what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2000-07-01

asb00-15.jrun.samplecode
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-15) - JRun 2.3.x includes a number of example applications and sample code that expose security issues. JRun 3.0 addresses the viewsource.jsp issue. Allaire strongly recommends that customers follow the best practice of not installing sample code and documentation on production servers, and removing the sample code and documentation files from production servers and restricting access to those directories where they are installed on workstations.

SHA-256 | 583cfb90648a70c3c326d209d85aa4bf0da94b52d4569f3b24edec6c712872d5
asb00-14.coldfusion.admin
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-14) - Allaire has recently been notified by Foundstone, Inc. (see Revisions section below for contact information) of a denial of service attack against an unprotected installation of the ColdFusion Administrator. This issue only affects ColdFusion Servers that have not followed Allaire's recommendations in the Allaire Security Best Practices article 10954.

tags | denial of service, add administrator
SHA-256 | 5f15d73015593185e82770c379eda7d3e8ca9790e0e0bf36811eca22b5c1d3c0
asb00-13.iis.htr.request
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-13) - Microsoft has released a patch for two security vulnerabilities in Microsoft(r) Internet Information Server. The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web, vulnerability
SHA-256 | 1a58b773376c9c2c01005a1c0f9ed18b8211ed7b50a242a2cdbfafac6a359160
asb00-11.iis.imagemap
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-11) - A procedure is available to eliminate a security vulnerability affecting several web server products. The vulnerability could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web
SHA-256 | ead49691ad21715e0cc247f3d78fe35d2479b62c76bd26d3dc1a257cf8f8a048
asb00-08.iis.escaped
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-08) - Microsoft has announced a Microsoft has released a patch for a security vulnerability in Microsoft(r) Internet Information Server. The vulnerability could allow a malicious user to slow a web server's response or prevent it from providing service altogether for a period of time. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web
SHA-256 | ac68120bd491e52080e26865af69543e2ae53539643caf20528904d3ab4b9ff1
asb00-09.iis.linkview
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-09) - Microsoft has released a procedure to eliminate a security vulnerability that could allow a malicious user to cause a web server to crash, or potentially run arbitrary code on the server, if certain permissions have been changed from their default settings to inappropriate ones. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web, arbitrary
SHA-256 | d37d4eb5c51ea92c8c1526fd4f6f594f3d5a6e1b0bfd388cd9f32bae85d8ff8f
asb00-10.spectra.preview
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-10) - The Spectra Container Editor Preview does not properly enforce object security. Allaire has released a patch that addresses this issue.

SHA-256 | 8c3ae5d3c258a942638f700431baed582c7de0cf50aa4faf2bea5f4cf43d2183
asb00-07.hithighlight
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-07) - Microsoft has announced a vulnerability for Microsoft IIS which exposes the ability to use a malformed URL to read the source code of ASP, CFML, Perl and other files that are on a server. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.

tags | perl, asp
SHA-256 | a99ac1f1b065bd3b464ae979a2a401ccafdec0ed9a2a4b083c4b2d1f97479f6e
asb00-06.forums
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-06) - Allaire has recently been notified of a security issue in the Allaire Forums 2.0.5 software. This behavior allows users to view and post to secure discussion threads via unsecured conferences and/or through email. This issue affects multiple templates in the Forums software. Updated versions of the affected templates are available from the following link: Download - Allaire Forums 2.0.5 Security Patch.

SHA-256 | e1d1c4b8932ac01a330c6dd52f48934c9fe51519f19c1eadeba06ac77c0b4e3d
asb99-11.mdac_rds
Posted Jul 1, 2000

asb99-11.mdac_rds

SHA-256 | 9c9619f4c80bf857b50c70083d86e66e4c1408e0c9d7c3fe4194016e2e3299d6
asb00-05.cross.site.scripting
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-05) - A new type of security attack called "cross-site scripting" has surfaced which is based on common website design flaws and data manipulation that web browsers use when communicating with web servers. While the problem is not a vendor-specific issue, it does affect many web servers and virtually all web browsers currently in use. The problem lies with the design and coding techniques of web sites that serve dynamically generated HTML pages rather than the software the websites themselves run on.

tags | web, xss
SHA-256 | 263a7b7349d0ec73c6d43988d37ac87c2bab3e0a66c8fe0f3ebcca768485fbdb
asb00-04.spectraauth
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-04) - There is a security issue with the Spectra 1.0 Remote Access Service invoke.cfm template. Normally users must be authenticated in the webtop security context in order to even attempt to use the Remote Access Service. However, if the user passes a parameter called "bAuthenticated" via the URL, a form field, or a WDDX packet, and the user does not specify a username, a bug allows them to use the Remote Access Service even if they are not in the webtop user directory.

tags | remote
SHA-256 | 2290cf21532b82df7407b2f96d6ef361b638bc62542d8deed22068dd7b082343
asb00-01.spectrawebtop
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-01) - The Allaire Spectra 1.0 Webtop allows authenticated users to access sections of the Webtop they may not have been granted access to by typing explicit URLs. This exploit does not give anyone access to the Webtop who does not already have permissions to at least one section of the Webtop.

SHA-256 | 89cd666fa3246d4f7ebefb76dbcea8fd8a1db1e06be3006a22c41234f8219a83
asb00-02.spectrados
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-02) - When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step which indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.

tags | web, denial of service
SHA-256 | dfc853cd876112922ef7e7ffa98959fb45ca4072eedf2687afe1167c88734cba
asb00-03.cfcache
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-03) - Patch Available For Potential Information Exposure by the CFCACHE Tag. The CFCACHE tag is a feature available in ColdFusion 4.x to perform template caching to increase page delivery performance by intelligently compiling and storing the output of CFML pages for faster access. When this tag is utilized in a .CFM page it creates several temporary files, including one that contains absolute filenames with directory path information, URL parameters and timestamps. In ColdFusion 4.0x, these files are stored in the same directory as the .CFM page, usually in a publicly accessible web document directory.

tags | web
SHA-256 | 75b3ad2d7dbcd77486fa642c8fd4d91440c50797cfaa6cd24391e43892942199
asb00-12.querystring
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-12) - ClusterCATS Appends Stale Query String to URL Line during HTML Redirection. The vulnerability potentially releases confidential query string information on redirect. Affected software versions include ClusterCATS ColdFusion.

SHA-256 | bc4b4c2f53dde1501082ca668ae4f331c22b091b418fc72ae56691b0a54495a4
pscan2.c
Posted Jul 1, 2000
Authored by Ozone

pscan2.c is a simple tcp port scanner.

tags | tool, scanner, tcp
systems | unix
SHA-256 | b0d7e7fb643bea96a8889be0860892cb5a5daa4d44c3329f0e9a5920ab3a4566
killbgproc.pl
Posted Jul 1, 2000
Authored by Doxavg

killbgproc.pl daemonizes, watches for running processes with no attached terminal and kills it. Easily configureable to define the minimum user id that you want to start killing.

tags | tool
systems | unix
SHA-256 | 883ef7e9a75177c89ed17cc752bf3b45f7b067fe20e13eaeb1f586bdd680e7c9
cpd.c
Posted Jul 1, 2000
Authored by Antipent

CheckPoint IP firewall crashes when it detects packets coming from a different MAC with the same IP address as itself. We simply send a few spoofed UDP packets to it.

tags | exploit, udp, spoof
SHA-256 | ad01316cc5a45abb3776b8ade259c2dc2b3b162171ce1778e569bed038e2056d
ms00-042
Posted Jul 1, 2000

Microsoft Security Bulletin (MS00-042) - Microsoft has released a patch for a security vulnerability in an ActiveX control that ships with Microsoft Internet Explorer. The "Active Setup Download" vulnerability can be used to overwrite files on the computer of a user who visits a malicious web site. Microsoft FAQ on this issue available here.

tags | web, activex
SHA-256 | 7c1bfacce123535ad843fb68574d8696aac41995e1be4625bf18150fe987f0b9
wuXploit.tgz
Posted Jul 1, 2000
Authored by WC

Wu-Ftpd 2.4.2, 2.5, and 2.6 are commonly misconfigured on linux to allow users which only have a valid FTP account to execute code. This code takes advantage of this configuration, mentioned in SUID Advisory #1 to execute a backdoor on the remote host.

tags | exploit, remote
systems | linux
SHA-256 | 9219f3dc8c4357646bf46266ad5c55bda0e603191ef80f27186b4ccf5fb83945
SuSeLocaltmpXploit.c
Posted Jul 1, 2000
Authored by WC

SuSe 6.1 through 6.4 local exploit - when root switches users, /tmp/ will be the $HOME. This exploit will create a suid (user) shell when root su's to a user account.

tags | exploit, shell, local, root
systems | linux, suse
SHA-256 | 0c640e5bd6cad6ab1a9f902ec11367abac1597d2768eedf475e4293e23c3c435
Xnapster.c
Posted Jul 1, 2000
Authored by WC

Gnapster 1.3.8 and Knapster 0.9 remote view file exploit.

tags | exploit, remote
SHA-256 | 53c82a8e2d27ddb652a607c8842ffdc06767db6dc99711ae7c83b0e6575c08d9
proftpX.c
Posted Jul 1, 2000
Authored by WC

ProFTPD 1.2pre4 remote buffer overflow exploit. Requires a writable directory.

tags | exploit, remote, overflow
SHA-256 | ddaa523bce8660f1ea7139487103115776722b6432a3e876c8f85d29b5c96cc5
JRUNremoteXploit.tgz
Posted Jul 1, 2000
Authored by WC

JRun 2.3 remote buffer overflow exploit. Runs a shell on the port where the JRun webserver daemon is running.

tags | exploit, remote, overflow, shell
SHA-256 | 0009f8a8198fbfbcd6431fe2f632926a00f52ef872ba53530e82d7fec95be05d
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close