Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News

Hacking & Security News

Page: 12...164 165 166 167 168 out of 175

Trend Micro Interscan Viruswall Multiple Program Buffer Overflow Vulnerability | 2001-04-15 22:37:05
A problem with the software package could lead elevated privileges on the scanning system. The management interface used with the Interscan Viruswall uses several programs in a cgi directory that contain buffer overflows. Additionally, the http daemon used to execute these programs runs as root, and does not sufficiently control access to the programs, allowing a user to execute them directly.

Hacker Tools and Their Signatures - Part One | 2001-04-15 22:30:22
This article is the first in a series of papers detailing hacker exploits/tools and their signatures. This installment will examine the Berkley Internet Name Domain exploit bind8x.c. The discussion will cover the details of bind8x.c and provide signatures that will assist an IDS analyst in detecting it. This paper assumes that the reader has some basic knowledge of TCP/IP and understands the tcpdump format.

Solaris Xsun buffer overflow vulnerability | 2001-04-11 20:15:39
A buffer overflow was discovered in Xsun. Since Xsun is SUID root, exploiting this vulnerability yields root privileges. The overflow exists in Xsun's handling of the HOME environment variable.

Strip for Palm password vulnerability | 2001-04-11 20:00:53
Strip-0.5 features a function for generating passwords, which certainly has some appeal to anyone who generates passwords frequently.
However, this function has some flaws, one of which has the effect to limit the number of different passwords strip can create to 2^16 per class (alphanumeric, alphabetic, numeric, ... with N characters).

vim_exp.pl | 2001-04-10 22:19:28
Vim 5.7 local exploit - This perl script creates a text file which when edited in vim executes an arbitrary file on the local system as the user running vim. By Nemeslly
[Download]

New text added in text archive | 2001-04-09 23:25:11
Very cool text. Explains how to make very hostile HTML code.

con-con-by-hackerattack-org.txt: [Download]

Join HAC (Hackers against cancer) | 2001-04-08 22:00:25
checksum.org has started a new project called HAC (Hackers against cancer). You can now fight back personally by joining HAC.

New OpenBSD Resource Directory | 2001-04-08 21:59:18
A new resource directory created for one of the world's most secure and stable operating systems - OpenBSD. Links to guides, tutorials, HOW-TOs and other information sources. Learn how to build that perfect firewall/gateway or secure internet server + many other topics. http://openbsd.sphosting.com/

ftpsed | 2001-04-04 23:22:13
ftpsed.pl is a perl script which exploits a denial of service vulnerability in Proftpd v1.2 and below. Requires a username and password. [Download].
Homepage: http://www.dutchriot.com. By Speedy

IDENTITY, PRIVACY, and ANONYMITY on the INTERNET | 2001-04-03 21:54:35
New text added in our text section. This text addresses privacy on the internet. Written by L. Detweiler. [Download]

Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability | 2001-04-02 22:21:58
Due to a flaw in the implementation of the Compressed Folders feature in Microsoft Plus! 98 and Windows ME, the password used to protect the compressed folder is stored on the user's machine in plaintext. A user who gains access to a machine with this feature installed may locate the file where the password is stored and use it to access any compressed folder and the contents within the folder...

Tomcat 4.0-b2 for WinNT/2000 show | 2001-04-02 08:49:39
A security vulnerability has been found in Windows NT/2000 systems that have Tomcat 4.0-b2 installed. The vulnerability allows remote attackers to get ".jsp" source.

exploits:
http://target:8080/examples/snp/snoop%252ejsp

Check Point Firewall-1 for Linux, Part Three | 2001-03-29 20:49:08
This is the third and final article in a series devoted to the exploration of Check Point Firewall-1 for Linux. In the first article we discussed single and multi-system installation and post-installation tasks. The second article explored Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. In this installment, we will go over aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installations to Linux, and backup and standby configurations.

IIS4 DoS and cross site scripting vulnerability | 2001-03-29 20:22:56
iSecureLabs team has found 2 vulnerabilites in Microsoft IIS4 regarding cross site scripting (javascript) and a denial of service attack against a server running the above stated version of Microsoft IIS.

Risk Assesments | 2001-03-29 20:04:18
During the formation of the Internet, it was an open forum for communication and exchange of data. As the Internet grows, the number of risks and vulnerabilities will increase. Part of any organization's information security program is the risk assessment process. Assessment results must provide cost-effective and management-approved corrective actions.

Inframail Denial of Service Vulnerability | 2001-03-28 22:06:02
There exists a paring problem in the handling of 302 pages by the server serving both the webpages and the administration interface for the members of the Inframail product family.

ptrace/execve race condition exploit | 2001-03-27 21:40:03
Here is exploit for ptrace/execve race condition bug in Linux kernels up to 2.2.18. It works even on openwall patched kernels (including broken fix in 2.2.18ow4) if you use address of BSS section in memory (use objdump -h /suid/binary to get .bss section address).
It does not use brute-force! It does only one attempt, parent process detects exact moment of context-switch after child goes sleep in execve.
Download

Invisible file extensions on Windows | 2001-03-27 21:19:58
A little while ago, I was having a conversation with some of my colleagues about computer viruses. The "Life Stages" virus was mentionned during the conversation. This virus disguises itself via a file with extension .SHS, while pretending to be a .TXT file. This was possible because the .SHS extension is hidden by Windows, even if it is configured to display all files, all extensions (even for known file types). .SHS stands for "shell scrap", which means that it is possible to use these files to execute commands on a computer (which is what the virus did). Following this discussion, I thought to myself "I wonder if there are any other file extensions with these attributes that could potentially be used in a virus design?". This paper presents the results of this research.
Download

Bea Weblogic (6.0) Unicode Directory Browsing | 2001-03-26 20:29:36
The Bea Weblogic server contains a flaw that allows directory browsing even if the directories contain default documents.

Raptor firewall http vulnerability | 2001-03-26 20:21:40
Raptor firewall, version 6.5 has a http request forwarding vulnerability if a port other than 80 is used. Redirect rules does not affect this problem. When an extern or internal client, configures itself to use the nearest interface as proxy, it's possible to access other ports that 80 on the target host.

MDaemon IMAP DoS | 2001-03-26 14:17:06
Some of the commands for the IMAP server do not have proper bounds checking, enabling a user to shutdown the service remotely.It should be noted that a user account is required.The commands affected are SELECT and EXAMINE.The SELECT command selects a mailbox so that messages in it can be accessed.EXAMINE works in the same way as SELECT, however the mailbox is marked as read- only and cannot be modified.

Akopia Interchange Sample Files Vulnerability | 2001-03-25 23:05:44
A vulnerability exists in components of Akopia Interchange E-commerce server...

Gordano NTMail Web Services DoS Vulnerability | 2001-03-25 22:56:14
NTMail is an email server by Gordano. If an unusually long URL is requested to the web services in NTMail, the server could stop responding. A restart of the server is required in order to gain normal functionality...

Lion Worm | 2001-03-25 13:58:56
AN "UNUSUALLY DESTRUCTIVE" computer worm is winding through the network conduits of Linux computers, capable of massively compromising servers by exploiting a known vulnerability, security researchers said Friday.

PGP vulnerability | 2001-03-24 08:56:42
ICZ has published some real information about their new attack against (Open)PGP. Their annoucement, in the English language, can be found at http://www.i.cz/en/onas/tisk4.html. They say they will make a research paper available at http://www.i.cz/ soon.

Page: 12...164 165 166 167 168 out of 175

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »