Exploit source code for Windows NT Screen Saver Vulnerability that allows any local user to add self to admin group.
0b893a3b4f019bd85c18934661a9ecb3Lotus security advisory concerning a bug in the Lotus Notes Client which causes encrypted email messages to be saved in the sender's mailbox in unencrypted form.
862992fe8840f908164628dc3226c1adEncrypted mail sent from the Lotus Notes Client (v4.5, probably others) may traverse the network in the clear and may be stored on the mail server unencrypted. Advisory by Martin Bartosch
a8be88cb0dd929688647905a47531c16I am not going to make a habit of posting virus alerts, but this analysis of the fast spreading Melissa virus, including full source code, merits a posting. Excellent job by Nate Lawson of root.org
5fe5025944f1b46cfb6e77027470049eVulnerabilities in Microsoft Exchange server allow remote attacker to delete user inbox and launch Denial of Service attack with embedded JavaScript.
199edd03e1fe2230e6409c28c53f824eMicrsoft Office/OLE security holes: Does Microsoft know that they are themselves vulnerable though? "clueserver.microsoft.com" is a non-existent host???
9e155e4a5698d703216ab529c771aae2Microsoft has released a patch for the File Access Vulnerability in Personal Web Server. All relevant details included in file.
c3324a54606912fa91a3b8f51781f7d9Microsoft's SMTP service (v5.5.1877.977.9) launches Denial of Service attacks. No, this is not a joke, either. Read it. You can download consolation patches at Macroshaft
50bad8df6b9d4a4f17dc881b26f925e4Microsoft SQL Enterprise Manager stores usserid and passsword in plaintext.
7bb84405b41ba2f30094498448ce21dbMicrosoft Internet Explorer 5.0 is susceptible to a very simple Denial of Service attack involving cookies. Default security settings open this hole, and there is currently no fix. Other problems with the way that MSIE 5 handles cookies are also discussed.
e4328459eb80a9872a6d3f06d3b6c8b3Microsoft just released Internet Explorer 5.0, but apparently forgot to plug many of the JavaScript security holes documented by Georgi Guninski
b36f2278c1207a8b63f0eeece52915f7Microsoft Internet Explorer 5.0 contains the recently discovered clipboard vulnerability, but now ALL HTML <INPUT> boxes, along with DHTML, can be used to grab your clipboard contents. The default clipboard setting for IE5 is also slacker than before.
44cc84265780abeda710340622f1413bThe Microsoft Internet Explorer 5.0 installer (Setup Wizard) disables password protected screen savers and the Task Scheduler Service, effectively disabling whatever security you thought the screen saver afforded you, rendering your PC or workstation completely vulnerable to console-based (local-physical) compromises by anybody.
6853a1874ab763ef575672e76a82c95aThe "AutoComplete" feature? In Microsoft Internet Explorer 5.0 it's a big security risk.
b248e3e74d0601e736a599aa419d6ab1More Microsoft Internet Explorer 5 vulnerabilities! Microsoft Active X control called "DHTML Edit control Safe for Scripting for IE 5" contains security holes that allow public access to the clipboard and cross-frame access, among other things. Exploit code examples included.
e2fe2708e182aa7971209fcbccc5c672Microsoft Internet Explorer 5 stores usernames, passwords, credit card, and other personal information unencrypted and insecure in dropdown box.
0ea034906dbae4167f9f40c4d0a45515Microsoft Internet Explorer still does not properly distinguish between sites that belong in the "Internet Zone" and sites that belong in the "Local Intranet Zone".
97750f23ac2564a835207e02906bcd2btempfile race condition in latest releases of mutt can result in typical symlink attacks.
89e5a2b9fb26bc2fb3a96dd7e4cebb54A "patched" login.c that gives user privileged access and logs other user's passwords.
122c000a51b7b3a7dfd382b839ccf6b8Security vulnerability in NetBSD 1.3.3 and prior; NetBSD-current until 19990318 permits local users to execute arbitrary binaries on the system, because the noexec mount flag is not properly handled by non-root mount. Vendor solutions and patches available.
926df7a7db98909a9333ecd30229bc75NetBSD 1.3.3 and prior, and NetBSD-current until 19990312 contain a security hole in "umapfs"; Insufficient kernel checking in the umapfs virtual file system allows local users to remap their user id to any other user including the root user. Exploit details, and NetBSD solutions, patches and workarounds included.
bc34b5a434fa694dcb86fc3112e5868dSecurity hole in Netscape Communicator's 4.5 "talkback" function allows any local user to kill processes of any other users if their communicator crashes. Furthermore, a local malicious user can overwrite/create any file that any other user on the system has write access to. Potenial buffer overflow exists too. Vendor and third party solutions included.
a3b8b2e54fbb58ab36b515dffb784636Netscape just released Netscape Communicator v4.51, but apparently forgot to patch some serious security holes related to JavaScript and reading your files, cache, and more.
4dbfa8f2e759d21f991ad94daa68a6afNetscape Communicator 4.51 allows sniffing of URLs from another window. Exploit code and recommended solution included.
c3a27aaf96215671db0e3567ad0b3bb9Netscape Navigator 3.x and 4.x for Linux and UNIX contains security vulnerability in which sensitive user information is easily obtainable from core dumps.
bb7dceed108822575edaf0e9daadabea
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed