Microsoft Security Advisory MS01-060 - SQL Server 7.0 and 2000 have several vulnerabilities. Some allow remote code execution while others are denial of service attacks. An attacker could exploit the vulnerabilities in either of two ways. The most direct way would be for the attacker to simply load and execute a database query that calls one of the affected functions. Alternatively, if a web site or other database front-end would accept and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call an affected function with the appropriate parameters. Microsoft FAQ on this issue available here.
0530d56484cb8b2a5215cdfe4eb3ed9d93faf7299a0ea4afaab538a52aa688f5Microsoft Security Advisory MS01-059 - Two unrelated buffer overflows have been found in the Microsoft UPnP service. A overflow in the NOTIFY directive allows remote attackers to execute arbitrary code. The second vulnerability crashes the machine. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed. Microsoft FAQ on this issue available here.
a44bee6a9162db8db90b17837abd4cad322825fb0c509ebb1aad45b1e928b6ccThe Firewall Tester consists of two simple perl scripts, the client part (ftest.pl) and the listening "daemon" (ftestd.pl). The client injects custom marked packets, while the daemon listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall.
53aba6a00e93b66c9d0092c9704525d2851c6e2f20d70e521e5046590cf7376dSec is a free and platform independent event correlation tool that was designed for network and application management, but it can be applied for solving any other task where similar event correlation operations are relevant. Since sec uses powerful regular expression concept for matching input and also supports named pipes as input files, it can not merely be used for matching events from a single logfile, but also for more general purposes. You can integrate sec with arbitrary network management (or other) application, provided that output from that application can be directed to a named pipe, which most modern network management platforms provide. Written in perl, works on Unix and Windows. FAQ here.
207a4804d03e2d8b75b7babeaa2ffa17d2483ed2719354c92c2d8ed7e76345ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed