Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:10:00 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1686201921&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fadvisories%2Feeye%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1686201921.1338178200.1338178200.1338178200.1%3B%2B__utmz%3D32867617.1338178200.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/30752/eeye.sql-worm.txt http://packetstormsecurity.org/files/30752/eeye.sql-worm.txt http://packetstormsecurity.org/files/30752/eeye.sql-worm.txt.html Sat, 25 Jan 2003 18:15:34 GMT Eeye Advisory - The "SQL Sapphire" worm is spreading quickly among unpatched Microsoft SQL Server 2000 pre SP 2 systems on the internet with are accessible over port 1434 udp. Includes a detailed analysis of the worms payload. http://packetstormsecurity.org/files/30013/eeye.macromedia.txt http://packetstormsecurity.org/files/30013/eeye.macromedia.txt http://packetstormsecurity.org/files/30013/eeye.macromedia.txt.html Wed, 13 Nov 2002 19:37:26 GMT Eeye Advisory - Both Macromedia Coldfusion 6.0 and Macromedia JRun 4.0 along with their prior versions are vulnerable to various heap overflows when handling URI filenames larger than 4096 bytes.. http://packetstormsecurity.org/files/26523/eeye.iplanet.txt http://packetstormsecurity.org/files/26523/eeye.iplanet.txt http://packetstormsecurity.org/files/26523/eeye.iplanet.txt.html Fri, 09 Aug 2002 05:31:41 GMT Eeye Security Advisory - iPlanet Web Server 4.1 and 6.0 contains a remotely exploitable heap overflow in the transfer chunking which allows remote code execution as SYSTEM/root on all platforms. http://packetstormsecurity.org/files/26522/eeye.flash.txt http://packetstormsecurity.org/files/26522/eeye.flash.txt http://packetstormsecurity.org/files/26522/eeye.flash.txt.html Fri, 09 Aug 2002 01:09:13 GMT Eeye Advisory - All versions of Macromedia Shockwave Flash for Windows and Unix contains remotely exploitable overflows in the handling of SWF files. Since this is a browser based bug, it makes it trivial to bypass firewalls and attack the user at his desktop. Also, application browser bugs allow you to target users based on the websites they visit, the newsgroups they read, or the mailing lists they frequent. http://packetstormsecurity.org/files/26394/eeye.pgp.txt http://packetstormsecurity.org/files/26394/eeye.pgp.txt http://packetstormsecurity.org/files/26394/eeye.pgp.txt.html Thu, 11 Jul 2002 04:48:25 GMT Eeye Advisory - The NAI PGP Outlook plug-in in NAI PGP Freeware 7.0.3, PGP Personal Security 7.0.3, and PGP Desktop Security 7.0.4 contains a remotely exploitable heap overflow which can lead to code execution. NAI patch available here. http://packetstormsecurity.org/files/26261/eeye.htr2.txt http://packetstormsecurity.org/files/26261/eeye.htr2.txt http://packetstormsecurity.org/files/26261/eeye.htr2.txt.html Thu, 13 Jun 2002 02:57:25 GMT Eeye Advisory - IIS 4.0 and 5.0 for Windows NT and 2000 contain a remotely exploitable heap overflow which allows remote code execution. The bug is in transfer chunking in combination with the processing of HTR request sessions. http://packetstormsecurity.org/files/26063/eEye-MSN-CHAT-OCX.txt http://packetstormsecurity.org/files/26063/eEye-MSN-CHAT-OCX.txt http://packetstormsecurity.org/files/26063/eEye-MSN-CHAT-OCX.txt.html Mon, 13 May 2002 01:34:09 GMT A buffer overflow vulnerability has been found by eEye in the parameter handling of the MSN Messenger OCX and can allow remote code execution on affected systems. http://packetstormsecurity.org/files/26016/flash.overflow.txt http://packetstormsecurity.org/files/26016/flash.overflow.txt http://packetstormsecurity.org/files/26016/flash.overflow.txt.html Sun, 05 May 2002 05:01:42 GMT Macromedia Flash ActiveX Buffer overflow - Flash ActiveX Ocx Version 6, revision 23 and below contains a remotely exploitable buffer overflow which leads to the execution of attacker supplied code via email, web or any other avenue in which Internet Explorer is used to display html that an attacker can supply. All users of Internet Explorer are potentially vulnerable. http://packetstormsecurity.org/files/24790/AD20010501.txt http://packetstormsecurity.org/files/24790/AD20010501.txt http://packetstormsecurity.org/files/24790/AD20010501.txt.html Thu, 03 May 2001 02:22:30 GMT Eeye Security Advisory - Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access). Affects Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1. The vulnerability arises when a buffer of aprox. 420 bytes is sent within the HTTP Host: header for a .printer ISAPI request. Successful attacks are not logged in the IIS access logs. http://packetstormsecurity.org/files/23515/eeye.iishack-1.5.txt http://packetstormsecurity.org/files/23515/eeye.iishack-1.5.txt http://packetstormsecurity.org/files/23515/eeye.iishack-1.5.txt.html Sun, 05 Nov 2000 07:44:06 GMT A buffer overflow has been discovered in the IIS 4.0 and 5.0 .asp file parsing mechanism. When IIS reads a malformed .asp file, code can be executed to take control of the local server as system. This can be exploited remotely by combining with the unicode bug or by paying for a web hosting account. http://packetstormsecurity.org/files/19357/eeye.98-10-01.ie4_custom_folders http://packetstormsecurity.org/files/19357/eeye.98-10-01.ie4_custom_folders http://packetstormsecurity.org/files/19357/eeye.98-10-01.ie4_custom_folders.html Thu, 23 Sep 1999 04:01:51 GMT eeye.98-10-01.ie4_custom_folders http://packetstormsecurity.org/files/19358/eeye.99-01-24.iis.ftp.dos http://packetstormsecurity.org/files/19358/eeye.99-01-24.iis.ftp.dos http://packetstormsecurity.org/files/19358/eeye.99-01-24.iis.ftp.dos.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-01-24.iis.ftp.dos http://packetstormsecurity.org/files/19359/eeye.99-02-02.ws_ftp http://packetstormsecurity.org/files/19359/eeye.99-02-02.ws_ftp http://packetstormsecurity.org/files/19359/eeye.99-02-02.ws_ftp.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-02-02.ws_ftp http://packetstormsecurity.org/files/19360/eeye.99-02-04.slmail http://packetstormsecurity.org/files/19360/eeye.99-02-04.slmail http://packetstormsecurity.org/files/19360/eeye.99-02-04.slmail.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-02-04.slmail http://packetstormsecurity.org/files/19361/eeye.99-02-20.mdaemon_dos http://packetstormsecurity.org/files/19361/eeye.99-02-20.mdaemon_dos http://packetstormsecurity.org/files/19361/eeye.99-02-20.mdaemon_dos.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-02-20.mdaemon_dos http://packetstormsecurity.org/files/19362/eeye.99-02-21.mercur_mail http://packetstormsecurity.org/files/19362/eeye.99-02-21.mercur_mail http://packetstormsecurity.org/files/19362/eeye.99-02-21.mercur_mail.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-02-21.mercur_mail http://packetstormsecurity.org/files/19363/eeye.99-02-22.wingate http://packetstormsecurity.org/files/19363/eeye.99-02-22.wingate http://packetstormsecurity.org/files/19363/eeye.99-02-22.wingate.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-02-22.wingate http://packetstormsecurity.org/files/19364/eeye.99-03-01.imail http://packetstormsecurity.org/files/19364/eeye.99-03-01.imail http://packetstormsecurity.org/files/19364/eeye.99-03-01.imail.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-03-01.imail http://packetstormsecurity.org/files/19365/eeye.99-05-26.mult_web_interface http://packetstormsecurity.org/files/19365/eeye.99-05-26.mult_web_interface http://packetstormsecurity.org/files/19365/eeye.99-05-26.mult_web_interface.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-05-26.mult_web_interface http://packetstormsecurity.org/files/19366/eeye.99-06-08.iis_remote http://packetstormsecurity.org/files/19366/eeye.99-06-08.iis_remote http://packetstormsecurity.org/files/19366/eeye.99-06-08.iis_remote.html Thu, 23 Sep 1999 04:01:51 GMT eeye.99-06-08.iis_remote