remote hosts to inject the network daemon with a message causing a segmentation fault. As cfd is almost always run as root due to its nature (centralized configuration management), this could lead to a root compromise.

tags | remote, root, vulnerability
systems | netbsd
SHA-256 | a392e1028967dfd74f1427f253727f5d9d7dae1b650ec93ed68da41cb984d632
netbsd.2000-012.nis
Posted Oct 31, 2000

NetBSD Security Advisory 2000-012 - NIS client nodes may be vulnerable to a remote buffer overflow attack. If the node is configured to use NIS for hostname lookups, and a rogue NIS server is in a position to respond to a hostname lookup request, a malformed response could cause a denial of service due to abnormal program termination. In the worst case, an account could be hijacked.

tags | remote, denial of service, overflow
systems | netbsd
SHA-256 | 9690fedf1029bc414ba63b720b85705df2c468f2335478a505a2da0e0ca9449d
rhsa.2000-095-02.secureweb
Posted Oct 31, 2000
Site redhat.com

Red Hat Security Advisory - Security bugs in versions of Apache prior to 1.3.14 also affect Secure Web Server. A new release which incorporates 1.3.14 is now available.

tags | web
systems | linux, redhat
SHA-256 | a181d3fd1059016120a792f663ad268dd8d8ff7cedb6c5fa62b4b58a691b45f6
rhsa.2000-024-02.nss-ldap
Posted Oct 31, 2000
Site redhat.com

Red Hat Security Advisory - A race condition has been found in the nss_ldap package. On a system running nscd, a malicious user can cause the system to hang.

systems | linux, redhat
SHA-256 | b0ff2e8318af3671349742cf35fd68147fca878ced41e292fef56b78503daa80
guninski26.txt
Posted Oct 31, 2000
Authored by Georgi Guninski | Site nat.bg

Georgi Guninski security advisory #26 - Using specially designed URLs, IIS 5.0 may return user specified content to the browser. This poses great security risk, especially if the browser is JavaScript enabled and the problem is greater in IE. By clicking on links, just visiting hostile web pages or opening HTML email the target IIS sever may return user defined malicous active content. This is a bug in IIS 5.0, but it affects end users and is exploited with a browser. A typical exploit scenario is stealing cookies which may contain sensitive information.

tags | exploit, web, javascript
SHA-256 | 6b6ccfbe0c8d541e629a7ae9731b71c0ae8c45f405aa6e7a7b3f0a9674808daa
aps-0.18.tar.gz
Posted Oct 31, 2000
Authored by Christian Schulte | Site swrtec.de

Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. Includes a GTK gui to display each protocols packet counters.

Changes: Bug fixes and enhancments.
tags | tool, udp, sniffer, tcp, protocol
SHA-256 | 9f7c3cd569295c1cdf4136d97f28173acc1350d76768bab6baf4f6bccdf849f8
rtm.zip
Posted Oct 31, 2000
Site ntutility.com

Remote Task Manager is a system control interface that can be run from any Windows 2000/NT computer. The simple-to-use, tabbed interface separates applications, services, processes, events, shared resources and performance monitor, making each of these very easy to manage.

tags | remote
systems | windows
SHA-256 | 569b203ef3cd5f767a2ed01a8147892888393a27b455ff27fa0647469fcc9e42
devicelock.zip
Posted Oct 31, 2000
Site ntutility.com

Devicelock gives network administrators control over which users can access what removable devices (floppies, Magneto-Optical disks, CD-ROMs, ZIPs, etc.) on a local computer. It can protect network and local computers against viruses, trojans and other malicious programs often injected from removable disks. This version is for Windows 2000/NT. Windows ME version available here.

tags | local, trojan
systems | windows
SHA-256 | d634043d9e5c0f3c4702b759f31442d2b3ccdf37da90d802f092bd01cb2fce91
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close