L0pht Security Advisory - Rainbow Technologies' iKey 1000 contains vulnerabilities which allow an attacker to login as administrator and access all private information stored on the device with no detection by the legitimate user. The attack requires physical access to the device and a EEPROM programmer. Includes a proof of concept tool, iSpy, which retrieves and displays configuration data for the inserted iKey and displays ll public and private data.
067ddab1726a135890936d3da78d624eL0pht Security Advisory - Passwords can be easily decrypted by exploiting NetZero's encryption algorithm. Includes proof of concept code to decode the password stored in jnetz.prop.
4f9160ba188abe167da39ce209985986asniff_advisory.txt
b61f0af94f258db4dc2bfa38dc6925a5L0pht Security Advisory - Microsoft Office 2000 UA Control Scripting is categorized as being "safe for scripting", allowing malicious active content to execute regardless of macro virus protection settings. Scripts can be executed without users consent from any HTML page viewed with active scripting enabled, including both Internet Explorer and Outlook e-mail in their default configurations. Online demonstration of this vulnerability in action here.
0f6b61dc993c3fee2f57006f1e3e085bHeimlich, Proof-of-concept tool for Win98 (47kB), can be used in regards to the eToken vulnerability.
5818c71e9174404e37fd6c3553e2e549l0pht Security Advisory - eToken Private Information Extraction and Physical Attack. Aladdin Knowledge Systems' (http://www.ealaddin.com) eToken is a portable USB (Universal Serial Bus) authentication device providing complete access control for digital assets. eToken stores private keys, passwords or electronic certificates in a hardware token the size of a house key. The eToken makes use of two-factor authentication. Using the legitimate user's PIN number ("what you know") and the physical USB key ("what you have"), access to the public and private data within the key will be granted.
97f4c19f2239b97a10ed938e821a3388l0pht Security Advisory - NetStructure 7180 remote backdoor vulnerability. The NetStructure 7180 can be compromised via the admin console even after the admin password has been changed. Root access can be obtained via the Internet when used in a poorly configured or default configuration. Additionally, web based management authentication is done in the clear.
985179a32afe579a2b6c1814fb00fd31l0pht Security Advisory - NetStructure 7110 console backdoor. The NetStructure 7110 can be compromised via the admin console even after the admin password has been changed. An undocumented command list exists known as 'wizard' mode. Through this mode there is a password that overides the admin password and allows full access to the internal components of the NetStructure 7110. This password can be used from within the admin command line interface or to overide the admin password at an initial login prompt.
b639f43b08ef928267b0e36a153b17a0No information is available for this file.
8928e3653780d406db9c365c584c615eTBA is the first wardialer for the PalmOS platform. Using a Palm device with a modem, you can wardial from anywhere a phone line is available - throw it in a phone can to retrieve later, toss it up in the ceiling during a security audit - the possibilities are endless.
9b9b88bfd0010913b9cf8ad1422de349Documentation for TBA, the first wardialer for the PalmOS platform. In Microsoft Word format.
7e1d8c62ca2d5659009e0d54103a5df5BeamCrack is a simple application that will set or reset the bit in each application's database header which tells the launcher that it should or shouldn't be beamable, thus bypassing the PalmPilot's infantile copy-protection.
e476e15f20efe0fbc045a2f0f260fdc9Enables you to examine all of the registers inside the Motorola DragonBall processor (running the show on the PalmPilot). Very nifty. Use at your own risk. For devices running MC68328 only.
a06def97848b519b1fe82c606ce80142L0pht Advisory - A remote user can execute arbitrary code on a properly configured Linux LPD server.
a0df4a0b1fdf8e6852ec294c2926baffApplication: Cactus Software's shell-lock. (a) A trivial encoding mechanism is used for obfuscating the shell code in the "compiled" binary. Anyone with read permissions to the file in question can decode and retrieve the original shell code. Another vulnerability exists where the user can retrieve the un-encoded shell script without needing to actually decode the binary. (b) The vendors claim the program to be useful in creating SUID binaries on systems that do not honor SUID shell scripts and also to protect against the security problems with SUID shell scripts. As it turns out any shell-lock "compiled" program that is SUID root will allow any user to execute any program with root privileges.
362b8239fdd28d279fda9454b7143107l0pht.97-10-08.imap4.1
0eb9b08a0a9311a95758aebb9cad991el0pht.97-11-01.mie.40
9334d959c86b12d154ec163f3815c80cl0pht.98-01-20.lotus_domino
0df1f070fef3280eb915d8da8ba20d69l0pht.98-02-06.nt.port.binding.vuln
ac63ecac60e4624b2f575666652b91c9l0pht.98-02-23.solaris.printd
aaa3da93923ebd9ef2906bfeff908e28l0pht.98-10-09.lotus.domino
8434ca8722a230cf3d4f4094b55a7c05l0pht.99-01-03.suguard
3b959db3869cdcef5c998b3766f1a7afl0pht.99-01-08.clearcase
3c7aa6f4002b692adb1da302998fef47l0pht.99-01-08.tmp-watch
a67162cd32a07345afd39e7a1cd127d8l0pht.99-01-21.password_appraiser
68742535c1e4d9e0f03e2371a04967b7
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed