what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2002-04-11

iis.isapi.htr.txt
Posted Apr 11, 2002
Authored by Peter Grundl

Microsoft IIS 4.0 and 5.0 contains a buffer overrun condition in the isapi extension that handles .htr extensions that allows attackers to crash the service and/or execute arbitrary code on the server. A flaw in ism.dll which handles files with the .htr extension is the cause of this vulnerability. Microsoft advisory on this vulnerability here.

tags | overflow, arbitrary
SHA-256 | d27278de1182e49dc003e21db2c36a8adea55112733bdca6d516e9cfd57786bf
iis.w3svc.dos.txt
Posted Apr 11, 2002
Authored by Peter Grundl

A flaw in internal object interaction allows malicious users to bring down Internet Information Server 4.0, 5.0 and 5.1 with FP2002. Frontpage contains URL parsers for dynamic components (shtml.exe/dll). If a malicious user issues a request for /_vti_bin/shtml.exe where the URL for the dynamic contents is replaced with a long URL, the submodule will filter out the URL, and return a null value to the web service URL parser, crashing IIS. Microsoft advisory on this vulnerability here.

tags | web
SHA-256 | 2c7f22d92ba1efc6894fb32573cb90993ce6539d8792aa6eb6822d2b40b8c827
iis.asp.overflow.txt
Posted Apr 11, 2002
Authored by Marc Maiffret | Site eEye.com

A vulnerability in the ASP (Active Server Pages) ISAPI filter, loaded by default on all NT4 and Windows 2000 server systems (running IIS), can be exploited to remotely execute code of an attackers choice. Example which causes an application error included. Microsoft advisory on this vulnerability here.

tags | exploit, asp
systems | windows
SHA-256 | 4e83e6b8e01187a334ff07545a457cce7fd15e5e451d031b026e792361bb9d42
ms02-018
Posted Apr 11, 2002

Microsoft Security Advisory MS02-018 - IIS 4.0, 5.0, and 5.1 contains Ten new vulnerabilities, some of which allow remote code execution. Microsoft FAQ on this issue available here.

tags | remote, vulnerability, code execution
SHA-256 | 56ea569316e19654541134d5ca36c500f06a0822f56a57f9452fcb4f23429c0e
Atstake Security Advisory 02-04-10.1
Posted Apr 11, 2002
Authored by Atstake, Dave Aitel | Site atstake.com

Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.

tags | remote, overflow, code execution
systems | windows
SHA-256 | d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddca
ftester-0.6.tar.gz
Posted Apr 11, 2002
Authored by Andrea Barisani

The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom marked packets, while the sniffer listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall. An IDS (Intrusion Detection System) testing feature is also available and snort rule definition file can parsed instead of the standard configuration syntax, ftest can also use common IDS evasion techniques. Stateful inspection firewall and IDS can be handled by the 'connection spoofing' option. Requires: Net::RawIP, Net::PcapUtils, Net::Packet.

Changes: Added the IDS testing option, added the ability to read snort rule definition files, added the ability of using common IDS evasion techniques, consult Changelog for details.
tags | tool, perl, spoof, firewall
systems | unix
SHA-256 | d39186c256dabcb09d9cd1b8421b0520a52fc1c0e2215856e19eea91a5412c06
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close