Author Archive

Ingres Database is “a database server used in several Computer Associates’ products. For example, CA Directory Service use the Ingres Database server”. Multiple local issues have been found in the Ingres database product.

Comments Off

Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability

Posted in August 1st, 2008

by SecuriTeam.com in rss

Hewlett-Packard’s Internet Services provides “end-user emulation of major business applications and a single integrated view of the Internet infrastructure”. Remote exploitation of a denial of service vulnerability in Hewlett-Packard’s Internet Services Probe Builder product allows an unauthenticated attacker the ability to terminate any process.

Comments Off

SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability

Posted in August 1st, 2008

by SecuriTeam.com in rss

SAP’s MaxDB is “a database software product”. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The “dbmsrv” program is set-uid “sdb”, set-gid “sdba”, and installed by default. Local exploitation of an untrusted path vulnerability in the “dbmsrv” program, as distributed with SAP AG’s MaxDB, allow attackers to elevate privileges to that of the “sdb” user.

Comments Off

Asterisk IAX ‘POKE’ Resource Exhaustion

Posted in July 24th, 2008

by SecuriTeam.com in rss

By flooding an Asterisk server with IAX2 ‘POKE’ requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG.

Comments Off

Kaminsky DNS Cache Poisoning Flaw (Exploit)

Posted in July 24th, 2008

by SecuriTeam.com in rss

This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.

Comments Off

SDT Cleaner

Posted in July 24th, 2008

by SecuriTeam.com in rss

Comments Off

EMC Centera Universal Access SQL Injection

Posted in July 24th, 2008

by SecuriTeam.com in rss

The user name field of the CUA Module Login does not sanitize user input allowing for an attacker to run arbitrary SQL code. Through “–” syntax it is possible to comment out the password check allowing an attacker to log in with the first available user name in the table. After performing this several times or by searching through the “Accounts” tab within the CUA Module an attacker can gather a list of all users. With this list an attacker can select an administrator account and log in with this by simply entering the user name followed by “–”.

Comments Off

Kaminsky DNS Cache Poisoning Flaw Exploit for Domains

Posted in July 24th, 2008

by SecuriTeam.com in rss

This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.

Comments Off

M	T	W	T	F	S	S
« Dec
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

.::anti-abuse.com::.

Author Archive

OpenLDAP BER Decoding Remote DoS Vulnerability

PartyGaming PartyPoker Malicious Update Vulnerability

Alcatel-Lucent OmniSwitch Stack Buffer Overflow

Microsoft Office BMP Input Filter Heap Overflow Vulnerability (MS08-044)

CA HIPS KmxFw.sys Kernel Memory Corruption

Vim Netrw FTP User Name and Password Disclosure

SurfJack - Hijack HTTP Connections to Steal Cookies

Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability (MS08-044)

Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability

Apache Tomcat Directory Traversal Vulnerability (Exploit #2)

Solaris snoop SMB Multiple Vulnerabilities

Powerfuzzer - Automated Web Fuzzer

Apache Tomcat Directory Traversal Vulnerability

Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX (Exploit)

8e6 Technologies R3000 Internet Filter Bypass with Host Decoy

Wireshark RMI Packet Dissector Information Disclosure

America’s Army Server Termination

PuttyHijack - Putty Hijacking Tool

Libxslt Heap-Based Buffer Overflow

Apache Tomcat XSS Vulnerability

ArpON - ARP Management System

Sun xVM VirtualBox Privilege Escalation Vulnerability

Ingres Database for Linux Multiple Vulnerabilities

Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability

SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability

Asterisk IAX ‘POKE’ Resource Exhaustion

Kaminsky DNS Cache Poisoning Flaw (Exploit)

SDT Cleaner

EMC Centera Universal Access SQL Injection

Kaminsky DNS Cache Poisoning Flaw Exploit for Domains

Advertisments

Popular Tags

Recent Entries

Recent Comments

Social Network

Subscribes

Meta

Archives