.:[ packet storm ]:.
                             
the vulnerability safehouse
the vulnerability safehouse

 Section:  .. / advisories / blackwatchlabs  /

www.perfectotech.com/blackwatchlabs/

Page 1 of 1
<< 1 >> Files 1 - 6 of 6
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: BWL-00-01.txt
Description:
 Black Watch Labs Security Advisory #00-01 (Feb 17, 2000) - Search Engines (e.g. AltaVista and InfoSeek) can be used to reveal potential application-level vulnerabilities in indexed web sites. Easily formed queries which incorporate the "signature" of a suspected vulnerability can be used to list the sites which match the signature, that is, which contain the "suspicious" content. In some cases, hundreds of thousands of web sites can be located with one query. Check your site with the Site Checker, available here.
Author:Black Watch Labs
Homepage:http://www.perfectotech.com/blackwatchlabs/
File Size:6678
Last Modified:May 15 03:31:09 2000
MD5 Checksum:9fbfd0d2e0985d6e96184db55903265c

 ///  File Name: BWL-00-02.txt
Description:
 Black Watch Labs Security Advisory #00-02 (March 6, 2000) - Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data. A mail application used by some free mail services employs a weak security scheme. It assigns session-IDs ("tokens") for logged-in users which allow reading of arbitrary users' messages and private information.
Author:Black Watch Labs
Homepage:http://www.perfectotech.com/blackwatchlabs/
File Size:9054
Last Modified:May 15 03:31:09 2000
MD5 Checksum:5afcf43693f2eba277fc5c2e50a93792

 ///  File Name: BWL-00-03.txt
Description:
 Black Watch Labs Security Advisory #00-03 (March 21, 2000) - Some Infonautics' applications utilize the getdoc.cgi CGI in such a way that allows attackers to gain (read) access to a document they would otherwise have to pay in order to view. Exploit information included.
Author:Black Watch Labs
Homepage:http://www.perfectotech.com/blackwatchlabs/
File Size:5913
Last Modified:May 15 03:31:09 2000
MD5 Checksum:c0dd5f36d7ad60f4402a21122192d752

 ///  File Name: BWL-00-04.txt
Description:
 Black Watch Labs Security Advisory #00-04 (April 6, 2000) - BizDB is a database and search engine software by Cnctek. Part of the installation is a CGI script, ?bizdb-search.cgi? which is used to search the bizdb database. This script is vulnerable to modification of its paramater, in such way that causes it to run user provided shell commands on the server. Exploit URL's included. These issues have been resolved in newer versions of this software, make sure to upgrade!
Author:Black Watch Labs
Homepage:http://www.perfectotech.com/blackwatchlabs/
File Size:7506
Last Modified:Dec 7 06:34:58 2000
MD5 Checksum:8865d9c1eafd735f0d6148dc82d1579c

 ///  File Name: BWL-00-05.txt
Description:
 Black Watch Labs Security Advisory #00-05 (May 5, 2000) - Gossamer Threads DBMan (db.cgi) allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. DBMan dumps useful information (e.g. script location, HTTP root, version of Perl, server_admin, server_name, path) to the browser when the database file provided is incorrect. Perl exploit included.
Author:Black Watch Labs
Homepage:http://www.perfectotech.com/blackwatchlabs/
File Size:7437
Last Modified:May 15 03:31:09 2000
MD5 Checksum:d9a9c73617fc0034d47ea59f768dc342

 ///  File Name: BWL-00-06.txt
Description:
 Black Watch Labs Security Advisory #00-06 (May 10, 2000) - Environment and Setup Variables can be Viewed through FormMail.cgi Script. The FormMail.cgi script allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. The script will also happily send mail to an attackers mail account instead for analysis.
Author:Black Watch Labs
Homepage:http://www.perfectotech.com/blackwatchlabs/
File Size:5475
Last Modified:May 15 03:31:09 2000
MD5 Checksum:e78b8ac6213cf3df7d22c2596be2581f
 

 ///  Last 10 Files
  1. :· browser_insecurity_iceberg_2008.pdf
  2. :· SSRT080039.txt
  3. :· 25C3-CFP.txt
  4. :· SCANIT-2008-003.txt
  5. :· SCANIT-2008-002.txt
  6. :· SCANIT-2008-001.txt
  7. :· usurdat.zip
  8. :· usurdat.txt
  9. :· glsa-200807-02.txt
  10. :· glsa-200807-01.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· SSRT080039.txt
  2. :· SCANIT-2008-003.txt
  3. :· SCANIT-2008-002.txt
  4. :· SCANIT-2008-001.txt
  5. :· usurdat.txt
  6. :· glsa-200807-02.txt
  7. :· glsa-200807-01.txt
  8. :· USN-617-2.txt
  9. :· haloloop2.txt
  10. :· stalker39x.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· usurdat.zip
  2. :· blogparticle-traverse.txt
  3. :· hbr-rfi.txt
  4. :· 0806-exploits.tgz
  5. :· mambongal-sql.txt
  6. :· psys070-sql.txt
  7. :· pivot-disclosure.txt
  8. :· rcm-sql.txt
  9. :· barenuked-admin.txt
  10. :· faname10-xss.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· pktanon-1.2.0-dev.tar.gz
  2. :· unhide20080519.tgz
  3. :· prelude-manager-0.9.13.tar.gz
  4. :· nwldapbf.txt
  5. :· dnsenum1.2.tar.gz
  6. :· grubbrute.txt
  7. :· bsqlbf-v2.1.zip
  8. :· rfdump-1.6.tar.gz
  9. :· tmin-0.04.tar.gz
  10. :· iptables-1.4.1.1.tar.bz2
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· browser_insecurity_iceberg_2008.pdf
  2. :· 25C3-CFP.txt
  3. :· bacom2008-cfp.txt
  4. :· strongswan-4.2.4.tar.gz
  5. :· Reverse.Engineering.AntiCracking.Techniques.pdf
  6. :· An-approach-to-malware-collection-log-visualization.pdf
  7. :· the-extended-html-form-attack-revisited.pdf
  8. :· ISOI-CFP2008.txt
  9. :· DEFE-24-1925.pdf
  10. :· DEFE-24-1924.pdf
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice