Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News

Hacking & Security News

Page: 12...165 166 167 168 169 out of 175

Format string in pwc cgi-script | 2001-03-24 08:45:28
There is a format string bug in 'pwc'. This CGI script is used to change users password via www . writelog() call syslog() function, which 'eats' ;) characters and log it to system logs. But you can paste shellcode into buffers[512] and syslog() will run it without any problems.

SunOS application perfmon vulnerability | 2001-03-23 20:44:05
System: Solaris 2.X
Parm is a program that displays system information.
Parm is SunOS application. It's not included in Solaris basic package.

There is a vulneribility in perfmon program that you can create any file with root privilege....

Log Agent, log file recollection tool | 2001-03-23 20:10:53
When comes the time to choose computer security tools, one most wanted feature is the ability to centralize the information contained in the log files. Also, this prevents the evidence from being tampered by a potential intruder. So because of this, somewhat good products are overlooked because they fail to provide this single feature, and sometimes this leads to purchasing a product that offers (and sells) many features not necessarily needed, or products that are not as flexible as desired when comes the time to make it work on your environment.

Babel, DDoS of biblical proportions | 2001-03-23 20:04:37
Things have never been perfect on the Internet, but way back then (before the Internet went commercial), it still wasn't so bad. The only major outbreak I could remember from the "old days" is the Morris worm, and even then, it's because I read about it, but I didn't find that much information from this era concerning major outbreaks. And back then, "major" meant maybe 2000-3000 Unix machines; nothing compared to today's viruses like Melissa and I Love You.

Websweeper 4.0 DoS | 2001-03-23 19:53:54
This is an infinite HTTP Request DoS exploit for Websweeper 4.0 (winNT) made by honoriak.
Download this exploit

Compaq Insight Manager Proxy Vulnerability | 2001-03-23 19:46:31
Compaq Insight Manager has a serious configuration issue which allows the use of the software as a proxy server. No logging is performed on either the OS or app., making this a perfect anonymous proxy.

Red Hat Security Advisory - sudo | 2001-03-22 19:30:22
An overrunnable buffer exists in sudo versions prior to 1.6.3p6.
The code splitting a log entry into smaller chunks contained an overrunnable buffer. Carefully constructed long commands could lead to execution of code as root. There is no known exploit at this time.

Red Hat Security Advisory - licq | 2001-03-22 19:26:42
licq as shipped with Red Hat Powertools 6.2 is vulnerable to two security problems:
An overrunnable buffer in its logging code, and an unguarded system() call to execute an external browser when receiving an URL.

Burn down the system of exploitation | 2001-03-22 01:01:28
F4rm3r, part of the staff here, wanted me to let you know about his subdomain site. You can check it out here.

Computer snooping using InstallRite | 2001-03-21 23:51:58
This paper discusses on how easy it is for a individual to track somebody's computer usage in the Windows platform. Some commercial tools exists that are specialized in snooping, but here I use a simple program that is designed to monitor software installation to gather up information about the specific usage that a computer was used for. Take note that I used the same software to implement a poorman-style Tripwire system. This is good reading material if you want to learn about the inner workings of Windows. Download

Ettercap 0.3.0 released | 2001-03-21 20:17:02
Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server or to client while maintaining an established TCP connection. Integrated into a easy-to-use and powerful ncurses interface. Screenshots are available here.
Download
Homepage

Privacy Series - Overview | 2001-03-21 20:01:41
There has been a lot of news and noise about privacy online lately. Some people seem to be getting very concerned that their online activities might be monitored. As with many public issues, the focus is on the simple and mostly harmless aspects of the problem. The really nasty issues are quietly being largely ignored; in fact, most people are blissfully unaware of them. This is unfortunate because as privacy erodes, people will become used to the process, thus allowing it to erode further. This is the first article in a series that I plan to work on over the next few weeks or months.

Using Security White Papers Effectively | 2001-03-21 19:49:01
Documenting what we know remains a challenge in the computer security profession. Various resources exist: the Internet, web pages on intranets, articles, email, and technical white papers. White papers are probably the most formal method, and they have the advantage of wide dissemination. These documents usually speak to a specific issue in depth. The range varies though with respect to the quality of coverage.

Magistr worm | 2001-03-21 09:23:29
(IDG) -- Another worm is on the loose, and while only a handful of PCs have been struck since its discovery on Tuesday, its victims are in a world of hurt.

Magistr differs from similar recent headline-grabbers Anna Kournikova and NakedWife--this one is really mean.

Kournikova clogged e-mail servers and NakedWife damaged operating systems, but the victims could make repairs. Magistr goes way beyond that, trying to expose your private files, destroy your data, and cripple your PC so it won't even reboot.

Forum function added... | 2001-03-21 00:19:28
As you can see the forum is added. If you have a question then don't be shy. Check it out here.

A poor-man Tripwire-like system on Windows 9x/NT | 2001-03-20 23:08:44
This paper explains ways to have a Tripwire-like system using existing free tools available on Internet. I propose to achieve the same results (well, almost) that with Tripwire using a software installation checker, or by using a solution in Perl (courtesy of Harlan Carvey). Other suggestions are welcomed as well. Download

NTMail web service DoS | 2001-03-20 22:51:18
NTMail V6.0.3c for windows NT/2000 can be crashed by sending mailformed url. By sending request larger than 255 characters will crash the service. A crash will take down the services listening on TCP ports: 8000 (NTMail configuration), 8025, 8080, 8888 and 9000 (GLWebMail).

U can download patch from here: Patch

Aspseek Search Engine buffer overflow | 2001-03-20 00:06:08
Once compiled and properly setup, you are left to copy s.cgi to the cgi-bin of your webserver. This script acts as the input and output for the search engine, taking user defined data and outputs the search results. Unfortunately there is a problem in the parsing of user defined data.

WebSite Pro 2.5.4/all versions Vulnerability | 2001-03-19 23:54:31
Website Pro, all versions, reveals the web directory with a simple character similar to the past vulnerability but all have been fixed except this one.
Example:
www.target.com/:/ <-this will reveal the exact location

403 Forbidden
File for URL /:/ (E:webdir:) cannot be accessed:
The filename, directory name, or volume label syntax is incorrect. (code=123)
No fix yet.
Posted by Roberto Moreno on a bt mailing list.
www.hackcanada.com
[email protected]

Virus protection in a Microsoft Windows network, or | 2001-03-19 23:15:14
This paper outlines various steps that can be done in order to protect a network from viruses. Of course, the first thing to do is to keep an antivirus software up to date. But even for such a small thing to do, many machines are still behind in their signature files and are vulnerable to old viruses. In this paper, I explain the various strategies I used to keep my machines' antivirus software up to date effortlessly, and have quick response from the software when a virus is detected. A MUST READ for all the paper MCSE's out there. Download

SSH Secure Shell Denial of Service Vulnerability | 2001-03-19 22:12:53
It is possible to cause a denial of service in SSH Secure Shell. If an attacker establishes numerous connections to the host, SSH will crash. A restart of the service is required in order to gain normal functionality.
[Homepage]

Solaris snmpXdmid Buffer Overflow Vulnerability | 2001-03-19 22:10:56
Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa...

Jelsoft vBulletin PHP Command Execution Vulnerability | 2001-03-19 22:07:09
Jelsoft vBulletin is an online discussion forum package written in PHP. The package utilizes templates to allow customization of discussion forum features. Poor filtering procedures in some of the code that handles templates allows user-specified PHP code supplied as part of a URL to be executed. This could allow an attacker to gain a local interactive shell with privileges of the web server. This problem affects versions prior to 2.0 beta 3 and 1.1.6.
[Homepage]

Another DVD descrambler | 2001-03-19 19:11:15
Coder Charles H. Hannum has created the smallest program capable of decoding a Content Scrambling System (CSS) DVD file, beating last week's seven-line Perl shell script 442 bytes to 472 (excluding newline bytes).

The programmer claims it can "descramble in excess of 21.5MBps" -- faster than the DVD specifications allow for. The speed comes "without even particularly trying to optimise the I/O. This makes it pretty insignificant compared to the rest of the decoding process" -- in other words, it's quick enough not to impede the MPEG 2 decode operation which turns the data into a moving image.

Download the source

Realistic Expectations for Intrusion Detection Systems | 2001-03-19 19:02:44
The emergence of IDSs causes some security commentators to see them as a panacea, solving all of the complex and diverse threats to network security. However, as does any weapon in the security arsenal, an IDS has limited capabilities. To expect too much of an IDS places the user's network at risk. This article will discuss reasonable expectations of Intrusion Detection Systems (IDSs). Its purpose is to help users and potential users realize the increasing importance of intrusion detection in all organizations, while also pointing out the realistic outcomes to be expected from current IDS products. It will also discuss those expectations that users may have of intrusion detection systems that are unrealistic and, as such, may threaten the security of the user's network.

Page: 12...165 166 167 168 169 out of 175

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »