A cross site scripting vulnerability in Microsoft Hotmail allows access to mailboxes via malicious Javascript in conjunction with cookie hijacking.
8c363ce3f59df1c9afd05297d48999353d73fd24fdf58a30707f45ba78d08d9a
Security Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.
3123057a0e33003e32d0c1dcbd81e7c68fe2683392807470c9f4cf6b670e203b
Original research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.
afe2bc49b17ee13959bb70c510b9169e409491f6f6bef971239d00a18a2e3d4f
SCO Security Advisory - SCO OpenServer 5.0.5, 5.0.6, and 5.0.7 has had multiple vulnerabilities discovered in Xsco. One matches the command line parameter -co hole discovered in Xsun and another allows any local user with X access to gain read/write access to a shared memory segment.
ea73d1607ecb515aa8682e89e65246b5b258aa25a485244028e85ae2567906ae
Remote irc2.10.3p3 denial of service exploit that makes use of a bug in channel.c that occurs when handling a specially crafted JOIN command.
18f6234073b0b9e3dee6ac4c1f1e73da9b5b1b8677fc854041399955b816fd70
CERT Advisory CA-2003-27 - A number of vulnerabilities in both Microsoft Windows and Microsoft Exchange have been discovered with multiple bugs giving privilege escalation and remote command execution.
ff6a783884bf7c388fa7d2f7cad1b147a397dc5ac7727f0a5675739263ee03f6
A cross site scripting vulnerability still exists in the newest Bajie HTTP server release even though the vendor had previously been notified of the problem.
afd73509b2de1d74bbb351c867f4a67c715af98358cb09eecca456e2cef6a03e
NGSSoftware Insight Security Research Advisory - Several vectors exist that can be used by attackers to make use of a stack based buffer overflow in the PCHealth system of Microsoft Windows 2003 Server and Windows XP.
c81ad70663b2e59cb57828827eb771305b054a927731a366ef5652bb7951ced6
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It is useful for pinpointing which process is using each network socket. FAQ available here.
685b9f1f8c1b4ffdbfcc19572bebe0bc7fb0eede0941dc2487104f697d0dc696
ProxyCap enables users to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers. It can be told which applications will connect to the Internet through a proxy and under what circumstances. This is done through a user friendly interface, without the need to reconfigure any clients. ProxyCap provides a flexible rule system and allows the end user to define their own tunneling rules. ProxyCap version 2.0 introduces support for UDP-based networking clients, optional remote name resolution, and more detailed Session Logs.
955595f2ed4b778a945d78593dbeefda0de9d1d42408ab9706f4df9481290aac
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
e88ced3e42ae119f22add4abbcff00bd89582b885b582bf3f436dfe84f5865ea
CA Web Helper is a helper Web application written in PHP and Perl to maintain a local Certificate Authority based on OpenSSL. It provides the ability to view issued certificates, issue new certificates, and revoke compromised certificates.
df95e269a2b79839edcf5ec6b212766f8540bd3e0f7b457a77b2885a9fbc430d
105 byte size shellcode that executes: setuid(), setgid(), mkdir(), chroot(), chdir(), chroot(), execv(), exit(). ASM code and syscall table are included.
2d9d05332ebda5bbdce4419ae67090617a9ffcd128b5e47e8ef0c3798f7e4dc3
Microsoft Security Advisory MS03-045 - An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000.
3e04277031dbf6e921a7be196d8aa8db1e8dd4091520cec139a0bc50d571abbd
Microsoft Security Advisory MS03-047 - Microsoft Exchange Server 5.5, Service Pack 4, suffers from a cross site scripting attack due to the way Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form.
643e2eb1f2bd8cf2e8d911578d71880652aaaa6792f3f3d48d274526d86d308b
Microsoft Security Advisory MS03-046 - A denial of service condition exists in Exchange Server 5.5 that can be exploited by a remote attacker and Exchange 2000 Server suffers the same denial of service and a buffer overrun that can result in an attacker running malicious programs.
a4bd78fe81913c5ffb36cde25380d71fa9f5143f19724c585b5983d3ddab8b04
Network Penetration conducted a survey at the start of 2003 to check the status of the United Kingdom's DNS infrastructure. This paper discusses the second run of what was tested, the results, some sample zone transfers, and recommendations.
31dc371eb671d823d16aa2224c769ef3802e82eb0154f61065f3def5701be8f0
The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.
f1c0300dc00e219b8dbc03dbdfde2f6bb99cf9e08b84db923315190b4e59337b
Simple notes on how to exploit GAIM via the festival plugin that was written quite poorly.
4ff6480817604dff4307edce42b3b214d5c319bf340fadc144ba47a1476fb3c8
ColdFusion servers suffer from a SQL injection vulnerability due to cross site scripting.
cd0a66f33d0eaf7647128be1451bcfa6c41612b461d14ff1bc9da61edf1e61a3
Microsoft Windows Security Bulletin Summary for October 2003 that covers MS03-041, the vulnerability in Authenticode Verification that could allow remote code execution, MS03-042, the buffer overflow in ActiveX that could allow code execution, MS03-043, the buffer overrun in its Messenger Service, and MS03-044, the buffer overrun in the Windows Help and Support Center.
6ee2879ff2ee6b1aa64c128110f8d70f6d04ceea10bbe444626b4a36bd99172e