what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2000-09-15 to 2000-09-16

iss.summary.5.8
Posted Sep 15, 2000
Site xforce.iss.net

ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.

tags | java, remote, shell, cgi, perl, spoof
systems | linux, windows, solaris, irix
SHA-256 | dbd64db221e040e05a4a342ac92b13566073a9300c9dab57446e955bb03abca1
RWSaverBust.zip
Posted Sep 15, 2000
Authored by Ratware

Ratware Win9x Screen Saver Buster V1.0 is a tool for busting into a Win9x PC that has a screen saver/password active. It needs to be cut to a CD, inserted into the said PC, and works by exploiting the autoplay 'feature' to disable the screen saver password.

systems | windows
SHA-256 | de5070973877b690376cd0a7f8d2f68967e44b5937dbd2e0a931da3f9790940e
Dicgen.zip
Posted Sep 15, 2000
Authored by ERADiCATOR/Ceara Ratz

Dicgen is dictionary file creator (DOS). Easy to use interface and options, extremely fast, introduce any variables and generate any combination type.

tags | cracker
SHA-256 | d69065531ce0222954fb71dfbd43b14019f092e9c3a9a6628a3560fe53adbad3
anomy-sanitizer-1.26.tar.gz
Posted Sep 15, 2000
Authored by Bjarni R. Einarsson | Site mailtools.anomy.net

The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.

Changes: Fixed a bug which caused HTML to be sanitized in message headers, fixed a problem with inline uuencoded attachments, added protection against empty boundary string attacks against Exchange Server 5.5.
tags | trojan, perl, javascript, virus
systems | unix
SHA-256 | 4d888f7c5d870834786ac56bbf31e9cf1ca887eb473edd991af711feaca1454a
win_2000.telnet.tgz
Posted Sep 15, 2000
Authored by Monti

The Windows 2000 Telnet client can be launched via email or browser and automatically passes NTLM authentication credentials to a telnet server. Proof of concept exploit includes a modified telnet server which causes the w2k telnet client to auto authenticate and prehash-ntlm.c which can be used to launch a dictionary attack against a retrieved hash.

tags | exploit, proof of concept
systems | windows
SHA-256 | 82b52ace068cc6c157c2910a941a5a36a69ebeed844d0b304468d6b56322c0ae
MultiHTML.txt
Posted Sep 15, 2000
Authored by Niels Heinen

MultiHTML (/cgi-bin/multihtml.pl)is a CGI script which has a vulnerability allowing remote users to read any file on the webserver.

tags | exploit, remote, cgi
SHA-256 | 228cf3036d6dc675782ffe1ed3fbd4cb7b47b8d64048d18536d2852fc1ee1bf8
rhsa.2000-058-03.screen
Posted Sep 15, 2000
Site redhat.com

Red Hat Security Advisory - A format string vulnerability in screen allows local users to become root.

tags | local, root
systems | linux, redhat
SHA-256 | fbe251f1e57a3cb4b5b8f284908e9ea7fa5d667c99923f7076fcb88238394338
A091400-1
Posted Sep 15, 2000
Site atstake.com

@Stake Advisory A091400-1 - The Windows 2000 telnet client, which relies upon NTLM authentication protocol, may be launched via email or a browser and automatically attempts to authenticate with any host it contacts without prompting the user for any information. A malicious user can crack the authentication to reveal passwords.

tags | protocol
systems | windows
SHA-256 | d63b34ce08b67e84a7afc686404bb3ed7594cb084d9f40027342b4ccc5f90b9b
FreeBSD Security Advisory 2000.44
Posted Sep 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.

tags | root
systems | freebsd
SHA-256 | 0b1c8c3842f449349927b566da8941978ab4a1c327fb2fcd41431a8cdad32fdf
coding-with-the-dns-protocol.txt
Posted Sep 15, 2000
Authored by JimJones | Site zsh.interniq.org

Coding with the DNS protocol v2 - Includes DNS basics, How to decode DNS packets by hand, Parsing DNS replies, advanced DNS techniques, and DNS Security Mechanisms. Well written, contains lots of in depth information and example code.

tags | paper, protocol
SHA-256 | 4dd89f0ca3b69db69a2564df1a08db8f2c87d8bfc8d824966fcf1f0bf5dd7a76
sambar-http.txt
Posted Sep 15, 2000
Authored by Dethy | Site synnergy.net

Sambar Server 4.4 Beta 3 and below for WinNT, Win95 OSR2, (possibly Linux affected) contains a vulnerability which allows remote users to browse the filesystem of the webserver. Fix available here.

tags | exploit, remote
systems | linux, windows
SHA-256 | 682efe87f41f4ff59f349e51db891761fcbe069277019c774fc845c93fc2a01d
Sending Fakemail
Posted Sep 15, 2000
Authored by Kaox

Very basic guide to sending fakemail.

tags | paper
SHA-256 | 72db9f6e0f8c3a4da67938ab2b7a8ed1eac95751b1b2e9798b10b3332da5ac55
vtgrab-0.1.2.tar.gz
Posted Sep 15, 2000
Authored by Tim Waugh | Site people.redhat.com

UNIX/misc/vtgrab-0.1.2.tar.gz 0 Vtgrab is a utility for monitoring the screen of another machine. It only works for text consoles.

systems | unix
SHA-256 | 3c76542dbc1025ef88f44906d8ca9b17c650ad589b2d46159cc16485f1e5f504
set23.zip
Posted Sep 15, 2000
Authored by set | Site thepentagon.com

Saqueadores Edicion Tecnica Issue #23 (En Espanol) - Features articles on RPC hacking, MIPS R2000, electronics, an interview with Mixter, Domino tips & hacks, ADSL.

tags | magazine
SHA-256 | d0cc3fdcb8aa9fc96cb1cab73987347d4f0466e3c09409b2cfb7a4d0b61bba71
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close