Allaire Security Bulletin (ASB00-16) - Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0. The vulnerability could allow a malicious user to run a database stored procedure without proper permissions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
c09e5fa63dd1b5c76a1b94a54a56022ab41e099dbb5740045e1926ea083d38b7Allaire Security Bulletin (ASB00-17) - Microsoft has released an updated patch that eliminates a security vulnerability in Microsoft(r) SQL Server 7.0. The vulnerability could allow a malicious user to compromise passwords. The updated patch also addresses a related problem with the Enterprise Manager Server registration dialog. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
45bdfbf288ce1e1b06c8bbe8ccaaebc5b0132ebd6d4186bd64a18981ea7c1281L0pht Security Advisory - Rainbow Technologies' iKey 1000 contains vulnerabilities which allow an attacker to login as administrator and access all private information stored on the device with no detection by the legitimate user. The attack requires physical access to the device and a EEPROM programmer. Includes a proof of concept tool, iSpy, which retrieves and displays configuration data for the inserted iKey and displays ll public and private data.
b09f4d1b30cd7023b8dba22307ee8935b43313f10168392ba0b354ee1febc1d5L0pht Security Advisory - Passwords can be easily decrypted by exploiting NetZero's encryption algorithm. Includes proof of concept code to decode the password stored in jnetz.prop.
18ccbc25607e0b2335bd76b829e896cac1e0716922f3dfbdd160e52c8cc11c82Instructions for Sendmail and Postfix to stop messages with long Date: headers.
0a78732b5488a64a94bdb50e95db3aa08911ecb7b7737f1988d5d3fc12311f30Red Hat Security Advisory - The rpc.statd daemon in the nfs-utils package shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in. Version 0.1.9.1 of the nfs-utils package corrects the problem.
653a35dcfe3d06dfd62cbe3afd4bedf3c6d4ac497815a8a2e19ee973990845d4Best Practices for Secure Web Development is intended as a guideline for developing secure web based applications. Includes basic web security practices, cross-site scripting, PKI, code review, and more.
7c1777b2da1020b5231acda0e2c833637f7afda2f1a49469e972503425b1bc6cNapalm Magazine issue #6 - In this issue: Security Hole in Veritas Volume Manager, Security Certification (CISSP), IPsec Crash Course (part 1), OS Detection with ARP, UNIX Lesson 1, BBS List, and URL's.
a5a77e4ed131792c2e4f79c9cc6574ba1ff5c8c6ac8846d52a6864af1cbfc0c3bd.pl is a backdoor written in perl which sits on port 33556 by default, requires a password, and unsets the history environment variables.
1c5d8d2842c81db357d15533c0b4ab88013b89b5b556a2e3cb9494eb5e8e9a38WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each.
f66747fe1c3efb7f98a0b76e20c56baf2efea4d7adf3ae8f603bfb1fcc4364e6fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000.
1985383a8c4a1bd9fdb9bde3638a6dc40d228e18f469aee8d932cdeec65324e4Weekly Newsletter from Help Net Security Issue 23 - 24.07.2000 - Covers weekly roundups of security related events. In this issue: Roxen v2.0.68 vulnerability, Local INN vulnerability, Outlook Persistant mail-browser link, Outlook malformed Email header vulnerability, O'Reilly Website Professtional overflow in webfind.exe, Ikey 1000 problems, HP Jetdirect FTP dos, Remotely Exploitable buffer overflow in Outlook, New encryption regulations, ACLU Challenge to Carnivore, First Autocad virus, Linux Distribution Security Report, Passive Fingerprinting, To Build a Honeypot, Auditing your Firewall Setup, and more.
ed0317e9c9ddb128a467dfc27e6de6e2a1b635e7f27a3b2e4b24e5f145e2ea73Microsoft Security Bulletin (MS00-050) - Patch Available for "Telnet Server Flooding" vulnerability. A remote denial of service vulnerability has been discovered in the Telnet Server that ships with Microsoft Windows 2000. The denial of service can occur when a malicious client sends a particular malformed string to the server. Microsoft FAQ on this issue available here.
bba34b7eee04c58ecad1b77e6d0506c48a99cbdb0ac1fe88c3e79a1b3bc9cc0cPassive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups.
2f7dee6b0a712a2ec0f4773b51daa24e069086bc2dbc73ffb50a9d1c4ccfdca7phpDistributedPortScanner is a Web-based distributed TCP portscanner which uses plain PHP to perform distributed portscans against a single host. You can add new nodes just by uploading a tiny PHP script onto a Web server and adding a line to your master script to use it. Nodes are used in parallel and support multiple "threads" per node to increase your speed. It is portable and doesn't require shell access to use.
1c49f7b9da92d7a66903e494bea560d54e18954e889992ee27386d188b2a0b17Virtual FTPD v6.4 is a secure FTP daemon which is derived from the OpenBSD ftp daemon and can allows virtual FTP accounts which do not have an /etc/passwd entry.
f92531e5dd84ba4031e283de97b474f29d03d61be5a82618cc1dfbec141ce93cForm Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer.
0a106d313f4d701240d2c353c6d13d94bd56cd95675b225e91644c39bf674c86Click Responder v1.02 remote exploit - spawns an xterm from the victim computer.
641649b9d5e09cdbd6153ff158fd12a709fc05ea1502c9ebc1c2a9a2d2e706b7bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm.
8bef063aa4f8a6099294506a682482551cb6e76ed05df104f7d8cd504ab6d562AlienForm2 remote cgi exploit - Spawns an xterm from target machine.
0f1c6a0e6f0f4c3ce24670e4260bc91a1fbb65613853982bf45a8ba4a3f01572bnbform.cgi v4.0 and below remote exploit - reads any file on the system.
f8545048ece8ca8481bfdc18a36d3918bf84ddc084afd0240f23a03690f02408Plague creates an environment that is capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.
d0c697c299afbe79b68c6fc88129c5152681cdea9beda495f35458857831f64eSnort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
b21e0c7cd4490e8f8b3298322e233f20a446833d396d1dbf1425841070a3a518UDPer is a logic bomb written in ASM for Windows which floods a victim with packets at a certain date.
51b9a0b285efad03f7affe599d3191b523a7c8d338e58191576976773663182a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed