what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2002-08-29

ms02-034
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-034 - Cumulative Patch for SQL Server available. This patch eliminates three newly found vulnerabilities affecting SQL Server 2000 and MSDE 2000: A buffer overrun vulnerability in a procedure used to encrypt SQL Server credential information. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself depending on the account SQL Server runs as. A buffer overrun vulnerability in a procedure that relates to the bulk inserting of data in SQL Server tables. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself. A privilege elevation vulnerability that results because of incorrect permissions on the Registry key that stores the SQL Server service account information. An attacker who was able to successfully exploit this vulnerability could gain greater privileges on the system than had been granted by the system administrator -- potentially even the same rights as the operating system.

tags | overflow, registry, vulnerability
SHA-256 | 6f6531c6b91284feb309e4db2c188f2ca99bcdad24d52e72a0bcc22cc91660e6
ms02-033
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-033 - Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server. Four vulnerablities exist: A vulnerability that results because the Profile Service contains an unchecked buffer in a section of code that handles certain types of API calls. The Profile Service can be used to enable users to manage their own profile information and to research the status of their order. An attacker who provided specially malformed data to certain calls exposed by the Profile Service could cause the Commerce Server process to fail, or could run code in the LocalSystem security context. This vulnerability only affects Commerce Server 2000. A buffer overrun vulnerability in the Office Web Components (OWC) package installer used by Commerce Server. An attacker who provided specially malformed data as input to the OWC package installer could cause the process to fail, or could run code in the LocalSystem security context. This vulnerability only affects Commerce Server 2000. A vulnerability in the Office Web Components (OWC) package installer used by Commerce Server. An attacker who invoked the OWC package installer in a particular manner could cause commands to be run on the Commerce Server according to the privileges associated with the attacker's log on credentials. This vulnerability only affects Commerce Server 2000. A new variant of the ISAPI Filter vulnerability discussed in Microsoft Security Bulletin MS02-010. This variant affects both Commerce Server 2000 and Commerce Server 2002.

tags | web, overflow, code execution
SHA-256 | 96d13da1a198a112865b89ca08e207b35426732fbdf38072cb67eb9b7c39bd01
ms02-032
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-032 - Cumulative Patch for Windows Media Player. Patch released that fixes the following three vulnerabilities: An information disclosure vulnerability that could provide the means to enable an attacker to run code on the user's system and is rated as critical severity. A privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system. A script execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity.

tags | web, vulnerability, info disclosure
systems | windows
SHA-256 | 39638826819b7b607de3219c2a2a4938c1e8dd5a91b222b99f8f87cfc62cec4b
ms02-031
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-031 - Cumulative Patches for Excel and Word for Windows. New patches have been released that fix four vulnerabilities: An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. This vulnerability could enable macros to execute and bypass the Macro Security Model when the user clicked on an object in a workbook. An Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened via a hyperlink on a drawing shape. It is possible for macros in a workbook so invoked to run automatically. An HTML script execution vulnerability that can occur when an Excel workbook with an XSL Stylesheet that contains HTML scripting is opened. The script within the XSL stylesheet could be run in the local computer zone. A new variant of the "Word Mail Merge" vulnerability first addressed in MS00-071. This new variant could enable an attacker's macro code to run automatically if the user had Microsoft Access present on the system and chose to open a mail merge document that had been saved in HTML format.

tags | local, vulnerability
systems | windows
SHA-256 | 8963928d16edb4a982c3a492feb911511fb69728475dedb9893ad48e4a25af6f
ms02-030
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-030 - Unchecked Buffer in SQLXML Could Lead to Code Execution. There are two vulnerabilities that exist in MSSQLXML, which ships as part of SQL Server 2000. One is an unchecked buffer vulnerability in an ISAPI extension that could allow an attacker to run code of their choice on the Microsoft Internet Information Services (IIS) Server. There is another that is in a function specifying an XML tag that could allow an attacker to run script on the user's computer with higher privilege. For example, a script might be able to be run in the Intranet Zone instead of the Internet Zone.

tags | vulnerability, code execution
SHA-256 | 2a8847567dc7da7e1d3a81f07df13ef81887cdfc660d0b9b1234378fcd74b3bd
ms02-029
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-029 - Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution. A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.

tags | remote, overflow, code execution
SHA-256 | a26971b2daeda8478163409faa9a87202f60946cc23dfe234f384666389736ae
ms02-028
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-028 - Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise. Vulnerability allows attacker to execute arbitrary code on the system.

tags | web, overflow, arbitrary
SHA-256 | 04f30acb371ed80bb96e9721e7666a3a6716e0e6d5f43be0473c571f4b731489
ms02-027
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Bulletin MS02-027 - Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice.

tags | protocol
SHA-256 | 8beadf73156ab5e7067fe4cb488a1655a9bbaa1e3e636f4bd1054f9263da1a67
ms02-026
Posted Aug 29, 2002
Site microsoft.com

Microsoft Security Advisory MS02-026 - Microsoft .NET Framework version 1.0's ASP.NET, a collection of technologies that helps developers build web-based applications, has an unchecked buffer in one of the routines that handles the processing of cookies in StateServer mode. An attacker could seek to exploit this vulnerability by crafting a specially malformed cookie and presenting that cookie to the ASP.NET application.

tags | web, asp
SHA-256 | 3b7b68e5df9a5eed6f74e6c5fa0189b3477750defb66bf0be1771ffef2b69371
spg.tar.gz
Posted Aug 29, 2002
Authored by Killah | Site hack.gr

The Unix Sequence Password Generator creates password files and allows on-the-fly cracking when used with other tools. Also supports all sets of characters.

tags | cracker
systems | unix
SHA-256 | 90324d42b4b78b05efabe74a5bafd66d0a9aae0b8627af722072036358bc380e
orinuke.c
Posted Aug 29, 2002
Authored by gh0st

OriNuke - Orinoco Wavelan Nuker. Orinoco/wvlan driver (< orinoco_cs 0.11) did not check for under or oversized ethernet frames. This proof of concept tool crashes a remote system. Currently fixed in current release of the driver.

tags | remote, denial of service, proof of concept
SHA-256 | 3009dac0da906612b271bdcd8e9cd9e56e5c69621dc76aaf15ea8661afcae452
smbnuke.c
Posted Aug 29, 2002
Authored by Frederic Deletang

Proof of Concept Nuker Exploit for Windows SMB. Tested from Linux 2.4.18 / i686 and FreeBSD 4.6.1-RELEASE-p10 / i386.

tags | denial of service, proof of concept
systems | linux, windows, freebsd
SHA-256 | 0cfe00b55b07a72ef639e6c95171e14b60d58dc160750d0db32610c6f47ad76c
DSR-apache2.0x.c
Posted Aug 29, 2002
Authored by Bob, dsr | Site dtors.net

This Proof of Concept exploit for the current directory traversal design flaw in apache 2.0.x - 2.0.39 allows any attacker to view any file on the target machine. Original vulnerability found by Luigi Auriemma. Affected Systems: Windows [win32], Netware, OS2, Cygwin.

tags | exploit, proof of concept
systems | windows
SHA-256 | 6aceadaa5b57140304df3527499731b71b0374b1690f5244471132425d9e168d
calderax.txt
Posted Aug 29, 2002
Authored by Pavel Kankovsky

Proof of concept local exploit for the Caldera Linux X11 server. The Xserver calls xkbcomp in an insecure manner while not dropping privileges.

tags | exploit, local, proof of concept
systems | linux
SHA-256 | 63e311dfa1eaf7b6836e69f9c5ed6134e5e229baf79f58c276d954ff32d2d618
asctime-poc
Posted Aug 29, 2002
Authored by James Martin

mIRC, the popular chat client for the IRC has support for a scripting language that has been found to be vulnerable. A buffer overflow exists in the $asctime identifier where an error lies in the handling of oversized format specifier strings.

tags | exploit, overflow
SHA-256 | bad0f9793175f781bb0c8b0c508f6029e42a8d916ebd132418062048d3fa75bd
Nmap Scanning Utility 3.10 ALPHA 1
Posted Aug 29, 2002
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: The code has undergone massive restructuring to convert it to C++ and add IPv6 support. Compilation tested on Linux and Windows.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | 73eecaccfee0273cb2f48c07653bc6b900cd0083d8ed9b8bb17f56b616ff9ccc
snmprizzo.txt
Posted Aug 29, 2002
Authored by Ron Sweeney, Jerry Matt

This paper will discuss setting up encrypted communication for SNMP agents and trapd hosts through the use of Zebedee (Zee-bee-dee) UDP tunneling and encryption features. The goal is encrypted SNMP traps from the hosts to the management station and encrypted polling of the SNMP agent running on the host. All SNMP communication is handled by Zebedee with proper firewall filtering practices.

tags | paper, udp
systems | unix
SHA-256 | 4a499e9ba7f3664c7a591bdd126df956c5e9ae02bd6a0f8e046e172d1575f496
omnihttpd.txt
Posted Aug 29, 2002
Authored by Mark Litchfield | Site ngssoftware.com

OLE controls or OCX controls, are components (or objects) you can insert into a Web page or other application to reuse packaged functionality someone else programmed. An unchecked buffer exists in the ActiveX control used to display specially formatted text. This could be executed by encouraging an unsuspecting user to visit a malicious web page.

tags | exploit, web, activex
SHA-256 | 7c6b577c63be58c08729f85ca1894a7f7b06ba1e0c5bfe3bcc43ca20f299264a
cgivti.V2.pl
Posted Aug 29, 2002
Authored by Lawrence Lavigne | Site neoerudition.net

This scanner searches for vulnerable web servers for Common Gateway Interface and Vermeer Technology Incorporated services. Version 2 allows for Class C IP generation done "On The Fly" and a timeout scheme added thanks to MaB of Efnets #programmers.

tags | web, cgi
systems | unix
SHA-256 | 77770362b50cb7fe074dde751149a9cfecd9db1fbc1b7b09fc46c9ec41d2715f
ubpbbs.txt
Posted Aug 29, 2002
Authored by Goodwin | Site security-ru.net

A flaw in the Ultimate PHP Board (UPB) software allows standard users to create an admin accounts with lower case letters that has standard user privileges but that may cause confusion to other users. Fix included.

tags | exploit, php
SHA-256 | cc32e63f249c90e0c02670919dd271f2bc8690b8e1f6890f2355f243376c356d
linux-2.2.21-brfw.diff.gz
Posted Aug 29, 2002
Authored by Sean Trifero | Site innu.org

The Bridge Filter kernel patch for v2.2.21 creates a new built-in chain you can use to filter packets before the bridge. The Linux firewall and bridge functions work well but you can't filter exactly which packets are bridged. The main goal of this patch is to allow this capability.

tags | kernel, patch
systems | linux, unix
SHA-256 | 6b491d1652e4538f24997a4c636ceed5d5190de9d7e511fc1dc7ba86abedbe75
BitchX-1.0c19-jackass.diff
Posted Aug 29, 2002
Authored by Sean Trifero | Site innu.org

BitchX patch which adds a '*!*@host.com' ban mask. For 1.0c19.

SHA-256 | edb465fde1907a3833558bc1a057ef5dad3e4a042339b736b99956c99f422ad9
BitchX-1.0c18-jackass.diff
Posted Aug 29, 2002
Authored by Sean Trifero | Site innu.org

BitchX patch which adds a '*!*@host.com' ban mask. For 1.0c18.

SHA-256 | 1dd1de399e54bf88ac4000a89ea2f88c133e09761b753b9d78d888719fa8eec5
BitchX-1.0c18-humble.diff
Posted Aug 29, 2002
Authored by Sean Trifero | Site innu.org

BitchX patch which fixes the #define HUMBLE compiling problems. For 1.0c18.

SHA-256 | 231895183f828c59e56fc06df327430ef4b886fef50d511ea3b13320dc2e635b
BitchX-1.0c19-humble.diff
Posted Aug 29, 2002
Authored by Sean Trifero | Site innu.org

BitchX patch which fixes the #define HUMBLE compiling problems. For 1.0c19.

SHA-256 | 1658a714b2ef988ef14240079649fd7715f4b8ca5a2de7834f96206d2f990263
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close