Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
732e3e74f77ebd64d1be72f860691364496a6715edd0d0138eaa48142e8c84eaAtstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cffusion news version 3.6.1 suffers from a cross site scripting vulnerability.
07b9114c6be93d2a72107d897f00b8babaed58d52cb211a2d2743aa4f7c9241cBGP proof of concept denial of service utility that sends out a RST flood to BGP connection providing the attacker has already gained knowledge of the source port and sequence number.
75724ddc4871b67567b3d2d9ff51b68836f03a08c024e4bc90e759626c5b7c21Modified version of Cisco CIAG's TCP Test Tool ttt. This tool can generate TCP segments with arbitrary values for any field in the IP or TCP headers. A TCP payload can be added to the segment by specifying the file with the payload in the command line or by passing the payload via standard input.
85937f14166961edbc2d383ef7c718a74f2104a135efc9f5ccdea7b8e5f99e2eSample proof of concept exploit that demonstrates the TCP vulnerability discovered by Paul A. Watson. Some modifications done by J 'Swoop' Barber.
11a7a7653ba15bc40afd9339cc9f0e30434a339fb299c237f1e64007169ff8b5Sample proof of concept exploit that demonstrates the TCP vulnerability discovered by Paul A. Watson.
2d800d6c605ec72633700b84acf2706bfd9096969a1bf194fabef7a5ea6a6f69Full whitepaper by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks.
cfaa0ce13321f28319146cd6d78716b3070bbd92fc6e664a8864fa197b70c817Powerpoint presentation by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks. This presentation was original given at CanSecWest 2004.
4f85642177fadaf502f5453c60487ed284954f6cd7b7bd287b3cc64afdcc4ec0ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
e3ed1252d1de488e55ed83468cd7c5e7a075127bf4e4068eb9c0dd2a012d6225Technical Cyber Security Alert TA04-111A - Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.
87abe76f79966ccb0bb1d2db57638d4e04e2229bc713af44e5c5bafb11865668Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
d511b6649e9c78a8c2e0580652f9d33e7008057e96e858832a7d310952457f8dFastream NETFile FTP / HTTP server version 6.5.1.980 is susceptible to a denial of service attack due to an inability to handle nonexistent user names.
7a918b18be4ac3e89f1a6794b51f7f8ce6d09ea60998588455815475b42a5848iDEFENSE Security Advisory 04.15.04: Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Universal Server could allow an attacker to restart and potentially disable the server.
d9720ba97e1371a9d1b64d17280617faeb9cbdb6482942a346d2b79a8c358328Security Corporation Security Advisory [SCSA-028]: Nuked-KlaN versions b1.4 and b1.5 allows for directory traversal attacks and global variable overwriting.
61a637daf1513ba208db6fc8145428152db635c02705b2f1d85a0fcd7bb18c37THCIISSLame version 0.2 IIS 5 SSL remote root exploit. Uses a connect back shell.
5ad43a71b7b21cf163e484398cd12888807b5ff949adbd1a23b2639a8c2f060fProof of concept exploit for the Unreal engine developed by EpicGames which has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters.
acf47cd35c604868941f36761ff485936586e453b380f23a94c790cf4a995f84The Unreal engine developed by EpicGames has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters. Using a standard directory traversal attack, an attacker is able to go outside of the game's directory to overwrite any file in the partition on which the game is installed.
b7c2785d4faefd54426965a43736ed37eceabddb772050c4cd01af7d52910f68PostNuke 0.726 Phoenix is susceptible to multiple path disclosure and cross site scripting vulnerabilities.
2421cfda93e82828c31ba0e759ac8a875641a6177c67906a0428a997b7c95c75eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
ebcdad08b6b5b55406cc6abe44da9de0baab72d3294fc53e632ae9a3567d1e68The phprofession 2.5 module for PostNuke is susceptible to path disclose, cross site scripting, and possible SQL injection attacks.
f1afb06444f45b473086acaefc01e5542aee6857caf546dc7aeb916bde1b06e2Advanced Guestbook web application version 2.2 is susceptible to a SQL injection attack.
7a3fb78927cf75c8430152863d12821dcc4b50c274835342578b8d7e3568556eCisco Security Advisory: Multiple IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
513dcad61402067ff6f1ce77e2333e1108e77dfc05e313aed735a6bc1cc3b0d1Cisco Security Advisory: Multiple non-IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
1da90ca3d68fef3adfb34db4d985c7e1973f4cc86524368143e427e344a95bc7ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
1f6d5158b3b2f6cbffbb524101d23ac947bad8924aad86c9097b29cb9a97583f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed