Thatware is a news portal administration tool. The security vulnerabilities in Thatware allows attacker to gain administrative access to the application. Two exploits included. Fix: For a quick fix, simply rename admin.php3 and simply quote all numeric data in SQL statements.
f1837f7f0c5bc17cf29726c8a0e878307e31fc3411e3a8cfb596b751b87fd088A Stateful Inspection of FireWall-1 - In this advisory we summarize our findings from BlackHat 2000 on Checkpoint Firewall-1. It is susceptible to several trivial attacks against its inter-module authentication protocols, IP address verification has flaws, FWN1 and FWA1 is vulnerable to a replay attack, Fastmode vulnerabilities, FWZ Encapsulation vulnerabilities, and Stateful Inspection problems, and much more. Included in the tarball is the presentation in two formats, the technical documentation for the vulnerabilities, and the source code used in the demonstation.
2307e3b4992373126506a9e8ddec37a8bb211d7837d390f321905d5f799474ddCIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file.
e61a8564d2ced7114295c1a3afdbb9445be64ee4696516061c8a0e67388605deUSSR Advisory #52 - Clarification. To clear up a few comments about USSR Advisory #52. One regarding the DoS against Iris 1.01 "BETA", and the other regarding "in this case Eeye".
d896e26836e7ab23f58fb1922907ce3ec2c70631df59172b191a984429cad68dDragonmount Networks has released Part 2 of a multipart series on the Transmission Control Protocol. This installment looks at how to use tools provided with your operating system to see TCP and related protocols in action. It also describes the flow of data between machines at multiple levels during simple network operations.
f51add40b996ecf1990c275bbd083fcae7cd466641b1e38a2b0bf55d8417a4afThis script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution.
baabf3683d5e3e05e4139396752c7d9eb51dcf6e6f61509565b5d8a451188910DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it.
7a038f9c1d82043dbb38f1bf6f9f86650e691e4dc79a2af2c543f50c111502eaSAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
59a9709a60ae365c9defacad250c695e5acdefaa7b45b72e12cb74bc1a9b83ddTurboLinux Security Announcement - Affected TurboLinux versions: 6.0.5 and earlier. Package: netscape-communicator 4.74 and earlier. There is a serious problem in netscape's java libraries that allows an applet to act as a web server on the client machine, exposing all files on the machine to the world. TurboLinux security announcments here.
9d00cf86eea686722c2c5dd68dc41d102c2b57e3dfcf65c8685df01f370ee639FreeBSD Security Advisory SA-00:45 - esound port allows file permissions to be modified. EsounD is a component of the GNOME desktop environment which is responsible for multiplexing access to audio devices. The esound port, versions 0.2.19 and earlier, creates a world-writable directory in /tmp owned by the user running the EsounD session, which is used for the storage of a unix domain socket. A race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This can give the attacker access to the victim's account, or lead to a system compromise if esound is run by root.
09a1768462579f3e6581ae9bbc3d3331249397ca2da3537c18b79471fb7e0de7USSR Advisory #52 - The Ussr Team has found a problem in Eeye IRIS 1.01, There is a heap memory buffer overflow in IRIS 1.01 that causes not only this network sniffing program to crash, but also to take system resources up to 100% usage, until it crashes. The vulnerability arises after sending multiple udp connection to random ports on the host that IRIS or SpyNet CaptureNet is running.
e25834b44f953097671edf9008a232d79595b71f52b4a93e91e5a6cea8335b80
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed