iDEFENSE Security Advisory 03.19.04: Exploitation of default file permissions in Borland Interbase can allow local attackers to gain database administrative privileges. The vulnerability specifically exists due to insecure permissions on the admin.ib user database file. Local attackers can add or modify existing accounts to gain administrative privileges.
b71f1e19f5d04a562354ac69ff0c4e4809b8054067ce74ebf7ae83fa5306c438
smbprint insecurely writes to files in /tmp allowing for a symbolic link attack. Full details on exploitation included.
5f8fabd4db56afb335dc8f91646c031c7ae3fbc783d0d675174bdc907f203a29
Internet Explorer and Explorer.exe can be crashed when a null pointer exception occurs during a shell: call with a double backslash for a filename.
e6a8af3cb27b9431ff48b3e871cc42063063123890dc7539a0dde1e45344aba8
NGSSoftware Insight Security Research Advisory #NISR19042004b - Symantec's Norton Internet Security 2004 Professional makes use of an ActiveX component that is marked safe for scripting, particularly WrapUM.dll. Using the LaunchURL method an attacker has the ability to force the browser to run arbitrary executables on the target.
11d31d97538a7637add15397dc05b7907d588a0e9216c80ae9fa4a9502a8ba11
NGSSoftware Insight Security Research Advisory #NISR19042004a - Installed with Symantec's Norton AntiSpam 2004 product is an ActiveX component that is marked safe for scripting, particularly symspam.dll. However, when the method LaunchCustomRuleWizard is called with an overly long parameter, an attacker can cause a stack based overflow allowing for arbitrary code execution.
b73892705e2a76c1e0de0b2b6bf520d003b24ba8a85ea693d80dca4775212c39
Exploit that performs an attachment spoofing demo for Eudora versions 6.0.3 and below.
0c214a6830a6b38f208d91c88ccce9d0df221e499a4b82c10d438246c122aa6b
eEye Security Advisory - A critical vulnerability has been discovered in the PAM component used in all current ISS host, server, and network device solutions. A routine within the Protocol Analysis Module (PAM) that monitors ICQ server responses contains a series of stack based buffer overflow vulnerabilities. If the source port of an incoming UDP packet is 4000, it is assumed to be an ICQ v5 server response. Any incoming packet matching this criterion will be forwarded to the vulnerable routine. By delivering a carefully crafted response packet to the broadcast address of a network operating RealSecure/BlackICE agents an attacker can achieve anonymous, remote SYSTEM access across all vulnerable nodes.
c6c0d8948e71c161a5add829f745ebab0f86413f58d23225b1380cf524cb01c0
The admin service on Mac OS-X, which runs on port 660, has a buffer overflow vulnerability.
482c55a3dd124804fd01164bf03aea33dfda82b3251f554ad7338459e27e23d4
Remote exploit that causes a server crash in Chrome versions 1.2.0.0 and below.
dcf8df6f24acf38d664322e4c28369904c5ff6469a4572a3985c4476cc1af158
Chrome versions 1.2.0.0 and below allow for reading and writing into allocated memory resulting in a server crash.
c118fcc08c222f28213ddc5a22bf1c4b4784f736134f761325a8cedb02c3edcc
Some amusing flaws in Hotmail.com allows for credential theft.
36c149ffb66c8fd45646c4c58eb4976dbea678cc3ed3634af594e00d8731dca8
Multiple vulnerabilities exist in the Error Manager version 2.1 for PhpNuke 6.0. One of them allows for script injection in error logs, forcing an administrator to execute code when viewing the logs.
a4a51f7f7381f1fabc7424da2fa85a5bf60ad1a8a9b6826e3cae1904aa25c303
Pentest Limited Security Advisory - The RealNetworks Helix 9 Server allows for an authenticated attacker to submit malformed HTTP POST requests against the Administration server to trigger a buffer overflow and execute arbitrary code. Affected versions: Helix Universal Mobile Server and Gateway 10, version 10.1.1.120 and prior; Helix Universal Server and Gateway 9, version 9.0.2.881 and prior.
ec765fef32af92bfd91131b904f9e23f6d9eccca366c8270c0af828f68f1a4aa
Network Packet Capture Facility for Java is a set of Java classes that provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. It utilizes libpcap, a widely used system library for packet capture.
616e1a7278e241b405b39db8e0ff62f4f9ccbbda0582e4bdc109ed2e29eaa6fb
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
2781c7cbee9342367097c8e7d61785123565352fdea144ec9583010cd86d8705
Eckbox is van Eck phreaking software. It interprets a radio signal emanating from a computer's monitor to recreate the image (in black and white) that is displayed on it. This could be used as a valuable security tool for testing otherwise secure computers, or for developing hardware and software to counter this type of remote shoulder-surfing.
923a9b9725768fc60114e3872ce73b0ba8939bb1bde838bafdfaffb18cc792d3
FLAG, or Forensic and Log Analysis GUI, is an application designed to assist IT security professionals with analyzing log files, tcpdump files and hard disk images for forensic evidence. It utilizes Ethereal and Sleuthkit.
c4d0d549ab071f75b8bbb61a9f2dfbeafe9f2de40633f3fd05de71d0564452f2
Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.
8eb6eb368f0e71e8e7902aa2cfc8b0c464ecf8ba31a0903265d0bebd2b7e92fb
PAM Lockout Module is used to lock out users or groups from access to the machine. The module only supports authentication queries, and the command line arguments are used to pass the names of the locked out users and groups.
bf1c67b3f1ae9919c19c093509b6013c34d6c0826326c7b54b3e7698a6e67eab
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with Sendmail 8.11/8.12's new "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
e973fe7cfd99980f3d6280d11e82d65c04339fe2ff66b7a5af620a8fb59bb543
Cisco Security Advisory 20040317 - A new vulnerability in the OpenSSL implementation for SSL has been announced. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
42b7301b69fb615efdd79960fe4a0a79c2e23d757d2404a1777bb41cce77e433
OpenSSL Security Advisory - A Null-pointer assignment during an SSL handshake can result in a denial of service. Versions 0.9.6c to 0.9.6k and 0.9.7a to 0.9.7c are affected by this issue. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected by another vulnerability in the handling of Kerberos ciphersuites that can cause OpenSSL to crash. Patches are attached to the advisory.
74e5edb8b95d18badf28cf2d243789474aa52058185bcdddde38d9e1318f98b5
PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.
fb0bbfeaadbd58d619c24ee87dd0140c31f995df5bbf874802ab65ece9d08f64
S-Quadra Advisory #2004-03-15 - ModSecurity 1.7.4 for the Apache 2.x webserver series is vulnerable to a remote off-by-one overflow that allows for arbitrary code execution. Version 1.7.5 has been released to address this issue.
46914b1d1e2b2200f173555807ff77394e863e8d79257fe7862682dac2771be0
The Mambo Open Source web content management system version 4.5 stable 1.0.3 and earlier suffers from multiple vulnerabilities including cross site scripting, SQL injection, and query tampering.
eb69cdd423873abc07892485078b6e9b2d11df2891ed76993754c49b73c5c23c