Cognos PowerPlay Web Edition software for Microsoft NT Server contains a security vulnerability in which unauthenticated web users can access cube data. Negative vendor response. 8.688 kb.
d9ba6824b8d4f8b45e36c364ff538ed7Security vulnerability in the customer web interface at hustler.com allows malicious attacker to hijack any user accounts, and gain access to credit card and personal information. HTML exploit template included. 1.730 kb.
5fe2cb1eb4ec7399be64391018f7ba24Hack-A-Site I. A detailed kit on how to hack an Microsft IIS Server using the eEye exploit.
c92d781b1793c1e5dad9ef106c969a66The Pine MUA up to and including v4.10 contains a security hole that allows a malicious remote attacker to potentially execute arbitrary code, resulting in possibility of root compromise. Exploit code included.
20d8a6a76d5c7a998cafaebcd11b4ec0exploit for ipop2 daemons shipped with the imap-4.4 package; remote attackers can spawn a shell with uid of user "nobody". 3.060 kb.
b99db7faac1209b79c3b3a9612b3e14eLSM to kill modems using +++ATH0.
6895d48a24ea72ea15c1462e580b2c97killmod.php3 is a php front end that calls a simple shell script (killmod.sh) that allows you to use the +++ath0 bug to hang up older modems.
5633eb01cd4e6559c3d5a6e5633ff892Security vulnerability in Xi Graphics, Inc.'s Accelerated-X Server 4.x, 5.x (and possibly earlier versions) allows local users to gain administrative privileges by exploiting multiple buffer overflows in the Accelerated-X X server.
4cd48b59a509324fee3faf53ff9019e3lsof 4.40 exploit, local root compromise. 0.901 kb.
16319fee4858b8a486ca96da43497408Microsoft Outlook (all versions) does not properly handle X-UIDL: headers in email, resulting in the potential for denial of service attacks against MS Outlook users. Exploit details and patch included.
e55c720f19f8f28ba2d4a25ffb4895e1HTML parsing bug in all versions of Netscape Communicator 4.x allows malicious web master to crash your browser using JavaScript. 1.269 kb.
b6d94dda0d82467cf42f40f31d889270Detailed description of the Brain File used to uncover the eEye NT4+IIS4 URL buffer overflow remote exploit.
8b5cc8a34ba6773971ecd60efbe0e4f0Details about how and why the eEye NT4+IIS4 URL buffer overflow remote exploit hole was exploited and released.
ad5ca07e7344c147a9081189d10e58ebGeneral description of the eEye NT4+IIS4 URL buffer overflow remote exploit.
0a21ec62341dc80786a2b555b20e9090Older versions of rpc.statd and automountd for various platforms allow remote attackers to execute arbitrary commands and gain root privileges. Sun patches available.
f075ae0791604905a4837f45a32eff93Exploit code for remote ipop2d security vulnerability that gives attacker a shell as user 'nobody'.
416b48b74ae8cf9843a111a18d464ed5shadow-980724 contains a security bug when used with '-p passwd' option, such that passwords are not encrypted. Solution: upgrade to shadow-19990607 or later.
9e67f0769f19753fe5a456a2399a1f81shadow-19990307 contains security bug that allows new user with UID 65536 to gain root access, without being logged at all, and with ability to bypass /etc/securetty restrictions.
b096ce34fbd435914b9578e6a14af17eExploitable buffer overflows in the smbval library leave numerous systems open to local and remote attacks that can potentially result in root compromise.
2b07194b4b827e8c43f4a0a2c2c80c82Sun Solaris 2.5 and earlier contain security hole in the 'su' program that allows scripted brute force attacks on the superuser password without the attacker being logged. Exploit script (coded in Expect) and detailed description included.
d8bb6d4fc490d965f4daa1645fada82fssh-2.0.12 allows remote attacker to verify userids.
e897cdaa9d425b69676255c3335c02d7Red Hat PAM version of the 'su' utility allows any local user to easily brute force the superuser (root) password with fast scripted (automated) attacks, avoiding all logging via syslog too.
3f04992bddafdcbbd5879448eb4d28fcSudo v1.5.6p2-2, a program that provides limited superuser privileges, does not properly handle improper file access attempts, revealing information about file existence.
6321b3933f068eeeff338008a65dea77"Big Brother" feature that sends lists of your C compiler commands to "ut-cc@sunpro.Eng.Sun.COM" exists in alpha and beta versions of Sun's SUNWspro C compiler package.
fc0043185a22f25f8b1064b455c20fa3Time to upgrade your Sun 5.5.1 and 5.6 sendmail software to version 8.8.8. Sun describes it as "taking advantage of new security enhancements"; I call it "plugging all the security holes in v8.6.9". :)
e32724071838d6d0da440200560b6bcd
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed