Internet Security Systems (ISS) has identified a vulnerability in the encryption used to conceal the password and login ID of a registered SQL Server user in Enterprise Manager for Microsoft SQL Server 7.0. When registering a new SQL Server in the Enterprise Manager or editing the SQL Server registration properties, the login name that will be used by the Enterprise Manager for the connection must be specified. If a SQL Server login name is used instead of a Widows Domain user name and the Always prompt for login name and password checkbox is not set, the login ID and password are weakly encrypted and stored in the registry.
a9b3ac0aadd5b79df35825305233bd3833e09c5e6281fa3a3dce365b9a84405fFreeBSD Security Advisory - The lynx software is written in a very insecure style and contains numerous potential and several proven security vulnerabilities exploitable by a malicious server. No simple fix is available until a full review of lynx is done.
ee8b62ac9ab7a8179bc42cc09712b8e7817b09093530e567609345f0b14ce232FreeBSD Security Advisory - mtr, from the ports collection, fails to correctly drop setuid root privileges during operation, allowing a local root compromise.
8e19eda3761418bf2a9a006b9011dafdce46efc1bcc91af567dfa0ded91fa3e7FreeBSD Security Advisory - Orville-write, provided in the ports collection, is a replacement for the write command, which provides improved control over message delivery and other features. One of the commands installed by the port is incorrectly installed with setuid root permissions. The 'huh' command should not have any special privileges since it is intended to be run by the local user to view his saved messages.
2d6eed934594abf84b3866ecd8ebab81463e892b159c8f133135e4e089337e86SuSE Security Advisory - A security hole was discovered in the SuSE IMAP server which allows remote attackers to receive imap administrator privilige which can be used e.g. to create or delete folders. This is unrelated to the SuSE linux distribution, which is unaffected. SuSE security site here.
70f7eaca71bd1b6e0f93aeb55fc676996c8bcf24b496476f3b61cbf476fb6f90USSR Advisory #36 - Remote / local dos attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT. UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client 1.0 (port 1080) where they do not use proper bounds checking in the code who handle the GET commands The following all result in a Denial of Service against the service in question.
6c1b15e1a3945061e371fadaa138e784299cc28aea9b271df508ffefbdcb4f30USSR Advisory #35 - Remote / local dos overflow attack in MERCUR v3.2* Mail server, pop server, and imap server for Windows.
bc50ab174effe6cc371148796eba9cfd01035cb4c4caf8c073146c2acef6a2f4IP Filter is a TCP/IP packet filter suitable for use in a firewall environment. To use, it can either be run as a loadable kernel module (recommended) or incorporated into your UNIX kernel. Scripts are provided to install and patch system files as required.
d4f869816a3514d631aad96bbe48046ec74417ab1b663174ce1616ccf2cf10ebBastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat Linux 6.0/6.1. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.
211dc351110ec89d4510429f555f8005d24075e72299f0aada4d1995aad0f190Zipcracker for linux cracks password protected zip archives with brute force.
368c0ce052fd35038ffeb6f947ef94f10e0303574ccae50278d5428233eeaf9fCRYPTO-GRAM March 15, 2000. In this issue: Kerberos and Windows 2000, AES News, Counterpane Internet Security News, Software as a Burglary Tool, The Doghouse: The Virginia Legislature, Software Complexity and Security, Comments from Readers.
cc8d54b0047cdd3d3665e525c99e57b83b3d15f74dcacb134652b1e298d5551fUrlsnuff is a urlsniff dos attack. If urlsniff sees this malformed combination of HTTP Requests.
4899b441032bc837dfa3f7eb710e22b3ebaa52024993606408fe14da05fc4ae3Hellkit is a shellcode generator. You write the your shellcode in C, and it gets converted to ASM for use with both heap and stack based overflows. Many examples included.
4de0a0428ffc7564260f6144a3a67a196db6c7af7dba15d6564be3207bbc83caTESO Security Advisory - A vulnerability within the kreatecd application for Linux has been discovered. An attacker can gain local root-access. Exploit included.
6b75b08c163190a2f48460df04026108041a65be6542f340bc2ebbebc83a7a66TESO Security Advisory - A vulnerability within the imwheel application for Linux has been discovered. Some of these packages are shipped with an suid-root wrapper-script that invokes the insecure program 'imwheel' with UID 0. Exploit included.
ce2cf3b23cb544a222d43c6fcfc4168a3bd18450577b959771583ecb4a486ae2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed