Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
732e3e74f77ebd64d1be72f860691364496a6715edd0d0138eaa48142e8c84ea
Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cf
fusion news version 3.6.1 suffers from a cross site scripting vulnerability.
07b9114c6be93d2a72107d897f00b8babaed58d52cb211a2d2743aa4f7c9241c
BGP proof of concept denial of service utility that sends out a RST flood to BGP connection providing the attacker has already gained knowledge of the source port and sequence number.
75724ddc4871b67567b3d2d9ff51b68836f03a08c024e4bc90e759626c5b7c21
Modified version of Cisco CIAG's TCP Test Tool ttt. This tool can generate TCP segments with arbitrary values for any field in the IP or TCP headers. A TCP payload can be added to the segment by specifying the file with the payload in the command line or by passing the payload via standard input.
85937f14166961edbc2d383ef7c718a74f2104a135efc9f5ccdea7b8e5f99e2e
Sample proof of concept exploit that demonstrates the TCP vulnerability discovered by Paul A. Watson. Some modifications done by J 'Swoop' Barber.
11a7a7653ba15bc40afd9339cc9f0e30434a339fb299c237f1e64007169ff8b5
Sample proof of concept exploit that demonstrates the TCP vulnerability discovered by Paul A. Watson.
2d800d6c605ec72633700b84acf2706bfd9096969a1bf194fabef7a5ea6a6f69
Full whitepaper by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks.
cfaa0ce13321f28319146cd6d78716b3070bbd92fc6e664a8864fa197b70c817
Powerpoint presentation by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks. This presentation was original given at CanSecWest 2004.
4f85642177fadaf502f5453c60487ed284954f6cd7b7bd287b3cc64afdcc4ec0
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
e3ed1252d1de488e55ed83468cd7c5e7a075127bf4e4068eb9c0dd2a012d6225
Technical Cyber Security Alert TA04-111A - Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.
87abe76f79966ccb0bb1d2db57638d4e04e2229bc713af44e5c5bafb11865668
Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
d511b6649e9c78a8c2e0580652f9d33e7008057e96e858832a7d310952457f8d
Fastream NETFile FTP / HTTP server version 6.5.1.980 is susceptible to a denial of service attack due to an inability to handle nonexistent user names.
7a918b18be4ac3e89f1a6794b51f7f8ce6d09ea60998588455815475b42a5848
iDEFENSE Security Advisory 04.15.04: Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Universal Server could allow an attacker to restart and potentially disable the server.
d9720ba97e1371a9d1b64d17280617faeb9cbdb6482942a346d2b79a8c358328
Security Corporation Security Advisory [SCSA-028]: Nuked-KlaN versions b1.4 and b1.5 allows for directory traversal attacks and global variable overwriting.
61a637daf1513ba208db6fc8145428152db635c02705b2f1d85a0fcd7bb18c37
THCIISSLame version 0.2 IIS 5 SSL remote root exploit. Uses a connect back shell.
5ad43a71b7b21cf163e484398cd12888807b5ff949adbd1a23b2639a8c2f060f
Proof of concept exploit for the Unreal engine developed by EpicGames which has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters.
acf47cd35c604868941f36761ff485936586e453b380f23a94c790cf4a995f84
The Unreal engine developed by EpicGames has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters. Using a standard directory traversal attack, an attacker is able to go outside of the game's directory to overwrite any file in the partition on which the game is installed.
b7c2785d4faefd54426965a43736ed37eceabddb772050c4cd01af7d52910f68
PostNuke 0.726 Phoenix is susceptible to multiple path disclosure and cross site scripting vulnerabilities.
2421cfda93e82828c31ba0e759ac8a875641a6177c67906a0428a997b7c95c75
eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
ebcdad08b6b5b55406cc6abe44da9de0baab72d3294fc53e632ae9a3567d1e68
The phprofession 2.5 module for PostNuke is susceptible to path disclose, cross site scripting, and possible SQL injection attacks.
f1afb06444f45b473086acaefc01e5542aee6857caf546dc7aeb916bde1b06e2
Advanced Guestbook web application version 2.2 is susceptible to a SQL injection attack.
7a3fb78927cf75c8430152863d12821dcc4b50c274835342578b8d7e3568556e
Cisco Security Advisory: Multiple IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
513dcad61402067ff6f1ce77e2333e1108e77dfc05e313aed735a6bc1cc3b0d1
Cisco Security Advisory: Multiple non-IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
1da90ca3d68fef3adfb34db4d985c7e1973f4cc86524368143e427e344a95bc7
ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
1f6d5158b3b2f6cbffbb524101d23ac947bad8924aad86c9097b29cb9a97583f