what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed


Atstake Security Advisory 00-12-04.1
Posted Dec 6, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120400-1 - IIS 4.0/5.0 Phone Book server buffer overrun vulnerability. The Phone Book Service was created by Microsoft to help provide dial in services to the corporation and ISPs. As part of the functionality of the service when users dial in their client software can be configured to download phone book updates from a web server. The ISAPI application that serves the update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can allow the execution of arbitrary code or at best crash the Internet Information Server process, inetinfo.exe.

tags | web, overflow, arbitrary
SHA-256 | 7822463a0e0c98a33b81e6be0d33e5d289f446c0bcfff7a90e516e33823ba258

Related Files

Atstake Security Advisory 03-01-06.1
Posted Jan 6, 2003
Authored by Ofir Arkin, Atstake | Site atstake.com

Atstake Security Advisory A010603-1 - Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest method to implement this attack is to send ICMP packets and watch for kernel memory in the replies. PDF report on this issue available here.

tags | kernel
SHA-256 | 08e892f8893b2271d8dd4a438785fa2838ad83e1bafff8e9b8f1aa5864ceb555
Atstake Security Advisory 02-10-28.1
Posted Oct 29, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.

tags | web, denial of service, vulnerability
systems | windows
SHA-256 | a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8
Atstake Security Advisory 02-09-10.1
Posted Sep 11, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A091002-1 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.

tags | web, overflow, arbitrary, local, activex
systems | apple
SHA-256 | 67fa04ee26e8153f5ebac2a4e8afbc94afbd217f0c2391f6d6bcc01b0c137578
Atstake Security Advisory 02-08-28.1
Posted Aug 29, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.

tags | web, overflow, local, activex
SHA-256 | 56359c9b96a1991a0e4e4ca0c9bcd9337adab1526626b1bdc5b1cae7f982e8e1
Posted Aug 26, 2002

Programming instructions for many, many cell fones

tags | bbs
SHA-256 | 423d53315b97b5dded1e54f673dfdd6b7e08292fa6f2c3f520263b9c6105b16f
Atstake Security Advisory 02-08-16.1
Posted Aug 21, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.

systems | windows
SHA-256 | e5fefbae46a457866facd5d4caafcae07329a7508e7d9764de60f72b741eb0ba
Atstake Security Advisory 02-08-08.1
Posted Aug 9, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A080802-1 - WS_FTP server v3.1.1 for Windows NT/2000/XP contains a buffer overflow that allows remote users to execute code when they change their password. Since the WS_FTP Server is running as a service, an attackers code will be executing as SYSTEM.

tags | remote, overflow
systems | windows
SHA-256 | 217640519642343dd537e34149f73960fd350a4359bf54a02275a74e046990c7
Posted Jul 15, 2002
Site atstake.com

Atstake Security Advisory - Several vulnerabilities found in Pingtel Xpressa SIP VoIP phones model PX-1 v1.2.5- can lead to the disclosure of user credentials, the hijacking of calls, unauthorized access on phone devices and much more. Pingtel released a workaround that can be used by affected customers, available here.

tags | vulnerability
SHA-256 | 137c467df7a52e511bc1a0959f6c9113896a816a356cc78d4266270c84c5e3e0
Atstake Security Advisory 02-06-05.1
Posted Jun 5, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.

tags | vulnerability
SHA-256 | 6c550edb79304b779ac8aac4982d3ad3e6fb9a08a6d7394b3520dc74a6e1c066
Atstake Security Advisory 02-04-10.1
Posted Apr 11, 2002
Authored by Atstake, Dave Aitel | Site atstake.com

Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.

tags | remote, overflow, code execution
systems | windows
SHA-256 | d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddca
Atstake Security Advisory 00-12-01.1
Posted Dec 3, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120100-1 - Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowing an attacker to gain complete control of the server. In situations where the SQL Server is protected by a firewall, it may still be possible to launch this attack through a connecting web server - though this depends on how secure the web server's application is. Proof of concept code available here.

tags | web, overflow, arbitrary, vulnerability, proof of concept
SHA-256 | 7a62c36595e25982e5eb61be78940b169d48a8771ddd9252d29796af5fbdf890
Atstake Security Advisory 00-12-01.2
Posted Dec 3, 2000
Authored by Atstake | Site atstake.com

Atstake Security Advisory A120100-2 - This advisory details multiple vulnerabilities in Microsoft SQL Server 2000 that allow an attacker to run arbitrary code on the SQL server in the context of a local administrator account. SQL Server provides a mechanism by which a database query can result in a call into a function called an "extended stored procedure". Several extended stored procedures supplied with SQL Server 2000 are vulnerable to buffer overflow attacks. Furthermore, in a default configuration these extended stored procedures can be executed by any user. Proof of concept code available here.

tags | overflow, arbitrary, local, vulnerability, proof of concept
SHA-256 | ec739fab767d599a0ee58f32f2ff762f3b6dfc21601af5994abc47bc96a9b5ec
Posted Dec 3, 2000
Authored by Asynchro | Site pkcrew.org

A-Snif is a simple packet sniffer, for learning.

tags | tool, sniffer
SHA-256 | 68ca08c3d245a3407496e7357066f73bae641a99f872879772ea1639cea1f8dc
Posted Oct 31, 2000
Authored by David Goldsmith, Brian Carrier, Rex Warren | Site atstake.com

Atstake security advisory - This advisory describes a vulnerability that exists in Cisco Systems Virtual Central Office 4000 (VCO/4K). There is a vulnerability in the SNMP interface that allows an attacker to enumerate username and obfuscated password pairs for the Telnet interface. Since the obfuscation method used on the passwords is reversible, administrative access to the VCO/4K can be obtained. Perl proof of concept exploit included.

tags | perl, proof of concept
systems | cisco
SHA-256 | 7efd12964efef16b759d3fcdb2af9a30829c39d81b2e68ec5426c943032bfa96
Posted Oct 19, 2000
Authored by Silicosis | Site atstake.com

Atstake Security Advisory (updated) - iPlanet's iCal, a multiplatform calendaring server, introduces a number of vulnerabilities to the system in which it is installed on. These vulnerabilities, ranging from poor file permissions to insecure programming practices allow local attackers to obtain root access, and remote attackers to monitor keystrokes. Includes obtain-ics.sh, a simple proof of concept local exploit.

tags | remote, local, root, vulnerability, proof of concept
SHA-256 | 9cb5d1d8417dd354b9437abf1dbd4e8347b3b25d0144afcd99dc883675a69423
Posted Oct 5, 2000
Authored by Mnemonix | Site atstake.com

Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.

tags | web, asp
SHA-256 | f2562bfaf09eac881c34bf6c3fc7b51eb464aca2b3cb81446d72d5bf1fc82e7c
Posted Sep 28, 2000
Authored by Kingpin | Site atstake.com

Atstake Security Advisory - PalmOS Password Retrieval and Decoding. Severity: Moderate. PalmOS offers a built-in Security application which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. Passwords can easily be obtained and decoded allowing an attacker to access all private records on a Palm device.

systems | palmos
SHA-256 | 605b134f485bfa1453bdfd428bc29ebf0cd76aa76b8b91cd4a84f25e95ed0c2d
Posted Sep 13, 2000
Site atstake.com

Atstake Security Advisory - Netegrity's SiteMinder is a web access control product for Solaris and Windows NT that implements various authentication mechanisms to protect content on websites. Due to an error in SiteMinder's URL parsing, it is possible for an attacker to bypass the authentication phase and view protected web pages directly.

tags | web
systems | windows, solaris
SHA-256 | e0d3f793315991d1bfe7a1596da57ae4a879f58a9bf6b103ecee5c49798552b3
Posted Sep 23, 1999


systems | unix
SHA-256 | b5084c4fab6d27541633dce4f24de21f5304c8b8793035ba0ec75d79f3b8de39
Posted Sep 23, 1999


tags | worm
SHA-256 | 0eef36b3b599dfff5a0ca736c908037dddf16aa457e980620dcdae01656e455e
Posted Sep 23, 1999


tags | worm
SHA-256 | 5084d51bc3bded2184ea94403c6cd86b76e5b0e2eb025e1508852f00a09127a7
Posted Sep 23, 1999


tags | worm
SHA-256 | b002afbf32b67dafef5063116d9fa14600cd1eca4de71346ccfcdda68c95460b
Posted Sep 23, 1999


SHA-256 | d9c6d44f3f296bc95cd36e3e1889a38a2a28052643c15acdbfc327c90b4611ef
Posted Sep 23, 1999


tags | trojan
SHA-256 | 3a82d417b951d6e36665d077268e28a4b657a1966f80a724e6fca839b12bb0e3
Posted Sep 23, 1999


SHA-256 | c9e7413c992cc1e4c93637b2abb0fad6845c37be3ed75d84005947895ce5a969
Page 3 of 4

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By