Xato Security Advisory XATO-112001-01 - Windows 2000 and XP terminal services are vulnerable to IP address spoofing. Affects all Service Pack levels.
b0e2053ca0e3affa73acb7be5de046afXato Security Advisory XATO-122000-01 - The majority of the command-line SMTP mailers available for Win32-based systems are vulnerable when used to send mail from a web server. The vulnerabilities found allow remote web users to read and/or write to the servers file system, retrieve files from the server's file system as mail attachments, bounce and/or spoof e-mail messages, spam, flood, mail bomb, or otherwise use a server's resources without authorization, bounce off a server to perform port scans, bounce off a server to perform brute-force attacks to POP and/or SMTP accounts, reroute all the mail through an untrusted mail server by changing mailer options, and launch dos attacks against the server or other systems. Vulnerable mailers include BatMail v1.8d, Blat v1.85h, CGIMail v2.5, CLEMAIL v1.3, Comments v1.7, FormVar v1.61, GBMail v2.02, MailForm v1.96, MailMe! v1.6, MailPost v5.1, MailSend v7.15, MailSend v3.18, NetFormDD v2.9, Postie v6, SendFile v1.0, Stalkerlab's Mailers V1.2, WindMail v3.05, WebMailer Pro v1.2, WebMailer Lite v1.2, and wSendmail v1.5.
9e28095885e712c9b19be4b7252bfabcXato Security Advisory XATO-112000-01 - The Cart32 shopping cart v3.5 and below for Windows contains multiple remote vulnerabilities. Common user misconfigurations and bad password encryption make the application more vulnerable, often allowing a full compromise of the server.
c53878c21da417cbef5973c502a3fec7Xato Network Security Advisory - FrontPage Server Extensions are vulnerable to a remote denial of service attack that will disable all FrontPage authoring operations on a web site. When requesting a URL that includes a DOS device name, the server extensions will hang and will not service any further requests. To re-enable the server extensions requires restarting IIS or rebooting the server. There is also a secondary problem with certain DOS device names that reveal the server's physical path.
13abfd3dd0accbf77598a395fb8f5c41
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed