Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News

Hacking & Security News

Page: 12...166 167 168 169 170 out of 175

New theme | 2001-03-18 05:53:16
As you can see, the new theme is up. Hope you like it.
Registered users can change to the new theme in "your account" (main menu) or clicking "prefs" (above) after you have logged in.

Joe 2.8 local exploit | 2001-03-17 14:38:05
Joe 2.8 local exploit - Requires ispell and sysadmin intervention. Tested on FreeBSD 4.2-Release. By Fides
Download

Georgi Guninski security advisory #38, 2001 | 2001-03-17 13:26:11
It is possible to remotely restart all IIS related service using specially crafted request. It is also possible to force IIS to consume memory which it does not free.
Seems to be a buffer overflow, don't know whether it is exploitable, let me know if you find a way to exploit it.

Memory leak in Solaris 2.7 kernel | 2001-03-17 05:21:41
type this in your solaris shell:
# ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
Wait a few minutes, let the disks churn (it never stops!)
Break out of it...

# vmstat
cannot fork: no swap space
# w
cannot fork: no swap space

Have fun hard-resetting your Sun box...

Posted by on a Ellington Warner bt mailing list

Secure Newsletter #5 | 2001-03-17 04:16:10
Secure issue #4 has been released. Newsletter's archive is here.
If you haven't subscribed yet, consider it. (subscribe here)

Remote DoS attack against SSH Secure Shell | 2001-03-16 19:24:32
UssrLabs has recently discovered a problem with Windows versions of sshd.
The problem lies with adjacent connection handling where the sshd is unable to handle 64 simulataneous connections. As a result the sshd will crash, and no services to the sshd will be accepted.

New SubSeven Trojan unleashed | 2001-03-15 23:04:57
SubSeven 2.2 makes Back Orifice look tame. By Kevin Poulsen March 13, 2001 7:09 AM PT A new version of a Trojan horse program popular with computer intruders was publicly released on the web Friday, and quickly put to use by an eager underground...

ShareSniffer - Hacking for Dummies | 2001-03-15 17:34:02
In the wake of the Napster verdict, more and more alternatives to the popular music file swapping service are appearing on the Internet landscape. One new tool making waves among the file sharing community could give Windows users more than they bargained for. ShareSniffer is now available for download and may be waiting to invade your computer.

debian/suse man exploit | 2001-03-14 23:24:49
Here is another exploit for the debian/suse man -l format string bug discussed a bit earlier. It bypasses Solar Designer's non-exec stack patch and should work out of the box on Debian 2.2. Here is a detailed explanation of how to get the offsets for other distributions (such as SuSE).
Download this exploit

by fish stiqz ([email protected])

Services for Unix 2.0 Telnet Client File Overwrite | 2001-03-14 23:12:13
A vulnerability has been discovered in the interaction between Internet Explorer and the Telnet client installed with Services for Unix 2.0, that allows arbitrary files to be overwritten, or created, containing attacker specified data. This vulnerability occurs as a result of Internet Explorer executing the "telnet" command and passing command line parameters, specified in the URL, to the telnet program.

Buffer overflow in FTPFS (linux kernel module) | 2001-03-14 23:02:46
FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module, enhancing VFS with FTP volume mounting capabilities.

However, it has insufficient bounds checking. If a user can enter mount options through a wrapper, he can take over the whole system, even with restricted capabilities.

Registered users | 2001-03-14 01:40:01
First of all I want to warn registered users that their username and password are case sensitive. This is because we have fixed a bug in our sql db, involving user info modification.
If you aren't a registered user, you can creat your account here.

For all registered users, I have an announcement to make!
We are going to make about two themes later this week. Be sure to check them out using "your account" after you log in.

FreeBSD Security Advisory - timed | 2001-03-14 00:31:02
Malformed packets sent to the timed daemon could cause it to crash, thereby denying service to clients if timed is not run under a watchdog process which causes it to automatically restart in the event of a failure. The timed daemon is not run in this way in the default invocation from /etc/rc.conf using the timed_enable variable.

The timed daemon is not enabled by default, and its use is not recommended (FreeBSD includes ntpd(8), the network time protocol daemon, which provides superior functionality).

FreeBSD Security Advisory - rwhod | 2001-03-14 00:09:32
Malformed packets sent to the rwhod daemon could cause it to crash, thereby denying service to clients if rwhod is not run under a watchdog process which causes it to automatically restart in the event of a failure. The rwhod daemon is not run in this way in the default invocation from /etc/rc.conf using the rwhod_enable variable.

All versions of FreeBSD 3.x and 4.x prior to the correction date including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this problem, if they have been configued to run rwhod (this is not enabled by default).

FreeBSD security advisory - icecast | 2001-03-14 00:00:07
The icecast software, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.

There are a number of other potential abuses of format strings which may or may not pose security risks, but have not currently been audited.

Post-Query remote buffer overflow | 2001-03-13 10:57:49
Proton posted this exploit on BT and stated:
You may or may not be vulnerable to this exploit depending on a number of factors.

Better safe than sorry, remove post-query if you have it. It is an example program designed to demonstrate how posting to CGI works and as such isnt useful for any normal webserver operations.

You can download it here.

NT vulnerability scanner | 2001-03-13 10:49:36
Mattias Berge posted his NT vulnerability scanner on BugTraq, so I though you would like to download it.

FreeBSD-SA-01:26 Security Advisory - Interbase | 2001-03-13 10:43:08
The interbase software contains a remote backdoor account, which was apparently introduced by the vendor in 1992. The interbase source code has recently been released and is the basis for a derivative project called firebird, who are credited with discovering the vulnerability.

The backdoor account has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.

Caldera Systems, Inc. Security Advisory | 2001-03-13 10:34:59
There are several buffer overflows in imap, ipop2d and ipop3d. These overflows usually only make it possible for local users to gain access to a process running under their own UID.

However, due to a misconfiguration, it is possible for remote attackers to gain access to the 'nobody' account and run programs or further exploits on the attacked machine.

Make more traffic for your web site | 2001-03-13 04:03:44
Some of you may wonder how can they let users vote for their website on xatrix.org and generate more traffic.
Click here to Read More about it.

Jarle Aase War FTPD Directory Traversal Vulnerability | 2001-03-12 21:54:22
A remote user could gain read access to directories outside of the ftp root in a Jarle Aase War FTPD Server. Once a user is logged into the server, a specially crafted 'dir' command will disclose an arbitrary directory. This vulnerability could allow an attacker to gain read access to various files residing on the target machine...

Cisco pix security notes | 2001-03-12 18:55:20
Fabio Pietrosanti said:
Working with Cisco PIX Firewall i wrote some note about possible security problem of Cisco PIX.

Attached the paper Cisco_PIX_Notes.txt :)

Download

Ikonboard permission vulnerability | 2001-03-12 18:47:49
There is another bug in the Ikonboard. A malicious user can read any file on the remote system with the privileges of the web server.

ascdcx exploit | 2001-03-11 21:41:04
There are multiple buffer overflows in ascdc that can be exploited to gain root if it is installed setuid root. It is NOT installed setuid root by default but as the README says: "If you intend to use the automounting feature, you must either run ascdc as root or setuid it."
Vulnerability found by Christer Öberg, Wkit Security AB
Download

Security and protection under Windows 95/98 | 2001-03-10 17:26:29
Text about viruses, trojans and stuff with simple explanations on how to protect yourself without supporting big Anti-Virus companies by buying their software.
[Download]

Page: 12...166 167 168 169 170 out of 175

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »