exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

ms00-035
Posted Jun 16, 2000

Microsoft Security Bulletin (MS00-035) - Patch Available for "SQL Server 7.0 Service Pack Password" vulnerability. Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0 Service Packs 1 and 2 installation routine. With some configurations, the routines record the administrator password in plain text to a log file, where by default it can be read by anyone who can read files on the server. Microsoft FAQ on this issue available here

SHA-256 | feb39363e4c4679149374ad9863858d555f192a8400d62b6ce7e2f4b909afa2c

Related Files

ms03-051
Posted Nov 14, 2003
Site microsoft.com

Microsoft Security Bulletin MS03-051 - This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
SHA-256 | a64a5bca634bcd946c38df1abd14ced1ff623dc64459d7b7e57a6a36c3f219f5
ms03-050
Posted Nov 14, 2003
Site microsoft.com

Microsoft Security Bulletin MS03-050 - A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. Another security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | 2e65329c134cc1472436bf1dfa5a13a48429afbcc0aa286c1a69fd0eec83e2c5
ms03-049
Posted Nov 14, 2003
Site microsoft.com

Microsoft Security Bulletin MS03-049 - A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

tags | advisory, remote, code execution
SHA-256 | 2ebf3e9a6635c0389c71cb5892f6c16f50e7ee7d9b2ac16950fd17ef4028aea8
ms03-048
Posted Nov 14, 2003
Site microsoft.com

Microsoft Security Bulletin MS03-048 - A cumulative update patch has been released for Internet Explorer that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following five newly-discovered vulnerabilities.

tags | advisory, vulnerability
SHA-256 | dfc29d27adae94c6b106aaaf9545a35d4b5a7adc9870d2ce88bb70b85d0bef8c
MS03-045
Posted Oct 16, 2003
Site microsoft.com

Microsoft Security Advisory MS03-045 - An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000.

tags | advisory
systems | windows
SHA-256 | 3e04277031dbf6e921a7be196d8aa8db1e8dd4091520cec139a0bc50d571abbd
ms03-047
Posted Oct 16, 2003
Site microsoft.com

Microsoft Security Advisory MS03-047 - Microsoft Exchange Server 5.5, Service Pack 4, suffers from a cross site scripting attack due to the way Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form.

tags | advisory, web, xss
SHA-256 | 643e2eb1f2bd8cf2e8d911578d71880652aaaa6792f3f3d48d274526d86d308b
ms03-046
Posted Oct 16, 2003
Site microsoft.com

Microsoft Security Advisory MS03-046 - A denial of service condition exists in Exchange Server 5.5 that can be exploited by a remote attacker and Exchange 2000 Server suffers the same denial of service and a buffer overrun that can result in an attacker running malicious programs.

tags | advisory, remote, denial of service, overflow
SHA-256 | a4bd78fe81913c5ffb36cde25380d71fa9f5143f19724c585b5983d3ddab8b04
ms03-007
Posted Mar 17, 2003
Site microsoft.com

Microsoft Security Advisory MS03-007 - A critical buffer overflow vulnerability in Windows 2000's WebDAV protocol allows remote code execution via IIS as the LocalSystem user. This vulnerability is being exploited in the wild. URLScan, a part of the IIS Lockdown Tool, will block this attack.

tags | remote, overflow, code execution, protocol
systems | windows
SHA-256 | 228598fd496fa3d0bbdf98a8f5094d8923d56e083bc7b109b4eca59861da6d9d
ms02-071
Posted Feb 12, 2003
Site microsoft.com

Microsoft Security Advisory MS02-071 Version 2.0 - The Windows message WM_TIMER allows local users to execute code with LocalSystem privileges, giving the attacker complete control over the system.

tags | local
systems | windows
SHA-256 | 00eb8126d183ba4ca4e54a096a5e82c52b2c665d7641910e0cf9d5577da523e6
ms03-005
Posted Feb 5, 2003
Site microsoft.com

Microsoft Security Advisory MS03-005 - A buffer overflow in the Windows XP Windows Redirector allows local users to gain increased privileges provided they are able to log onto the system interactively.

tags | overflow, local
systems | windows
SHA-256 | 8bfdb49825e91a5de6549e055b50782a186b046a126f241d61d6f888147ccc6d
ms03-004
Posted Feb 5, 2003
Site microsoft.com

Microsoft Security Advisory MS03-004 - A large patch for IE 5.01, 5.5, 6.0 has been released which fixes two newly discovered vulnerabilities, one of which allows malicious web sites to execute remote code on client browsers by misusing a dialog box. A cross-domain vulnerability in Internet Explorer's showHelp() functionality can be tricked into invoking executables already present on a user's local system, downloading malicious code onto a user's local system, and allowing attackers to download users data.

tags | remote, web, local, vulnerability
SHA-256 | b362e647344b3d8fd63fe7d03e850546c8bde19ce683f1a987e257d371541666
NISR29012003.txt
Posted Jan 30, 2003

NGSSoftware Security Advisory NISR29012003 - There is a remotely exploitable buffer overflow vulnerability in the Microsoft RPC (Remote Procedure Call) Locator Service. This vulnerability, which especially affects Windows Domain Controllers, has been fixed by Microsoft and patch information can be found in Microsoft security advisory MS03-001.

tags | advisory, remote, overflow
systems | windows
SHA-256 | a2a3c79f201bcc9cccb987fb64883826f91e927d2436724e71aa37f834e00fdb
ms03-003
Posted Jan 27, 2003
Site microsoft.com

Microsoft Security Advisory MS03-003 - A flaw in how Outlook 2002 handles V1 Exchange Server Certificates causes Outlook to sometimes accidently sends messages in plain text even though it tells the user it has been sent encrypted.

SHA-256 | 5268f1316955e4d3d27b9cd497735fe01c5636da127e8c3646195213ab851658
ms03-001
Posted Jan 25, 2003
Site microsoft.com

Microsoft Security Advisory MS03-001 - A buffer overflow in the Microsoft Windows Locator Service in Windows NT, 2000, and XP allows remote attackers to execute commands on Windows 2000 and NT domain controllers by default, and any other server which has the locator service enabled.

tags | remote, overflow
systems | windows
SHA-256 | 5e5ba03153b589c0275c98e4d61e201733836557a267dfc1f55554c12a2f6cc2
ms02-072
Posted Dec 24, 2002
Site microsoft.com

Microsoft Security Advisory MS02-072 - The Windows Shell has a serious buffer overflow in the routine that extracts attribute information from audio files which allows remote attackers to execute code with privileges of the user if you move your mouse pointer over an evil mp3 or wma file on a website, HTML email, or windows share. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email.

tags | remote, overflow, shell
systems | windows
SHA-256 | d86a95f6a915a23475420a215b6ed7ac33bc04fa7b4378da86a89d551b5dec4e
ms02-070
Posted Dec 12, 2002
Site microsoft.com

Microsoft Security Advisory MS02-070 - A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP enables attackers to silently downgrade the SMB Signing settings on an affected system, causing either or both systems to send unsigned data regardless of the signing policy the administrator had set. Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. Doing this, the attacker can take actions such as adding users to the local Administrators group or installing and running code of his choice on the system.

tags | local
systems | windows
SHA-256 | 96e6063a616fc74df791bacd1467819287ac6ed0f6d2d0080f21a501e53a28ea
ms02-069
Posted Dec 12, 2002
Site microsoft.com

Microsoft Security Advisory MS02-069 - Eight serious vulnerabilities were discovered in Microsoft VM which allow remote code execution via HTML email and malicious web pages.

tags | remote, web, vulnerability, code execution
SHA-256 | f4af9d4c01a18e7ea7461b5d3985e9a101361a16870c806c84743c038cceefab
ms02-068
Posted Dec 5, 2002
Site microsoft.com

Microsoft Security Advisory MS02-068 - This is a cumulative patch for Internet Explorer 5.5 and 6.0 which includes all previous patches and a new one to fix a flaw in Internet Explorer's cross-domain security model which allows a website in one domain to access information in another, including the user's local system. Exploiting the vulnerability could enable an attacker to read any file on the users computer. In addition, the attacker could invoke an executable already present on the system. This vulnerability can be exploited via email or web page.

tags | web, local
SHA-256 | f9652f1cc78d6779742cc557433ca8ba1e8f1b60a890eb8f0b439d57a95d7967
ms02-067
Posted Dec 5, 2002
Site microsoft.com

Microsoft Security Advisory MS02-067 - A vulnerability exists in Outlook 2002 in its processing of e-mail headers allows remote attackers to crash the mail reader. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server.

tags | remote
SHA-256 | 7ba0d0ae3667f10901c30100fca8fae5fd814cfbe87554a001045ad5d0a8fd2f
ms02-066
Posted Nov 30, 2002
Site microsoft.com

Microsoft Security Advisory MS02-066 - Six new vulnerabilities were discovered in IE 5.01, 5.5 and 6.0 including a three bugs that allow remote attackers to view any file on the system or run executables, a PNG buffer overrun, information disclosure, read temp files with cookie info.

tags | remote, overflow, vulnerability, info disclosure
SHA-256 | 7b641110114c4f1ba5bb73219dd4dd18037c8aba3c6209c9dab0787223b9a130
ms02-65
Posted Nov 24, 2002
Site microsoft.com

Microsoft Security Advisory - Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution. Both web servers and web clients are at risk from the vulnerability: Web servers are at risk if a vulnerable version of MDAC is installed and running on the server. To exploit the vulnerability against such a web server, an attacker would need to establish a connection with the server and then send a specially malformed HTTP request to it, that would have the effect of overrunning the buffer with the attacker's chosen data. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context). Web clients are at risk in almost every case, as the RDS Data Stub is included with all current versions of Internet Explorer and there is no option to disable it. To exploit the vulnerability against a client, an attacker would need to host a web page that, when opened, would send an HTTP reply to the user's system and overrun the buffer with the attacker's chosen data. The web page could be hosted on a web site or sent directly to users as an HTML Mail. The code would run in the security context of the user.

tags | web, overflow, code execution
SHA-256 | 6befe459e6dbfe443c23c4464aabd9bce1694963db34252a389d0b9e741f1db4
ms02-063
Posted Oct 31, 2002
Site microsoft.com

Microsoft Security Advisory MS02-063 - A buffer overflow in all versions of Windows PPTP are vulnerable to remote denial of service attacks.

tags | remote, denial of service, overflow
systems | windows
SHA-256 | 69f968bef7b630c760fbaebfa34c8219f97c8b1b1cca60d818d60cd5ecf60db7
ms02-062
Posted Oct 31, 2002
Site microsoft.com

Microsoft Security Advisory MS02-062 - Four vulnerabilities have been found in Microsoft IIS 4.0, 5.0, and 5.1 which allow privilege elevation, denial of service, bypass upload permissions, and cross site scripting on the admin page.

tags | denial of service, vulnerability, xss
SHA-256 | a2967ba6e1a6b2fd057c457e3dbcd833166beca202b663b0c1b4e92306d95694
ms02-064
Posted Oct 31, 2002

Microsoft Security Advisory MS02-064 - On Windows 2000, the default permissions provide the Everyone group with Full access on the system root folder (typically, C:\). In most cases, the system root is not in the search path. However, under certain conditions - for instance, during logon or when applications are invoked directly from the Windows desktop via Start | Run - it can be, allowing users to make trojans that other users execute.

tags | root, trojan
systems | windows
SHA-256 | 1216c825445c9a208c39bc93c9c94e146553beb71516ba0e00744b827f2d5645
ms02-061
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-061 - Microsoft SQL Server 7.0 and 2000 contain stored procedures which allow low privileged users who are able to authenticate to a SQL server to delete, insert or update all the web tasks created by other users. In addition, the attacker can run already created web tasks in the context of the creator of the web task, usually the SQL Server Agent service account.

tags | web
SHA-256 | b64e0c0e18bee283ad6b70b6b0638fbfd75ccd565bbd4d21fec435e3209cbf49
Page 3 of 4
Back1234Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close