exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2003-10-16 to 2003-10-17

Posted Oct 16, 2003
Authored by Salman Niksefat

A cross site scripting vulnerability in Microsoft Hotmail allows access to mailboxes via malicious Javascript in conjunction with cookie hijacking.

tags | advisory, javascript, xss
SHA-256 | 8c363ce3f59df1c9afd05297d48999353d73fd24fdf58a30707f45ba78d08d9a
Posted Oct 16, 2003
Authored by Cesar Cerrudo

Security Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.

tags | advisory, overflow, local, activex
systems | windows
SHA-256 | 3123057a0e33003e32d0c1dcbd81e7c68fe2683392807470c9f4cf6b670e203b
Posted Oct 16, 2003
Authored by Brett Moore SA | Site security-assessment.com

Original research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.

tags | advisory, overflow
systems | windows
SHA-256 | afe2bc49b17ee13959bb70c510b9169e409491f6f6bef971239d00a18a2e3d4f
Posted Oct 16, 2003
Site sco.com

SCO Security Advisory - SCO OpenServer 5.0.5, 5.0.6, and 5.0.7 has had multiple vulnerabilities discovered in Xsco. One matches the command line parameter -co hole discovered in Xsun and another allows any local user with X access to gain read/write access to a shared memory segment.

tags | advisory, local, vulnerability
advisories | CVE-2002-0158, CVE-2002-0164
SHA-256 | ea73d1607ecb515aa8682e89e65246b5b258aa25a485244028e85ae2567906ae
Posted Oct 16, 2003
Authored by millhouse

Remote irc2.10.3p3 denial of service exploit that makes use of a bug in channel.c that occurs when handling a specially crafted JOIN command.

tags | remote, denial of service
SHA-256 | 18f6234073b0b9e3dee6ac4c1f1e73da9b5b1b8677fc854041399955b816fd70
Posted Oct 16, 2003
Site cert.org

CERT Advisory CA-2003-27 - A number of vulnerabilities in both Microsoft Windows and Microsoft Exchange have been discovered with multiple bugs giving privilege escalation and remote command execution.

tags | advisory, remote, vulnerability
systems | windows
SHA-256 | ff6a783884bf7c388fa7d2f7cad1b147a397dc5ac7727f0a5675739263ee03f6
Posted Oct 16, 2003
Authored by Oliver Karow

A cross site scripting vulnerability still exists in the newest Bajie HTTP server release even though the vendor had previously been notified of the problem.

tags | advisory, web, xss
SHA-256 | afd73509b2de1d74bbb351c867f4a67c715af98358cb09eecca456e2cef6a03e
Posted Oct 16, 2003
Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Several vectors exist that can be used by attackers to make use of a stack based buffer overflow in the PCHealth system of Microsoft Windows 2003 Server and Windows XP.

tags | advisory, overflow
systems | windows
SHA-256 | c81ad70663b2e59cb57828827eb771305b054a927731a366ef5652bb7951ced6
Posted Oct 16, 2003
Authored by Vic Abell

Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It is useful for pinpointing which process is using each network socket. FAQ available here.

Changes: Fixes for OpenBSD, FreeBSD, and NetBSD including support for FreeBSD 5.1-CURRENT, adds support for Solaris 10 and Mac OX X 10.3.
tags | tool, intrusion detection
systems | unix
SHA-256 | 685b9f1f8c1b4ffdbfcc19572bebe0bc7fb0eede0941dc2487104f697d0dc696
Posted Oct 16, 2003
Authored by Proxy Labs | Site proxylabs.netwu.com

ProxyCap enables users to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers. It can be told which applications will connect to the Internet through a proxy and under what circumstances. This is done through a user friendly interface, without the need to reconfigure any clients. ProxyCap provides a flexible rule system and allows the end user to define their own tunneling rules. ProxyCap version 2.0 introduces support for UDP-based networking clients, optional remote name resolution, and more detailed Session Logs.

tags | remote, web, udp
SHA-256 | 955595f2ed4b778a945d78593dbeefda0de9d1d42408ab9706f4df9481290aac
Posted Oct 16, 2003
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

tags | imap, library
SHA-256 | e88ced3e42ae119f22add4abbcff00bd89582b885b582bf3f436dfe84f5865ea
Posted Oct 16, 2003
Authored by Kain | Site sourceforge.net

CA Web Helper is a helper Web application written in PHP and Perl to maintain a local Certificate Authority based on OpenSSL. It provides the ability to view issued certificates, issue new certificates, and revoke compromised certificates.

tags | web, local, perl, encryption, php
SHA-256 | df95e269a2b79839edcf5ec6b212766f8540bd3e0f7b457a77b2885a9fbc430d
Posted Oct 16, 2003
Authored by posidron | Site tripbit.org

105 byte size shellcode that executes: setuid(), setgid(), mkdir(), chroot(), chdir(), chroot(), execv(), exit(). ASM code and syscall table are included.

tags | shellcode
SHA-256 | 2d9d05332ebda5bbdce4419ae67090617a9ffcd128b5e47e8ef0c3798f7e4dc3
Posted Oct 16, 2003
Site microsoft.com

Microsoft Security Advisory MS03-045 - An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000.

tags | advisory
systems | windows
SHA-256 | 3e04277031dbf6e921a7be196d8aa8db1e8dd4091520cec139a0bc50d571abbd
Posted Oct 16, 2003
Site microsoft.com

Microsoft Security Advisory MS03-047 - Microsoft Exchange Server 5.5, Service Pack 4, suffers from a cross site scripting attack due to the way Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form.

tags | advisory, web, xss
SHA-256 | 643e2eb1f2bd8cf2e8d911578d71880652aaaa6792f3f3d48d274526d86d308b
Posted Oct 16, 2003
Site microsoft.com

Microsoft Security Advisory MS03-046 - A denial of service condition exists in Exchange Server 5.5 that can be exploited by a remote attacker and Exchange 2000 Server suffers the same denial of service and a buffer overrun that can result in an attacker running malicious programs.

tags | advisory, remote, denial of service, overflow
SHA-256 | a4bd78fe81913c5ffb36cde25380d71fa9f5143f19724c585b5983d3ddab8b04
Posted Oct 16, 2003
Authored by STE Jones | Site NetworkPenetration.com

Network Penetration conducted a survey at the start of 2003 to check the status of the United Kingdom's DNS infrastructure. This paper discusses the second run of what was tested, the results, some sample zone transfers, and recommendations.

tags | paper, protocol
SHA-256 | 31dc371eb671d823d16aa2224c769ef3802e82eb0154f61065f3def5701be8f0
Posted Oct 16, 2003
Site DigitalPranksters.com

The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.

tags | exploit, denial of service, cgi
SHA-256 | f1c0300dc00e219b8dbc03dbdfde2f6bb99cf9e08b84db923315190b4e59337b
Posted Oct 16, 2003
Authored by error

Simple notes on how to exploit GAIM via the festival plugin that was written quite poorly.

tags | exploit
SHA-256 | 4ff6480817604dff4307edce42b3b214d5c319bf340fadc144ba47a1476fb3c8
Posted Oct 16, 2003
Authored by Lorenzo Hernandez Garcia-Hierro | Site nsrg-security.com

ColdFusion servers suffer from a SQL injection vulnerability due to cross site scripting.

tags | advisory, xss, sql injection
SHA-256 | cd0a66f33d0eaf7647128be1451bcfa6c41612b461d14ff1bc9da61edf1e61a3
Posted Oct 16, 2003
Site microsoft.com

Microsoft Windows Security Bulletin Summary for October 2003 that covers MS03-041, the vulnerability in Authenticode Verification that could allow remote code execution, MS03-042, the buffer overflow in ActiveX that could allow code execution, MS03-043, the buffer overrun in its Messenger Service, and MS03-044, the buffer overrun in the Windows Help and Support Center.

tags | advisory, remote, overflow, code execution, activex
systems | windows
SHA-256 | 6ee2879ff2ee6b1aa64c128110f8d70f6d04ceea10bbe444626b4a36bd99172e
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By