SecurityFocus Microsoft Newsletter #240
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 05/10/05
- Previous message: Bruce K. Marshall: "Re: Encrypting remote files with EFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 May 2005 15:03:29 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #240
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Live CD Paradise
2. Software Firewalls versus Wormhole Tunnels
3. Bruce Schneier on Cryptography
II. MICROSOFT VULNERABILITY SUMMARY
1. PHPMyAdmin Insecure SQL Install Script Permissions Vulnerabi...
2. GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnera...
3. PostgreSQL TSearch2 Design Error Vulnerability
4. PostgreSQL Character Set Conversion Privilege Escalation Vul...
5. Invision Power Board Act Parameter Cross-Site Scripting Vuln...
6. NetWin DMail DList Remote Authentication Bypass Vulnerabilit...
7. FishNet FishCart Multiple Cross-Site Scripting and SQL Injec...
8. NetWin DMail DSMTP Remote Format String Vulnerability
9. NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
10. Microsoft May Advance Notification Unspecified Security Vuln...
11. MidiCart PHP Search_List.PHP SearchString Parameter SQL Inje...
12. MidiCart PHP Item_List.PHP MainGroup Parameter SQL Injection...
13. MidiCart PHP Item_List.PHP SecondGroup Parameter SQL Injecti...
14. MidiCart PHP Item_Show.PHP Code_No Parameter SQL Injection V...
15. MidiCart PHP Search_List.PHP SearchString Parameter Cross-Si...
16. MidiCart PHP Item_List.PHP SecondGroup Parameter Cross-Site ...
17. MidiCart PHP Item_List.PHP Maingroup Parameter Cross-Site Sc...
18. Software602 602 LAN Suite 2004 Directory Traversal Vulnerabi...
19. 04WebServer Directory Traversal Vulnerability
20. RSA Security RSA Authentication Agent For Web Remote Heap Bu...
21. Invision Power Board Login.PHP SQL Injection Vulnerability
22. RealNetworks RealPlayer Unspecified Code Execution Vulnerabi...
23. Hosting Controller Unauthorized Account Registration Vulnera...
24. Invision Power Board Search.PHP Highlite Parameter Cross-Sit...
25. Invision Power Board Topics.PHP Highlite Parameter Cross-Sit...
III. MICROSOFT FOCUS LIST SUMMARY
1. To disable SMB packet and secure channel signing enf... (Thread)
2. Visa PCI Firewall Requirements and Windows Networks (Thread)
3. SecurityFocus Microsoft Newsletter #239 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. LC 5 5
2. Enig3 1.0.0
3. .NET Security Tool Kit 1.0
4. SecureUML 1.0
5. Validator.NET 1.0
6. ldaupenum 0.02alpha
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Live CD Paradise
By Scott Granneman
Whether you need to sniff for wireless networks or carry Nessus, Nmap and
the Metasploit Framework with you in your pocket, there's a security-based
Live CD out there for you.
http://www.securityfocus.com/columnists/323
2. Software Firewalls versus Wormhole Tunnels
By Bob Rudis and Phil Kostenbader
This article explains how the PCAP library on Windows can be used to render
software firewalls and client VPN environments ineffective, easily
bypassing traditional security measures.
http://www.securityfocus.com/infocus/1831
3. Bruce Schneier on Cryptography
By Federico Biancuzzi
An interview with Bruce Schneier on some current trends in cryptography.
http://www.securityfocus.com/columnists/324
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. PHPMyAdmin Insecure SQL Install Script Permissions Vulnerabi...
BugTraq ID: 13452
Remote: No
Date Published: Apr 30 2005
Relevant URL: http://www.securityfocus.com/bid/13452
Summary:
PHPMyAdmin sets insecure default permissions on the SQL install script. As a result, local attackers may gain unauthorized access to database credentials.
This issue was reported in a Gentoo advisory. It is not known if the vulnerability is limited to Gentoo installations of PHPMyAdmin.
2. GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnera...
BugTraq ID: 13454
Remote: Yes
Date Published: May 02 2005
Relevant URL: http://www.securityfocus.com/bid/13454
Summary:
GlobalSCAPE Secure FTP Server is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it to an insufficiently sized memory buffer.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application.
3. PostgreSQL TSearch2 Design Error Vulnerability
BugTraq ID: 13475
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13475
Summary:
The PostgreSQL 'contrib/tsearch2' module is prone to a security vulnerability. The issue manifests because the module does not correctly declare several functions.
Although unconfirmed, it is conjectured that this issue allows a remote user that can write SQL queries to the affected database to call these functions, when they should not be accessible directly from SQL commands.
This vulnerability affects PostgreSQL 7.4 and later.
4. PostgreSQL Character Set Conversion Privilege Escalation Vul...
BugTraq ID: 13476
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13476
Summary:
PostgreSQL character set conversion functions could allow an unprivileged user to supply malicious arguments. This may result in arbitrary queries executing with the privileges of the conversion functions.
5. Invision Power Board Act Parameter Cross-Site Scripting Vuln...
BugTraq ID: 13483
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13483
Summary:
Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
It is reported this issue may only be exploitable through Microsoft Internet Explorer; this has not been confirmed.
6. NetWin DMail DList Remote Authentication Bypass Vulnerabilit...
BugTraq ID: 13497
Remote: Yes
Date Published: May 04 2005
Relevant URL: http://www.securityfocus.com/bid/13497
Summary:
The mailing list server (dlist.exe) included with DMail is reportedly affected by an authentication bypass vulnerability.
Due to a design error, an attacker can bypass authentication and gain unauthorized access.
A successful attack can allow the attacker to gain access to sensitive information and carry out a denial of service attack.
DMail 3.1a running on the Windows platform is reportedly affected by this issue. Other versions may be vulnerable as well.
7. FishNet FishCart Multiple Cross-Site Scripting and SQL Injec...
BugTraq ID: 13499
Remote: Yes
Date Published: May 04 2005
Relevant URL: http://www.securityfocus.com/bid/13499
Summary:
FishCart is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of the SQL injection issues could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
An attacker may leverage the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
8. NetWin DMail DSMTP Remote Format String Vulnerability
BugTraq ID: 13505
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13505
Summary:
The SMTP server (dsmtp.exe) shipped with DMail is reportedly prone to a remote format string vulnerability.
Specifically, this issue arises when the application handles malicious data passed through various administrative commands.
A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.
It should be noted that exploitation of this vulnerability requires the attacker to have the DMail administrative password.
9. NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
BugTraq ID: 13506
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13506
Summary:
NASM is prone to a remote buffer overflow vulnerability. This issue affects the 'ieee_putascii()' function.
It is likely that an attacker exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user and if the user loads the file in NASM, the attack may result in arbitrary code execution.
The attacker may then gain unauthorized access in the context of the user running NASM.
10. Microsoft May Advance Notification Unspecified Security Vuln...
BugTraq ID: 13511
Remote: Unknown
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13511
Summary:
Microsoft has released advanced notification for one security bulletin that will be released on May 10, 2005.
This advisory will relate to the Microsoft Windows platform. The maximum severity rating of this bulletin is 'Important'.
11. MidiCart PHP Search_List.PHP SearchString Parameter SQL Inje...
BugTraq ID: 13512
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13512
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
12. MidiCart PHP Item_List.PHP MainGroup Parameter SQL Injection...
BugTraq ID: 13513
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13513
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
13. MidiCart PHP Item_List.PHP SecondGroup Parameter SQL Injecti...
BugTraq ID: 13514
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13514
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
14. MidiCart PHP Item_Show.PHP Code_No Parameter SQL Injection V...
BugTraq ID: 13515
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13515
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
15. MidiCart PHP Search_List.PHP SearchString Parameter Cross-Si...
BugTraq ID: 13516
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13516
Summary:
MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
16. MidiCart PHP Item_List.PHP SecondGroup Parameter Cross-Site ...
BugTraq ID: 13517
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13517
Summary:
MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
17. MidiCart PHP Item_List.PHP Maingroup Parameter Cross-Site Sc...
BugTraq ID: 13518
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13518
Summary:
MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
18. Software602 602 LAN Suite 2004 Directory Traversal Vulnerabi...
BugTraq ID: 13519
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13519
Summary:
602 LAN Suite 2004 is reported prone to a directory traversal vulnerability.
It is reported that an attacker can exploit this issue to detect the presence of files on a computer and potentially cause a denial of service condition.
A successful attack may aid in further attacks against the system or lead to a crash due to resource exhaustion.
19. 04WebServer Directory Traversal Vulnerability
BugTraq ID: 13521
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13521
Summary:
04WebServer is prone to a directory traversal vulnerability that could allow attackers to read files one folder outside the Web root.
20. RSA Security RSA Authentication Agent For Web Remote Heap Bu...
BugTraq ID: 13524
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13524
Summary:
A remote heap-based buffer overflow vulnerability exists in RSA Authentication Agent for Web. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into a fixed-sized heap buffer memory region.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application. This reportedly occurs with 'LocalSystem' privileges, allowing the attacker to gain complete control of the targeted computer.
Versions 5.0, 5.2, and 5.3 of RSA Authentication Agent for Web are vulnerable to this issue.
21. Invision Power Board Login.PHP SQL Injection Vulnerability
BugTraq ID: 13529
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13529
Summary:
Invision Power Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue reportedly affects Invision Power Board versions prior to 2.0.4.
22. RealNetworks RealPlayer Unspecified Code Execution Vulnerabi...
BugTraq ID: 13530
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13530
Summary:
RealNetworks RealPlayer is a media player that is available for various operating systems, including Microsoft Windows, Linux, and Mac OS.
An unspecified vulnerability affects RealNetworks RealPlayer. The cause of this issue is currently unknown.
The potential impact of this issue is that an attacker may execute code in the context of the user running the affected software; this BID will be updated as more information is released.
23. Hosting Controller Unauthorized Account Registration Vulnera...
BugTraq ID: 13531
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13531
Summary:
Hosting Controller is reported prone to a vulnerability that allows unauthorized remote attackers to register an account.
The attacker can create a user and host content on a target computer. This issue may lead to other attacks against the computer as well.
Hosting Controller version 6.1 Hotfix 1.9 was reported to be vulnerable. It is possible that other versions are affected as well.
24. Invision Power Board Search.PHP Highlite Parameter Cross-Sit...
BugTraq ID: 13532
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13532
Summary:
Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue has been addressed in Invision Power Board version 2.0.4; earlier versions are vulnerable.
25. Invision Power Board Topics.PHP Highlite Parameter Cross-Sit...
BugTraq ID: 13534
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13534
Summary:
Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue has been addressed in Invision Power Board version 2.0.4; earlier versions are vulnerable.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. To disable SMB packet and secure channel signing enf... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397882
2. Visa PCI Firewall Requirements and Windows Networks (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397837
3. SecurityFocus Microsoft Newsletter #239 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397473
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. LC 5 5
By: @stake
Relevant URL: http://www.atstake.com/products/lc/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
LC 5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.
Using multiple assessment methods, LC 5 reduces security risk by helping administrators to:
* Identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords
* Recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to another authentication system
* Rapidly process accounts using pre-computed password tables* that contain trillions of passwords
2. Enig3 1.0.0
By: CCC Morocco Team
Relevant URL: http://www.ccc.ma/sw/enig3/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Enig3 is a free cryptography tool that can encrypt/decrypt content/data using your own private generated 128 Bits Enig3-Key, was developed on CCC-Morocco Labs, using the most complex cryptographic methodologies. It uses a Flow-Encoding technique which is done in 3 phases...
3. .NET Security Tool Kit 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/services/overview_s3i
Platforms: Windows XP
Summary:
The Foundstone S3i .NET Security Toolkit includes tools to help design, develop, and test secure .NET software applications. The toolkit includes Validator.NET, .NETMon, and the SecureUML Template.
4. SecureUML 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/services/overview_s3i
Platforms: Windows XP
Summary:
The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).
5. Validator.NET 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/services/overview_s3i
Platforms: Windows XP
Summary:
Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.
6. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. The script has been tested on windows and linux.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Bruce K. Marshall: "Re: Encrypting remote files with EFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
