http://packetstormsecurity.org/ 100 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/1002-advisories/HPSBUX02503-SSRT100019.txt HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS). http://packetstormsecurity.org/1002-advisories/MDVSA-2010-034.txt Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45. http://packetstormsecurity.org/papers/call_for/nightdahack2010-cfp.txt Night Da Hack 2010 Call For Proposals - This conference will take place from 4 PM through 7 AM, June 19th through the 20th, 2010 in Paris, France. http://packetstormsecurity.org/1002-exploits/CORELAN-10-010.txt GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability. http://packetstormsecurity.org/1002-exploits/wsnguestdb-disclose.txt WSN Guest Database appears to suffer from a database disclosure vulnerability. http://packetstormsecurity.org/1002-exploits/bluedove-sql.txt Blue Dove suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/UNIX/mail/synspam_0.4.0-1.tar.gz Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default. http://packetstormsecurity.org/1002-exploits/as3flexdb-sqldisclose.txt AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities. http://packetstormsecurity.org/1002-advisories/HPSBMA02487-SSRT100024.txt HP Security Bulletin - A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access. http://packetstormsecurity.org/1002-exploits/jdownloader-exec.txt JDownloader versions below 2010-01-25 with Click n Load 2 support suffer from a code execution vulnerability. Proof of concept included. http://packetstormsecurity.org/1002-exploits/DSECRG-09-065.txt TVUPlayer version 2.4.9beta build 1797 suffers from an Active-X insecure method vulnerability. http://packetstormsecurity.org/1002-exploits/sapone_fc.tar.bz2 Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. This version has been updated by FortConsult A/S to use the same byte code as the Nessus plugin. http://packetstormsecurity.org/sip/sipwitch-0.7.0.tar.gz GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate. http://packetstormsecurity.org/1002-exploits/uigabp-sqlxss.txt Uiga Business Portal suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1002-exploits/cve-2010-0453.c This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris. http://packetstormsecurity.org/1002-exploits/exponentcms-sql.txt Exponent CMS version 0.96.3 suffers from a remote SQL injection vulnerability. This really old version has been known vulnerable to various issues since 2005. http://packetstormsecurity.org/1002-exploits/mongoose28-disclose.txt Mongoose version 2.8 seems to suffer from yet another source disclosure vulnerability. http://packetstormsecurity.org/1002-exploits/belkatalog-sql.txt Belkatalog CMS suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/zentracking-sql.txt Zen Tracking versions 2.2 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txt Baal Systems version 3.8 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/damailinglist-sqldisclose.txt DA Mailing List version 2 suffers from remote SQL injection and database disclosure vulnerabilities. http://packetstormsecurity.org/1002-exploits/videodb-xss.txt VideoDB version 3.0.3 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1002-exploits/safari404mc-dos.txt Safari version 4.0.4 remote denial of service with possible memory corruption exploit. http://packetstormsecurity.org/1002-exploits/seamonkey201-dos.txt SeaMonkey version 2.0.1 remote denial of service with possible memory corruption exploit. http://packetstormsecurity.org/1002-exploits/firefox356-dos.txt Firefox version 3.5.6 remote denial of service with possible memory corruption exploit. http://packetstormsecurity.org/1002-exploits/encapscms-rfi.txt EncapsCMS versions 0.3.6 and below suffer from a remote file inclusion vulnerability. http://packetstormsecurity.org/1002-exploits/rostermain-sql.txt Rostermain versions 1.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/killmonster-sql.txt Killmonster versions 2.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/tinymce-sqlxss.txt TinyMCE suffers from cross site scripting and SQL injection vulnerabilities. http://packetstormsecurity.org/1002-exploits/joomlaproductbook-sql.txt The Joomla Productbook component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/jaxcms-lfi.txt JaxCMS version 1.0 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/1002-exploits/major_rls65.txt A remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari Browser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone. Proof of concept code included. http://packetstormsecurity.org/1002-exploits/ldfdf-sql.txt LDF suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/httpdx152-dos.txt httpdx version 1.5.2 suffers from a remote pre-authentication denial of service vulnerability. http://packetstormsecurity.org/1002-exploits/croogo-xsrf.txt Croogo version 1.2.1 suffers from a cross site request forgery vulnerability. http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt The Joomla Photoblog component suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/xlite-wav.py.txt X-Lite SIP version 3 memory corruption heap overflow exploit that creates a malicious .wav file. http://packetstormsecurity.org/1002-exploits/opera3.pl.txt Opera version 10.10 remote denial of service exploit. http://packetstormsecurity.org/1002-exploits/obb-sql.txt Open Bulletin Board suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/joomlagirls-sql.txt The Joomla Girls component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/joomlacommodel-sql.txt The Joomla Model component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/web/dradis-v2.5.0.tar.gz dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts. http://packetstormsecurity.org/sniffers/netsniff-ng-0.5.4.1.tar.gz netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls. http://packetstormsecurity.org/1002-exploits/CORE-2010-0121.txt Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided. http://packetstormsecurity.org/1002-exploits/flexmysql-sql.txt Flex MySQL Connector suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/CORE-2010-0104.txt Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS. http://packetstormsecurity.org/1002-advisories/wippien-negotiation.txt Wippien suffers from a flawed key negotiation vulnerability. http://packetstormsecurity.org/1002-exploits/mysql_yassl_getname.rb.txt This Metasploit module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside ./taocrypt/src/asn.cpp. However, the stack buffer that is written to exists within a parent function stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL. http://packetstormsecurity.org/1002-exploits/novelliprint_datetime.rb.txt This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing a specially crafted date/time string via certain parameters to ienipp.ocx an attacker can execute arbitrary code. NOTE: The operation variable must be set to a valid command in order to reach this vulnerability. http://packetstormsecurity.org/1002-exploits/novelliprint_target-frame.rb.txt This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing an overly long string via the target-frame parameter to ienipp.ocx an attacker can execute arbitrary code. NOTE: The operation variable must be set to a valid command in order to reach this vulnerability. http://packetstormsecurity.org/1002-exploits/deepburner_path.rb.txt This Metasploit module exploits a stack-based buffer overflow in versions 1.9.0.228, 1.8.0, and possibly other versions of AstonSoft's DeepBurner (Pro, Lite, etc). An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded DBR file within a browser, since the DBR extension is registered to DeepBurner. http://packetstormsecurity.org/1002-exploits/audiotran_pls.rb.txt This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Audiotran. This functionality has not been tested in this module. http://packetstormsecurity.org/1002-exploits/wireshark_lwres_getaddrbyname.rb.txt The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. http://packetstormsecurity.org/1002-exploits/java_signed_applet.rb.txt This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This Metasploit module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR. http://packetstormsecurity.org/1002-exploits/interspire-sqlxss.txt Interspire Knowledgebase Manager versions 5.1.3 and below suffer from information disclosure, cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/papers/call_for/reconCFP2010.txt RECON 2010 Call For Papers - RECON is a security conference taking place in downtown Montreal from July 9th through the 11th. http://packetstormsecurity.org/1002-exploits/aflam-sql.txt Aflam Online version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/corelan-10-009-ipswitch-imail.txt Ipswitch IMail server version 11.01 suffers from a reversible encryption vulnerability. http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt Evalsmsi version 2.1.03 suffers from authentication bypass, cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1002-exploits/odlican-upload.txt Odlican CMS version 1.5 suffers from an arbitrary remote file upload vulnerability. http://packetstormsecurity.org/1002-advisories/MDVSA-2010-033.txt Mandriva Linux Security Advisory 2010-033 - A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. This update provides a fix to this vulnerability. http://packetstormsecurity.org/1002-exploits/uplusftp1_7-buffer-overflow.txt UplusFtp Server version 1.7.0.12 remote buffer overflow exploit that launches calc.exe. http://packetstormsecurity.org/1002-advisories/secunia-libmikmod.txt Secunia Research has discovered some vulnerabilities in libmikmod, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow arbitrary code execution in the context of the process using the libmikmod library when opening a specially crafted module file. Version 3.1.12 is affected. http://packetstormsecurity.org/1002-exploits/joomlasexy-sql.txt The Joomla Sexy component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/audistats-sql.txt Audistats version 1.3 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/FoxPlayer.pl.txt FoxPlayer version 1.7.0 local buffer overflow proof of concept exploit that creates a malicious .m3u. http://packetstormsecurity.org/1002-exploits/major_rls64.txt A remotely exploitable denial of service vulnerability has been found in the JavaScript Engine of the Apple Safari Browser (based on Webkit Engine). Versions 4.0.4 and below are affected. http://packetstormsecurity.org/1002-exploits/JAHx102.txt Huski CMS suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/1002-exploits/JAHx101.txt Huski Retail suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/1002-exploits/joomlaerotik-sql.txt The Joomla Erotik component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-advisories/HPSBMA02504-SSRT090220.txt HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. http://packetstormsecurity.org/1002-exploits/sterlite-xss.txt The Sterlite SAM300AX ADSL router suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1002-exploits/masa2elmc-sql.txt MASA2EL Music City version 1.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/arabnetworktech-sql.txt Arab Network Tech CMS suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/yarahosting-sql.txt Yara Hosting suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-advisories/USN-894-1.txt Ubuntu Security Notice 894-1 - Various kernel related vulnerabilities have been addressed. It was discovered that FUSE did not correctly check certain requests. It was discovered that KVM did not correctly decode certain guest instructions. It was discovered that the OHCI fireware driver did not correctly handle certain ioctls. It was discovered that print-fatal-signals reporting could show arbitrary kernel memory contents. http://packetstormsecurity.org/1002-exploits/samba-traversal.txt Samba suffers from a remote directory traversal vulnerability. A remote attacker can read, list and retrieve nearly all files on the system remotely. Required is a valid samba account for a share which is writable OR a writable share which is configured to be a guest account share, in this case this is a preauth exploit.Included is a smbclient patch that exploits this vulnerability. http://packetstormsecurity.org/1002-advisories/dsa-1992-1.txt Debian Linux Security Advisory 1992-1 - Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. http://packetstormsecurity.org/1002-advisories/MDVSA-2010-032.txt Mandriva Linux Security Advisory 2010-032 - It was brought to our attention by Ludwig Nussel at SUSE the md5 collision certificate should not be included. This update removes the offending certificate. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided. http://packetstormsecurity.org/1002-advisories/dsa-1991-1.txt Debian Linux Security Advisory 1991-1 - Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. http://packetstormsecurity.org/1002-advisories/dsa-1990-2.txt Debian Linux Security Advisory 1990-2 - The trac-git package released in DSA-1990-1 had a wrong dependency that could not be satisfied in Debian stable. This update corrects this problem. http://packetstormsecurity.org/1002-exploits/CORE-2009-0625.txt Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker. http://packetstormsecurity.org/crypt/LIBS/ssh/libssh2-1.2.3.tar.gz libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY. http://packetstormsecurity.org/crypt/SSL/stunnel/stunnel-4.31.tar.gz Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. http://packetstormsecurity.org/crypt/vpn/tinc-1.0.12.tar.gz tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information. http://packetstormsecurity.org/1002-exploits/oputils_5-xss.txt ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO. http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txt ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO. http://packetstormsecurity.org/1002-exploits/ultrabb-xss.txt UltraBB version 1.17 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/papers/call_for/HES2010-CFP.txt The Hackito Ergo Sum 2010 Call For Papers has been announced. It will be held from April 8th to 10th, 2010 in Paris, France. HES2010 will focus on hardcore computer security, insecurity, vulnerability analysis, reverse engineering, research and hacking. http://packetstormsecurity.org/1002-exploits/owa-bypass.txt Outlook Web Access (OWA) suffers from a vulnerability that allows direct access to files blocked by policy. http://packetstormsecurity.org/1002-exploits/Hipergate-4.0.12-SQLCommandExec.pdf Hipergate version 4.0.12 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/Hipergate-4.0.12-ReflectedXSS.pdf Hipergate version 4.0.12 suffers from a reflected cross site scripting vulnerability. http://packetstormsecurity.org/1002-exploits/Hipergate-4.0.12-PermanentXSS.pdf Hipergate version 4.0.12 suffers from a permanent cross site scripting vulnerability. http://packetstormsecurity.org/1002-advisories/aol95-overflow.txt Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5. Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on waol.exe . Successful exploitation may allow execution of arbitrary code. http://packetstormsecurity.org/1002-exploits/symantec-exec.txt Remote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products. http://packetstormsecurity.org/1002-exploits/facebookfriend-xss.txt The mobile interface of Facebook social network was affected by a cross site scripting vulnerability. http://packetstormsecurity.org/papers/general/rev_honeytrap_av_v1.pdf Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers. http://packetstormsecurity.org/1002-advisories/HPSBOV02505-SSRT100023.txt HP Security Bulletin - A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege. http://packetstormsecurity.org/1002-advisories/dsa-1990-1.txt Debian Linux Security Advisory 1990-1 - Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. http://packetstormsecurity.org/1002-advisories/dsa-1989-1.txt Debian Linux Security Advisory 1989-1 - Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.