what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2001-05-17

Posted May 17, 2001
Authored by Filip Maertens | Site vorlon.hexyn.be

Execiis.c is a remote exploit for Bugtraq ID 2708 - Microsoft IIS CGI filename decode error.

tags | exploit, remote, cgi
SHA-256 | 930daed1380743902694409c2275d36ed101487eb3dbd8df8b795068aba598ba
Posted May 17, 2001
Authored by Roelof Temmingh | Site sensepost.com

Sensedecode.tgz includes 2 perl scripts which exploit the IIS url decoding bug. Decodecheck.pl checks for hosts that have the "decode" problem, and decodexecute executes code using the decoding problem, with redirection.

tags | exploit, perl
SHA-256 | d32db266c769e68dd5e55144cdff5aac3d5f570243d3c50560169d168c96b542
Posted May 17, 2001
Site sunsolve.sun.com

Patch advisory for Sun Microsystems. Please read for details.

tags | arbitrary, x86, kernel, local, vulnerability
systems | solaris
SHA-256 | 32540a48fb5a0d8bc07e1670adc87f356549fa4519834303ac657833bc9d8420
Internet Security Systems Security Alert May 15, 2001
Posted May 17, 2001
Site xforce.iss.net

A flaw exists in Microsoft Internet Information Server (IIS) that may allow remote attackers to view directory structures, view and delete files, execute arbitrary commands, and deny service to the server. It is possible for attackers to craft URLs that take advantage of a flaw in IIS URL decoding routines. Security mechanisms within these routines can be bypassed. All recent versions of IIS are affected by this vulnerability.

tags | remote, arbitrary
SHA-256 | 0678361f10357557833b2a2d33b82e84b3523cf921e44d95ea0e3d806abb98d1
Posted May 17, 2001
Authored by Bruce Schneier, crypto-gram | Site counterpane.com

Crypto-gram for May 15, 2001. In this issue: Defense Options: What Military History Can Teach Network Security, Part 2, The Futility of Digital Copy Prevention, Microsoft and the Window of Vulnerability, and Safe Personal Computing.

tags | cryptography, magazine
SHA-256 | 20b338b599dd4ab17ef2a4948a8fbd99759076f754f8239a9958eb784470405a
Posted May 17, 2001
Site cert.org

CERT Advisory CA-2001-12 - A serious vulnerability in Microsoft IIS allows remote intruders to execute commands on an IIS web server, as discussed in ms01-026. This vulnerability closely resembles a previous vulnerability in IIS that was widely exploited.

tags | remote, web
SHA-256 | 2cadddd3da04743c36a3a52741d938f5153d72e781d14f364e28bbc175735689
Posted May 17, 2001
Site suse.de

SuSE Security Advisory SuSE-SA:2001:17 - The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root.

tags | arbitrary, root
systems | linux, suse
SHA-256 | 182161b3dc70f9a7f132c01181274899f16022e0ba9631a637b6a2153c99ffd9
Posted May 17, 2001
Site nsfocus.com

NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system commands with IUSER_machinename account privilege. Exploit URL's included.

tags | exploit, arbitrary, cgi
SHA-256 | 1f24fde1bac96def60ac10c00a6e82940ada309470835ba73f5d78b25c6f6fec
Posted May 17, 2001

Microsoft Security Advisory MS01-026 - Three new vulnerabilities have been found in Microsoft IIS 5.0. The first allows remote attackers to execute commands in the security context of the IUSR_machinename account. A vulnerability that could enable denial of service attacks against the FTP service due to wildcard expansion has also been patched. Finally, a vulnerability that could make it easier for an attacker to find Guest accounts that had been inadvertently exposed via FTP. If an attacker preceded an account name with a particular set of characters, the FTP service would search the domain, and all trusted domains, for the user account. Microsoft FAQ on these issues available here.

tags | remote, denial of service, vulnerability
SHA-256 | d77ab68c2a8150465e70f464962e49e04844999e9c5b8e255fb11f56de603c88
Posted May 17, 2001
Authored by vade79, realhalo | Site realhalo.org

Netscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.

Changes: Bugs fixed.
tags | tcp, protocol
systems | unix
SHA-256 | 370f649ee79d2c9dd8db41d1bf9d7410ab467e9b1096c33cd4873ec6f1f516cb
Posted May 17, 2001

ICQ 2000b Beta v4.65 Build #3281 crack for all features. Shows all IP's in your contact list, allows you to add anyone to your contact list, removes advertising, and disables auto update.

SHA-256 | ce40ed3e4d4851332151e0d5d064a4d3f686c4aaf35cfa75bc3d0e00444d3a34
Posted May 17, 2001
Authored by Nijen Rode

Juno-z.101f.c is an improved rewrite of juno.c which is faster and better, employing state of the art tcp technologies.

tags | denial of service, tcp
SHA-256 | 7034741d8df76e307162a2b879428d8089adfc23f40fc52c888726ad41f960f5
Posted May 17, 2001
Authored by Xbud

Acadsoft's webcgi98.exe displays the full path to the binary in an error message.

tags | exploit
SHA-256 | 87a2492754de406640b736c27877e5fea0ea2bf16f000790a41c42110d3365f5
Posted May 17, 2001
Site redhat.com

Red Hat Security Advisory RHSA-2001:067-03 - The minicom program allows any user with local shell access to obtain group uucp privileges due to format string bugs. It may also be possible for the malicious user to obtain root privileges as well.

tags | shell, local, root
systems | linux, redhat
SHA-256 | 697cd3fe3544adc24391407f06963c01210253ec84199b9233c9afe9546204f5
Posted May 17, 2001
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Developed test for latest IIS Directory Traversal, Developed test for IIS password backdoor, Upgraded CIM test for latest exploits, Added test for bugzilla vulnerabilities, improved test for the IIS 5.0/Windows 2000 vulnerability, and fixed bugs.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 1773ac5c19b2ece1d35851a543e2197c342aa77896350fe30acc84b7519bf4ec
Internet Security Systems Security Advisory May 9, 2001
Posted May 17, 2001
Site xforce.iss.net

ISS X-Force has discovered a buffer overflow in the ?rpc.espd? component of the Embedded Support Partner (ESP) subsystem. ESP is installed and enabled by default on all current SGI IRIX installations.

tags | remote, overflow, root
systems | irix
SHA-256 | 6326566a243bd93810f222cdd5171dd79f90bd2adba15b8689aaae8416431796
Posted May 17, 2001

Microsoft Security Advisory MS01-025 - Two unrelated security vulnerabilities have been found in Microsoft Index Server 2.0. The first vulnerability is a buffer overrun vulnerability in the function that processes search requests which allows attackers to run arbitrary code in the local system security context. The second vulnerability affects both Index Server 2.0 and Indexing Service in Windows 2000, and is a new variant of the "Malformed Hit-Highlighting" vulnerability discussed in here.

tags | overflow, arbitrary, local, vulnerability
systems | windows
SHA-256 | 3198907bcdcc3310a7e0a8bb17d0f7fdfe4d34ec2aa1ba99035ba45dd3f53704
Page 1 of 1

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By