SWS Web Server v0.1.0 Exploit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /* * Mon Sep 2 17:45:04 2002 * * |SaMaN| aka Mert <[EMAIL PROTECTED]> * * Information : Anyone can kill SWS Web Server v0.1.0 remotely. * * Proof of Concept Exploit for SWS Web Server v0.1.0 * * SWS homepage : http://www.linuxprogramlama.c

New Paper: Threat profiling Microsoft SQL Server

NGSSoftware has just published a paper on Threat Profiling Microsoft SQL Server. For those that would like a copy you can do so here: http://www.nextgenss.com/papers/tp-SQL2000.pdf Cheers, The NGSSoftware Insight Security Research team.

Windows .NET Server (RC1) and MSDE (#NISR03092002B)

NGSSoftware Insight Security Research Advisory Name: Windows .NET Server (RC1) and MSDE Systems: Windows .NET Server (RC1) and MSDE 2000 Severity: High Risk Category: Configuration Vendor URL: http://www.microsoft.com/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL: http://www.ngssoftw

Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)

NGSSoftware Insight Security Research Advisory Name: sp_MSSetServerPropertiesn and sp_MSsetalertinfo Systems: Microsoft SQL Server 2000 Severity: Low Risk Category: Configuration Vendor URL: http://www.microsoft.com/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL: http://www.ngssoftwar

Outlook S/MIME Vulnerability

=== Outlook S/MIME Vulnerability 09/02/02 Mike Benham <[EMAIL PROTECTED]> http://www.thoughtcrime.org === Abstract Outlook's S/MIME implementation is vulnerabl

Happy Labor Day from Snosoft

For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these "

One step easier password guessing on Windows

Hi, Microsoft's IE has a feature of storing login passwords for future use. With (at least) IE 6 on Win2k SP3 (as well as others, see below,) if you see the login screen with tag, and the cached password apears as astrisks, if you stand at the beginning of the string and Ctrl+Shift+Right Arrow t

Re: Trillian XML parser buffer overflow

Using a private beta build, I have been unsuccessful in trying to reproduce this particular problem, so it appears they have fixed the problem, in solitude. -- Sincerely - Venlig hilsen Michael <[EMAIL PROTECTED]>

[RHSA-2002:186-07] Updated scrollkeeper packages fix tempfile vulnerability

- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated scrollkeeper packages fix tempfile vulnerability Advisory ID: RHSA-2002:186-07 Issue date:2002-08-19 Updated on:2002-08

SECNAP Security Alert: Radmin Default install options vulnerability

Radmin is a very fast, very powerful remote administrator server available on Win95 and above. Radmin is used by help desks and fortune 500 clients worldwide. This software gives the user the ability to remotely monitor, control and transfer files to and from his remote client via a password pro

XSS in Null HTTPd

Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is quite basic, but offers good CGI support. A vulnerability in Null HTTPd may allow cross-site scripting via a 404 page: http://localhost/a?x=alert(document.URL) You have to place this in the query string so that it doesn'

The ScrollKeeper Root Trap

Release date: September 2 2002 Author : Spybreak ([EMAIL PROTECTED]) Package : Scrollkeeper Version : 0.3.4, 0.3.11 Severity: Medium to High Vendor homepage : scrollkeeper.sourceforge.net Status : vendor contacted Problem : Insecure creation