what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Ollie Whitehouse

First Active2002-06-05
Last Active2007-10-23
SYMSA-2007-013.txt
Posted Oct 23, 2007
Authored by Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-013 - Lotus Notes and Domino are susceptible to a vulnerability in the IPC functionality between NLNOTEs and NTASKLDR.

tags | advisory
advisories | CVE-2007-5544
SHA-256 | 7de0e438003f14b51adeb9d77bdce9c0799d30834e20093b16bcf507c47d2f97
SYMSA-2007-012.txt
Posted Oct 23, 2007
Authored by Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-012 - Microsoft Windows CE suffers from a IGMP related denial of service vulnerability.

tags | advisory, denial of service
systems | windows
advisories | CVE-2006-0021
SHA-256 | 2a7a4f96a971f94fa1cb4df40898c68ed0b5b2fd36736921625d3dfb242c518d
SYMSA-2007-011.txt
Posted Oct 18, 2007
Authored by Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-011 - A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.

tags | advisory
systems | windows
advisories | CVE-2007-5493
SHA-256 | eee9df452f180ce03cf99ac3571d5c28ecb00ea2370f58c105f853fd6c953f0c
SYMSA-2007-010.txt
Posted Oct 15, 2007
Authored by Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-010 - A vulnerability has been discovered in the mechanism that Microsoft ActiveSync 4.x uses to obfuscate the password when it's sent over the USB network interface between the device and the host machine. This enables malicious software on the host to either impersonate a device in order to obtain the current password or, if in a position to sniff network traffic, obtain the password for trivial decoding.

tags | advisory
advisories | CVE-2007-5460
SHA-256 | 931bc3ac990fc2a8b1b2680ebd4ae1b48d6b60679fcb0bacfc1609c0b629d79b
SYMSA-2007-005.txt
Posted Jul 11, 2007
Authored by James Hoagland, Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-005 - Due to an implementation issue, the Windows Firewall does not apply firewall rules correctly on the Teredo Interface. This allows a level of remote access to TCP and UDP ports and services that exceeds what Microsoft expected and what an administrator would expect.

tags | advisory, remote, udp, tcp
systems | windows
advisories | CVE-2007-3038
SHA-256 | 7523939204b447c8348f1cf34b6663de6d7161f879fa100e8698124169ccbbfc
SYMSA-2006-002.txt
Posted Apr 11, 2006
Authored by Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research: SYMSA-2006-002- There exists a format string vulnerability within the McAfee WebShield SMTP server which allows an attacker to execute arbitrary code on the host computer via an unauthenticated connection. With successful exploitation, an unauthenticated attacker is able to obtain SYSTEM access.

tags | advisory, arbitrary
SHA-256 | a7aec9242cde724fecd60dd1e9d7c1d95f6ea96c27298a6d5a2eb2a07ae0d68f
SYMSA-2006-001.txt
Posted Mar 15, 2006
Authored by Ollie Whitehouse | Site symantec.com

Symantec Security Advisory SYMSA-2006-001 - There exists a buffer overflow in Microsoft Word, Excel, PowerPoint, and Outlook in the parsing of the routing slip metadata. The result is that when a user closes a malicious document, arbitrary code can be executed on the host in question.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-0009
SHA-256 | ea731a97597080437bb7468feb46d673d0c29d6bf906cdf8a42e809c2c07d1db
Atstake Security Advisory 03-11-17.2
Posted Nov 17, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.

tags | advisory, remote, web, overflow
advisories | CVE-2003-0940, CVE-2003-0941, CVE-2003-0942, CVE-2003-0943, CVE-2003-0944, CVE-2003-0945
SHA-256 | cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bd
Atstake Security Advisory 03-11-17.1
Posted Nov 17, 2003
Authored by Atstake, Ollie Whitehouse, Dino Dai Zovi | Site atstake.com

Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.

tags | advisory, remote, overflow, local, tcp
advisories | CVE-2003-0938, CVE-2003-0939
SHA-256 | 3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125b
redfang.2.5.tar.gz
Posted Oct 21, 2003
Authored by Ollie Whitehouse | Site atstake.com

Redfang v2.5 is an enhanced version of the original application that finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().

Changes: Code was streamlined, enumerates service information, and supports multiple threads for substantial speed gains using multiple devices (maximum theoretical limit of 127 USB devices). Tested on Linux. More information available in the paper War Nibbling - Bluetooth Insecurity. .
tags | tool, wireless
SHA-256 | 7cf45008810ca894b085ae0eb1a0071f0cb6989dd9ce35cfcd617fedf7018c7f
Atstake Security Advisory 03-09-15.1
Posted Sep 16, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091503-1 - The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.

tags | advisory, web, root, javascript, vulnerability, xss
SHA-256 | 4924ba9b5946a4e3970ccd2e0126327f9de57382c0d428f532349345aa409bd4
Atstake Security Advisory 03-09-11.1
Posted Sep 13, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.

tags | advisory, sql injection
advisories | CVE-2003-0779
SHA-256 | 5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7
Atstake Security Advisory 03-09-04.1
Posted Sep 6, 2003
Authored by Atstake, Ollie Whitehouse, Graham Murphy, Stephen Kapp | Site atstake.com

Atstake Security Advisory A090403-1 - The Asterisk software PBX has a flaw in its SIP protocol implementation that could allow an attacker to obtain remote and unauthenticated access to the system.

tags | advisory, remote, protocol
SHA-256 | e061dbc54a00034594ef6c63ace2f2be44df7efdf3eda421fd1ced83e4fab944
redfang.tar.gz
Posted Jun 11, 2003
Authored by Ollie Whitehouse | Site atstake.com

fang is a small proof-of-concept application to find non discoverable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name().

tags | tool, wireless
SHA-256 | 945fa08d2db2da2eb13cd4bc4bf7ca8b42c3f19daac89a8d244fa205bfcd41e5
Atstake Security Advisory 03-04-07.1
Posted Apr 10, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.

tags | advisory, info disclosure
SHA-256 | 819e7cf337971ea1efaa8dbf85a334f9b624b959117fa9e360810f3cac0f34ac
Atstake Security Advisory 03-03-17.1
Posted Mar 18, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A031703-1 - McAfee ePolicy Orchestrater v2.5.1, an enterprise antivirus management tool for Windows 2000, contains a remote format string vulnerability which allows code execution as SYSTEM if tcp port 8081 is accessible.

tags | remote, tcp, code execution
systems | windows
SHA-256 | 57b85495432c8e5ec8fc8404b83aa9c7607157c7553eda5446874f8bbc55c20c
Atstake Security Advisory 03-03-13.2
Posted Mar 14, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A031303-2 - Nokia SGSN (DX200 Based Network Element) is a platform that exists between legacy GSM networks and the new IP core of the GPRS network. The SGSN, or Serving GPRS Support Node, is vulnerable in that it allows any attackers to read the SNMP options with any community string.

SHA-256 | a743e83228a8aa4690b234f2fa9cd8ae048f018026c6d5f4f2c72ee4558edd4d
Atstake Security Advisory 02-08-28.1
Posted Aug 29, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.

tags | web, overflow, local, activex
SHA-256 | 56359c9b96a1991a0e4e4ca0c9bcd9337adab1526626b1bdc5b1cae7f982e8e1
Atstake Security Advisory 02-07-15.1
Posted Jul 17, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Advisory A071502-1 - Norton Personal Internet Firewall 2001 v3.0.4.91 for Windows NT and 2000 contains buffer overflows in the HTTP proxy which allows attackers to overwrite the first 3 bytes of the EDI register, which can lead to remote code execution.

tags | remote, web, overflow, code execution
systems | windows
SHA-256 | b638be2b6c12ee1233b0973e42fb9455d457e7c5b99317fa57810587b7da13b0
Atstake Security Advisory 02-06-05.1
Posted Jun 5, 2002
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.

tags | vulnerability
SHA-256 | 6c550edb79304b779ac8aac4982d3ad3e6fb9a08a6d7394b3520dc74a6e1c066
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close