|Copyright © 2001,2002 eyeonsecurity
Inc., All Rights Reserved. No portions of eyeonsecurity
may be used without express, written permission
allows automatic over writing of files on your hard disk
This exploit lets malicious users to over write
files, possibly leading to Denial of Service (cannot boot OS style
Extent RBS directory
Allows you to retrieve files on the hard disk, such as RBS database,
which has user passwords in clear text.
in YaBB and UBB allow account hijack [Multiple Vendor]
Using this method malicious users may hijack user and administrative
accounts, allowing them to elevate their privilage in the BBS, pose
as other users, and basically control the BBS.
Web Browsers vulnerable
to the Extended HTML Form Attack
An overlooked security loophole within multiple popular web browsers
which allows stealing of session authentication (when using cookies),
internal network penetration and other evil stuff.
Gator installer Plugin allows any
software to be installed
A very obvious backdoor installed by .. guess who? Gator .. the
top in spyware. This exploit allows a malicious web master to install
any program on the target machine regardless of the Internet Explorer
Account hijack through the Web Interface.
An account hijack method for IMail and Excite's WebMail. Allows
malicious users to read mail, etc.
Vulnerabilities in MDaemon + WorldClient
A buffer overflow, remote file deletion, default user/pass and poor
password encryption. When used simultaneously these issues can allow
attackers to easily take over a server.
MSN Groups makes
cross site scripting easy
Hotmail and MSN is vulnerable to yet another - very obvious attack.
By uploading an HTML or SWF file on Groups.msn.com malicious users
may steel cookies and control the user's browser .. a Cross Site
Are you vulnerable
to Flash XSS attacks?
A list of software and services which are known to be vulnerable
to the Flash cross site scripting attack mentioned in my paper.
vulnerable to Cross-site Scripting.
A standard and commonly used Perl Module, CGI.pm is vulnerable to
Cross Site Scripting - and therefore anyone making use of this module
should fix CGI.pm on production servers.