what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed


Posted Nov 13, 2002
Authored by Riley Hassell | Site eEye.com

Eeye Advisory - Both Macromedia Coldfusion 6.0 and Macromedia JRun 4.0 along with their prior versions are vulnerable to various heap overflows when handling URI filenames larger than 4096 bytes..

tags | overflow
SHA-256 | 90b2b823b8a467f8fa059878b381391c6e1fa419031b09b61b9981944581ebd7

Related Files

Posted May 4, 2004
Authored by Karl Lynn | Site eeye.com

eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Apple's QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. Versions affected are Apple QuickTime 6.5 and Apple iTunes

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2004-0431
SHA-256 | 23422f64bc4e7a74941faa7d950894e64994663ccbfd1bcf7dc0f7fbb51a6548
Posted Apr 28, 2004
Authored by Karl Lynn | Site eeye.com

eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Symantec Client Firewall products for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP packets.

tags | advisory, remote, denial of service, tcp
systems | windows
advisories | CVE-2004-0375
SHA-256 | 145ded9725a9da33875b70d37b0748495d13246a5489f58b4d40c3b08b3d3e92
Posted Apr 22, 2004
Authored by Drew Copley | Site eeye.com

eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.

tags | advisory, remote
SHA-256 | ebcdad08b6b5b55406cc6abe44da9de0baab72d3294fc53e632ae9a3567d1e68
Posted Mar 19, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - A critical vulnerability has been discovered in the PAM component used in all current ISS host, server, and network device solutions. A routine within the Protocol Analysis Module (PAM) that monitors ICQ server responses contains a series of stack based buffer overflow vulnerabilities. If the source port of an incoming UDP packet is 4000, it is assumed to be an ICQ v5 server response. Any incoming packet matching this criterion will be forwarded to the vulnerable routine. By delivering a carefully crafted response packet to the broadcast address of a network operating RealSecure/BlackICE agents an attacker can achieve anonymous, remote SYSTEM access across all vulnerable nodes.

tags | advisory, remote, overflow, udp, vulnerability, protocol
SHA-256 | c6c0d8948e71c161a5add829f745ebab0f86413f58d23225b1380cf524cb01c0
Posted Feb 27, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in both RealSecure and BlackICE. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This attack will succeed with BlackICE using its most paranoid settings.

tags | advisory, remote, arbitrary
SHA-256 | 93cd5a0b4754b466a9453652642e3208192566bab669f59e2f78794309c03ac3
Posted Feb 19, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - Zonelabs Pro/Plus/Integrity versions 4.0 and above are susceptible to a stack based buffer overflow within vsmon.exe that can be exploited to execute code with the context of the SYSTEM account. The vulnerability exists within the component responsible for processing the RCPT TO command argument.

tags | advisory, overflow
SHA-256 | a0725e7ec08055483e5b54ac2703231057838074d0fb3f3ce1007b83e9fe049d
Technical Cyber Security Alert 2004-41A
Posted Feb 11, 2004
Authored by US-CERT | Site cert.org

CERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | windows
SHA-256 | d15efbcc2142bc5ef34ae1dde8178035fc9aac8c3983d2d7ee7acf880431603c
Posted Feb 11, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).

tags | advisory, arbitrary, udp, tcp, protocol
systems | windows
SHA-256 | 8815b9231e3ce56295d951ce888973253d6699e1085fcffeabace7cd8f1ce3df
Posted Feb 11, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).

tags | advisory, arbitrary, activex
systems | windows
SHA-256 | 1de333b1ddd32e19f140c70af8d8745df36130a84594833d58298734c09ce432
Posted Sep 11, 2003
Authored by Barnaby Jack | Site eEye.com

eEye Digital Security has discovered a critical remote vulnerability in the way Microsoft Windows handles certain RPC requests. A vulnerability exists within the DCOM (Distributed Component Object Model) RPC interface. Sending a malformed request packet, it is possible to overwrite various heap structures and allow the execution of arbitrary code. Note: this vulnerability differs from the vulnerability publicized in Microsoft Bulletin MS03-026.

tags | advisory, remote, arbitrary
systems | windows
SHA-256 | f689147bd2508bf3e6d1fbd617e83c294c0b6a73992a8551f67234a00531c929
Posted Aug 26, 2003
Authored by Drew Copley | Site eEye.com

eEye Advisory - There is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed almost all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a web page as silently and as easily as Internet Explorer parses image files or any other safe HTML content. Version affected: Microsoft Internet Explorer 5.01, 5.5, 6.0, and 6.0 for Windows Server 2003.

tags | advisory, remote, web, trojan, activex
systems | windows
SHA-256 | dd79f9814eb5b13d2de07d11deb7d6f23493a7bf6e0bf540ffc5293f0568e45c
Posted Jan 25, 2003
Authored by Riley Hassell | Site eEye.com

Eeye Advisory - The "SQL Sapphire" worm is spreading quickly among unpatched Microsoft SQL Server 2000 pre SP 2 systems on the internet with are accessible over port 1434 udp. Includes a detailed analysis of the worms payload.

tags | worm, udp
SHA-256 | 1fd78f476cf00ccc0de6101ec49913f97a341524cce0732945250de296f1ea4c
Posted Dec 14, 2002
Authored by eEye Digital Security | Site eEye.com

EEye Security Advisory - During a review of the PNG image format implemented in Microsoft Windows, pngfilt.dll, serious vulnerabilities were discovered related to the interpretation of PNG image data. The more serious bug is a heap overflow which can be exploited to execute code when the malicious PNG image is viewed. IE 5.01-6.0 is vulnerable, along with the IE web control for Outlook, Access 2000, Backoffice, Microsoft Visual Studio .NET 2002, Office 2000, Office XP pro, Project 2002 Professional, Publisher 98, SNA Server 4.0, SQL Server 7.0, Visio 2002, Visual Basic .NET Standard 2002, Visual C, Visual C++ .NET Standard 2002, Visual FoxPro 7.0, Visual Studio 6.0, Windows 2000, Windows 95, Windows 98, NT, and XP. Microsoft advisory is ms02-066.

tags | advisory, web, overflow, vulnerability
systems | windows
SHA-256 | f11b994b879980c3165d71f5cef07811d6d5feb5f65c16286a58a35a2b0cacf3
Posted Aug 9, 2002
Authored by Riley Hassell | Site eEye.com

Eeye Security Advisory - iPlanet Web Server 4.1 and 6.0 contains a remotely exploitable heap overflow in the transfer chunking which allows remote code execution as SYSTEM/root on all platforms.

tags | remote, web, overflow, root, code execution
SHA-256 | d2375ece94681f4833e85dbe34daf64ab6bdd23cbce71013a58fa28a9d8b5fae
Posted Aug 9, 2002
Authored by Marc Maiffret | Site eEye.com

Eeye Advisory - All versions of Macromedia Shockwave Flash for Windows and Unix contains remotely exploitable overflows in the handling of SWF files. Since this is a browser based bug, it makes it trivial to bypass firewalls and attack the user at his desktop. Also, application browser bugs allow you to target users based on the websites they visit, the newsgroups they read, or the mailing lists they frequent.

tags | overflow
systems | windows, unix
SHA-256 | ef61f5c7bb22a7f1570c610ede3c3d279065fdc8c0930aa34c2231c4cd2e2ea9
Posted Jul 11, 2002
Authored by Marc Maiffret | Site eEye.com

Eeye Advisory - The NAI PGP Outlook plug-in in NAI PGP Freeware 7.0.3, PGP Personal Security 7.0.3, and PGP Desktop Security 7.0.4 contains a remotely exploitable heap overflow which can lead to code execution. NAI patch available here.

tags | overflow, code execution
SHA-256 | e7216236aa140bde90e0b6a185d4054a32eb6585e3527ebacfa7d3f1141d1b94
Posted Jun 13, 2002
Authored by eEye Digital Security | Site eEye.com

Eeye Advisory - IIS 4.0 and 5.0 for Windows NT and 2000 contain a remotely exploitable heap overflow which allows remote code execution. The bug is in transfer chunking in combination with the processing of HTR request sessions.

tags | remote, overflow, code execution
systems | windows
SHA-256 | 48ccb83f54a8646059f912592e5f6d519b887ca5833838d10ec76f21014b6fa0
Posted May 13, 2002
Authored by eEye Digital Security, Drew Copley | Site eEye.com

A buffer overflow vulnerability has been found by eEye in the parameter handling of the MSN Messenger OCX and can allow remote code execution on affected systems.

tags | remote, overflow, code execution
SHA-256 | 76df0e68a796ea743a0cc568c84f1055d8df681f7945e0a436d49f5ed4e21b47
Posted May 3, 2001
Site eeye.com

Eeye Security Advisory - Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access). Affects Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1. The vulnerability arises when a buffer of aprox. 420 bytes is sent within the HTTP Host: header for a .printer ISAPI request. Successful attacks are not logged in the IIS access logs.

tags | remote, web, overflow
systems | windows
SHA-256 | 823ece01e6bb14f8b3fbea2b4d268322ebb462e32c5dedd81802824820639ecf
Posted Apr 25, 2001

NMAP NT - eEye originally developed Nmapnt for Windows NT/2000 and had made it available in the past for download. Recently, eEye security no longer makes this program available and there does not seem to be any mention of anywhere else. No installation needed. Requires packet capture drivers, available here.

tags | tool, nmap
systems | windows, unix
SHA-256 | 9ef4874e10534cb7a123df8e2da277b5b26d25f6239b7af35874824068d68b8d
Posted Feb 14, 2001
Site xforce.iss.net

ISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.

tags | remote, web, arbitrary, cgi, php, vulnerability
systems | cisco, linux, windows, solaris, suse
SHA-256 | cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06ccc
Posted Sep 1, 2000
Site ussrback.com

USSR Advisory #52 - Clarification. To clear up a few comments about USSR Advisory #52. One regarding the DoS against Iris 1.01 "BETA", and the other regarding "in this case Eeye".

SHA-256 | d896e26836e7ab23f58fb1922907ce3ec2c70631df59172b191a984429cad68d
Posted Sep 1, 2000
Site ussrback.com

USSR Advisory #52 - The Ussr Team has found a problem in Eeye IRIS 1.01, There is a heap memory buffer overflow in IRIS 1.01 that causes not only this network sniffing program to crash, but also to take system resources up to 100% usage, until it crashes. The vulnerability arises after sending multiple udp connection to random ports on the host that IRIS or SpyNet CaptureNet is running.

tags | overflow, udp
SHA-256 | e25834b44f953097671edf9008a232d79595b71f52b4a93e91e5a6cea8335b80
Posted Jun 29, 2000
Authored by Prizm

Wingate.py is a dos exploit for Qbik wingate 3.0. Connects to tcp port 2080 and sends 2000 characters, causing all wingate services to crash. Origional bug found by eEye.

tags | exploit, tcp
SHA-256 | afd3c1b45990cec90d6d28919ea835f444a7fef236f733a9dc69806fde9832f3
Posted Sep 23, 1999


SHA-256 | 75296fecb26152a52ce6f1a407ca4f483e0f650876e01f1ed6aab6c41f3e99a5
Page 4 of 4

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By