When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.
d3572a90acc842149e47149c8cbb247cdee198ab4f24cd4795627dd7cfba6637Proof of concept exploit that makes use of a buffer overflow vulnerability existing in Shixxnote 6.net.
f0864adaed3f32db3d6685725e0302eb64bd399df04d997236ba21875b8654e5A buffer overflow vulnerability exists in the field used to specify the font to use in the messages sent by Shixxnote 6.net. If this specific field is bigger than 1698 bytes the return address will be fully overwritten.
b65e626cc9a52695eb35f414d38bf9cf83b5124622a454bb84f0e9045e7d5affWhen specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.
653c1d641fce3d340f0ed50c6a9b2990cbfd01531ec29f00702011a65ea1d0d1ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.
b31003f292ce532e33ac3e00b98fd52f3b033acdcbb19bcde9eb0dc39d7e3160Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized). It is also possible to execute code embedded by the attacker. It should be mentioned that Blackberry developers tools are freely available.
92f19aced80d13dd354f933fc08c07fda2df3c70c05fdcf8c2fff682d778be56Fusetalk forum 4.0 is susceptible to a cross site scripting flaw due to a lack of filtering img tags.
3b0b5404dc37639becf8449caf160752b3e9c099234ddd50b7d3b04cacc83cc8Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356). If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit these vulnerabilities.
ef95a3ed5d31bffeedd4ac822b7d01bbfc20d8a0bc19f0302adf9f68df418478Fusetalk SCT Campus Pipeline is susceptible to a cross site scripting flaw.
12d48987f90efa01747f2379fa91451284ec9106d079942816a5858365971b70Microsoft Security Advisory MS04-035 - An attacker who successfully exploited an SMTP vulnerability in Windows could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
d8b5ce3d9d0907ec2f21a418dfbac6121cbc95e4bfb24a5d3200f76f086def7cMicrosoft Security Bulletin MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution (841533). An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.
4ac78afe5a06625a0861a4ab6c335b3d28117ab77454d84120ad07fe0d94891aMicrosoft Security Bulletin MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution (841533). An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.
4ac78afe5a06625a0861a4ab6c335b3d28117ab77454d84120ad07fe0d94891aMicrosoft Security Advisory MS04-038 - Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
8c12c38d2335efcde6058b11b2939c069107c03e4343a03882cdaf1d2b2296eeUmL - Userspace Logger. This is functioning code based on the the example given in the article in Phrack 51 entitled "Shared Library Redirection". The following functions are logged: read()/recv() output and intercepts open(), open64(), close(), socket(), connect(), exit(). This is an effective keystroke logger, among other things, despite that the author says it is only at the Proof-of-Concept phase. License: GPL2. Version 0.0.2 testing.
d2553958c615551070ee685fb398040eefcef6ae792f7601a2657a75f7a43a62eEye Security Advisory - eEye Digital Security has discovered a buffer overflow in DUNZIP32.DLL, a module that offers support for ZIP compressed folders in the Windows shell. An exploitable buffer overflow occurs when a user opens a ZIP folder that contains a long file name.
74498eeb938601ac386acca23e9c64ceb6dd02a5bcd6488628996a9f230da45bKSB26, Kernel Socks Bouncer for 2.6.x, is a Linux 2.6.x-kernel patch that redirects full tcp connections through a socks5 proxy. KSB26 uses a character device to pass socks5 and the target IPs the the Linux kernel. This is obviously quite useful if you want to transparently tunnel certain things through a given proxy to remain anonymous, or if you want to transparently be able to sniff certain network traffic.
7d89f06ace74e773d054418c60742c9b8db462a9eba50cdec4e486d296a6bc93This is a small text document that describes how MS SQL can be "tricked" into creating a command.asp script under the webroot, even when you do not have access to 'sa' privs (dbo privs are probably still a must, though). The technique described uses the SQL server 'backup' command.
00f4e7c9f7cd17235e6b6b60f335065c99183f5e4af191f5b7d9dfcb8975e8a2Lgool is a program that will search Google for a given vulnerability. It does the exact same thing you could do by going to Google and searching for nasty stuff like passwd.cfg, but without all the trouble of actually opening a web browser. It operates in a way that is similar to "gooscan" (written by johnny and presented at defcon this year).
fc84bedf31be38ae83ff3d535b74ab23de27f74cc69a13e4347fc8c5f24bbf9eThis is a fairly light-weight introduction to what spyware is, what it does, and how to detect/block it. Mostly, it refers to other tools rather than giving any new info, but it does have a reasonable overview of different tools.
c4b00641b0e3bd8c0a0f45313ccdca6374e318e1eacae3bf0e0439ffea56aaa5A collection of shellcode for various platforms bsd-x86, linux-x86, sco-x86, and solaris-x86.
4ea425bd8e8add22af39fcb210a108dff108ad05535d97ce8c0b6f3b84699efcThe snortSnmpPlugin enables snort to send SNMP alerts to network management systems (NMS). The alerts can be traps (the alert will not be acknowledged by the receiver) or informs (the alert will be acknowledged by the receiver ). This is version 2.2.0-01.
44d5265b9d04e1782de2350a0151bec4e8ab23e871e6d6244258e461efce687feEye Security Advisory - Windows VDM #UD Local Privilege Escalation. Describes in more detail but with different terminology the "shatter" attacks corrected by MS04-032, and also discussed in a paper by Brett Moore.
6d969851dce47717c7c8d2b34a7d86e3e4b6339359ea1b5ff2767ce9961e7872This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.
b85c177e413daeba0b079bcf4270af5caa8ea90d4ca38f90165174415a48ef12Bindview Advisory - Critical Flaw in rpc__mgmt_inq_stats. A remote attacker can read large amounts of memory from and/or crash any NT4 RPC server.
4cc245fa9536dd03ba6b06c540bb025befec2fbddae044eec8fd9ed16b789535ocPortal is a Content Management System and portal. ocPortal versions up to 1.0.3 may allow for execution of commands via included scripts on the system where it is installed.
eca3b9732f89bcc8ba47ae442b4066acc6b229b03d92e81739b856751de8094c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed