Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.
ca8fa585c5c12890f30e767074ee9e77851c6c136557059afdae4911aeae24fdAtstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.
a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8Atstake Security Advisory A091002-1 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.
67fa04ee26e8153f5ebac2a4e8afbc94afbd217f0c2391f6d6bcc01b0c137578Atstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.
56359c9b96a1991a0e4e4ca0c9bcd9337adab1526626b1bdc5b1cae7f982e8e1Programming instructions for many, many cell fones
423d53315b97b5dded1e54f673dfdd6b7e08292fa6f2c3f520263b9c6105b16fAtstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.
e5fefbae46a457866facd5d4caafcae07329a7508e7d9764de60f72b741eb0baAtstake Security Advisory A080802-1 - WS_FTP server v3.1.1 for Windows NT/2000/XP contains a buffer overflow that allows remote users to execute code when they change their password. Since the WS_FTP Server is running as a service, an attackers code will be executing as SYSTEM.
217640519642343dd537e34149f73960fd350a4359bf54a02275a74e046990c7Atstake Security Advisory - Several vulnerabilities found in Pingtel Xpressa SIP VoIP phones model PX-1 v1.2.5-1.2.7.4 can lead to the disclosure of user credentials, the hijacking of calls, unauthorized access on phone devices and much more. Pingtel released a workaround that can be used by affected customers, available here.
137c467df7a52e511bc1a0959f6c9113896a816a356cc78d4266270c84c5e3e0Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.
6c550edb79304b779ac8aac4982d3ad3e6fb9a08a6d7394b3520dc74a6e1c066Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.
d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddcaAtstake Security Advisory A120400-1 - IIS 4.0/5.0 Phone Book server buffer overrun vulnerability. The Phone Book Service was created by Microsoft to help provide dial in services to the corporation and ISPs. As part of the functionality of the service when users dial in their client software can be configured to download phone book updates from a web server. The ISAPI application that serves the update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can allow the execution of arbitrary code or at best crash the Internet Information Server process, inetinfo.exe.
7822463a0e0c98a33b81e6be0d33e5d289f446c0bcfff7a90e516e33823ba258Atstake Security Advisory A120100-1 - Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowing an attacker to gain complete control of the server. In situations where the SQL Server is protected by a firewall, it may still be possible to launch this attack through a connecting web server - though this depends on how secure the web server's application is. Proof of concept code available here.
7a62c36595e25982e5eb61be78940b169d48a8771ddd9252d29796af5fbdf890Atstake Security Advisory A120100-2 - This advisory details multiple vulnerabilities in Microsoft SQL Server 2000 that allow an attacker to run arbitrary code on the SQL server in the context of a local administrator account. SQL Server provides a mechanism by which a database query can result in a call into a function called an "extended stored procedure". Several extended stored procedures supplied with SQL Server 2000 are vulnerable to buffer overflow attacks. Furthermore, in a default configuration these extended stored procedures can be executed by any user. Proof of concept code available here.
ec739fab767d599a0ee58f32f2ff762f3b6dfc21601af5994abc47bc96a9b5ecA-Snif is a simple packet sniffer, for learning.
68ca08c3d245a3407496e7357066f73bae641a99f872879772ea1639cea1f8dcAtstake security advisory - This advisory describes a vulnerability that exists in Cisco Systems Virtual Central Office 4000 (VCO/4K). There is a vulnerability in the SNMP interface that allows an attacker to enumerate username and obfuscated password pairs for the Telnet interface. Since the obfuscation method used on the passwords is reversible, administrative access to the VCO/4K can be obtained. Perl proof of concept exploit included.
7efd12964efef16b759d3fcdb2af9a30829c39d81b2e68ec5426c943032bfa96Atstake Security Advisory (updated) - iPlanet's iCal, a multiplatform calendaring server, introduces a number of vulnerabilities to the system in which it is installed on. These vulnerabilities, ranging from poor file permissions to insecure programming practices allow local attackers to obtain root access, and remote attackers to monitor keystrokes. Includes obtain-ics.sh, a simple proof of concept local exploit.
9cb5d1d8417dd354b9437abf1dbd4e8347b3b25d0144afcd99dc883675a69423Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.
f2562bfaf09eac881c34bf6c3fc7b51eb464aca2b3cb81446d72d5bf1fc82e7cAtstake Security Advisory - PalmOS Password Retrieval and Decoding. Severity: Moderate. PalmOS offers a built-in Security application which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. Passwords can easily be obtained and decoded allowing an attacker to access all private records on a Palm device.
605b134f485bfa1453bdfd428bc29ebf0cd76aa76b8b91cd4a84f25e95ed0c2dAtstake Security Advisory - Netegrity's SiteMinder is a web access control product for Solaris and Windows NT that implements various authentication mechanisms to protect content on websites. Due to an error in SiteMinder's URL parsing, it is possible for an attacker to bypass the authentication phase and view protected web pages directly.
e0d3f793315991d1bfe7a1596da57ae4a879f58a9bf6b103ecee5c49798552b3a-01.ciac-unix-attacks
b5084c4fab6d27541633dce4f24de21f5304c8b8793035ba0ec75d79f3b8de39a-02.ciac-vms-worm-w_com
0eef36b3b599dfff5a0ca736c908037dddf16aa457e980620dcdae01656e455ea-03.ciac-wank-worm
5084d51bc3bded2184ea94403c6cd86b76e5b0e2eb025e1508852f00a09127a7a-04.ciac-new-wank-worm
b002afbf32b67dafef5063116d9fa14600cd1eca4de71346ccfcdda68c95460ba-05.ciac-sun-rpc
d9c6d44f3f296bc95cd36e3e1889a38a2a28052643c15acdbfc327c90b4611efa-06.ciac-norton-utilities-trojan-horse
3a82d417b951d6e36665d077268e28a4b657a1966f80a724e6fca839b12bb0e3a-07.ciac-unicos
c9e7413c992cc1e4c93637b2abb0fad6845c37be3ed75d84005947895ce5a969
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed