Main Forums Links The Vault Misc Wallpapers Login

features post Articles (Articles) search files, exploits & links sections: Article ThemesArticlesArticles -> EncryptionArticles -> HardwareArticles -> HistoryArticles -> LinkArticles -> NetworkingArticles -> ProgrammingArticles -> SecurityArticles -> SoftwareBoxster's LifestyleHOW-TO -> *nixHOW-TO -> HardwareHOW-TO -> NetworkingHOW-TO -> ProgrammingHOW-TO -> WindowsInterviewsNew Order NewsletterOut of the boxReviews -> BooksReviews -> HardwareReviews -> SoftwareSite NewsTheme of the monthViews online chat  server:    irc.xor.cx  channel:    #neworder random article Java 2 SDK / 1.4.0 has been released cube Feb 2 2002 quotable quotes "Man is born free; and everywhere he is in chains. One thinks himself the master of others, and still remains a greater slave than they." Jean Jacques Rousseau

Neworder Newsletter #5 @ New Order Newsletter     Oct 12 2001, 10:17 (UTC+0) .....contents 0x01 introduction 0x02 newsbytes 0x03 whats happening on box.sk 0x04 exploits in review 0x05 neworder comment on wtc attack 0x06 blackbox e-zine revived 0x07 cdlni closes its doors 0x08 and... [i n t r o d u c t i o n] welcome to the fifth neworder newsletter bringing you the lowdown on the most important security news, articles from the boxnetwork and the concise review of released exploits. id like to thank people for their continued postive feedback science.box.sk - brilliant collection of up to the minute sci-links > eye.box.sk - complete digital graphics resource > dvd.box.sk - complete DVD/DivX related information resource > edge.box.sk - opensource news and links > gameguru.box.sk - the box.sk gamers paradise with reviews, tips and more > my.box.sk - the box.sk information resource [e x p l o i t s i n r e v i e w] plenty of exploits this past while including an old and rehashed hotmail hack only this time down out for yahoo mail. not sure why this caused so much fuss in the kiddie world, most people recognised the similiarity between it and the hotmail bug. if you want to look at more exploits than is posted here check out: http://neworder.box.sk/news.php3?maxnumber=9999&exploits=yes for lots of information. this list is by no means complete, it takes long enough just to do this lot out :-) if you want up to the minute exploit news, sign up to bugtraq at securityfocus.com. .....information disclosure name: Apache UserDir Information Disclosure (User Anna) versions: unknown [assume all] description: by trying to log onto home directories you can enumerate users the returned error code gives useful information link: http://neworder.box.sk/showme.php3?id=5650 code included: url based name: path disclosure vulnerability in Oracle 9i Application Server versions: 9i, tested on WIN2k description: requesting a non-existant .jsp file will result in the full path of the oracle of server which is of use to attackers link: http://neworder.box.sk/showme.php3?id=5655 code included: url based name: XCache Web Server Cache Path Disclosure versions: 2.0->2.1 description: xchache returns full paths in the http headers on document request. link: http://neworder.box.sk/showme.php3?id=5686 code included: no, url based name: Lotus Notes API Unauthorized Access to File Attachments versions: 5.0.6 Domino Server / 5.0.7 Client (also 4.x and 5.x) description: if the object ID is known for the attachment then using their own user/password, they may view other users attachements without first knowning their password. link: http://neworder.box.sk/showme.php3?id=5719 code included: yes, weird one .....denial of service name: Kazaa / Morpheus Denial of Service Attack (Flood) versions: unknown [assume all] description: issuing a lot of requests to the anonymous file sharing port will result in a denial of service attack as bandwidth is ate ate up, the attack will also go unlogged by IDS systems link: http://neworder.box.sk/showme.php3?id=5651 code included: UNIX, C name: Denial of service attack against a 3com ADSL 812 router versions: unknown [assume all] description: the router can be reset without use of a password link: http://neworder.box.sk/showme.php3?id=5652 code included: Crossplattform Java name: 3Com Home Connect Cable Modem versions: 3Com Home Connect Cable Modem External with USB description: by sending an url request of greater than 100 characters the modem can be forced to reset arbitarily link: http://neworder.box.sk/showme.php3?id=5697 code included: no, url based name: IBM High Availability Cluster Multi-Processing (HACMP) versions: 4.3->4.4 description: doing a TCP Connect scan will result in a system crash in the program link: http://neworder.box.sk/showme.php3?id=5701 code included: no, use nmap or something .....full blown root name: NetOp School Admin Vulnerability (Authorization Bypass) versions: 1.5 only description: using a task manager, the student version which is limited in usefulness can be disabled allowing logon as admin without authentication link: http://neworder.box.sk/showme.php3?id=5669 code included: No, command based .code execution name: Hushmail.com Accounts Vulnerable to Script Attack versions: web based client description: by placing script in the from or topic field, code can executed on the clients machine. myownemail.com is also vulnerable to a similar attack link: http://neworder.box.sk/showme.php3?id=5658 code included: 'url' based name: Outlook Express 6 Security Vulnerabilities versions: 6 only description: script may be executed on client machines even when the mimi type is defined as text/plain. Another 10month old attachement hiding vulnerability is also present in the application. link: http://neworder.box.sk/showme.php3?id=5660 code included: No, but examples are name: World's First DeCSS Executable Prime Number versions: self contained application description: an interesting prime number which is actuall a banned DeCSS descrambler which caused so much controversy link: http://neworder.box.sk/showme.php3?id=5665 code included: Yes name: CheckPoint FireWall-1 GUI Buffer Overflow versions: 4.0, 4.1, and Next Generation systems description: a buffer overflow exploit allowing code execution on target machines, providing some further authentication rules are adhered to (namely a GUI client IP address) link: http://neworder.box.sk/showme.php3?id=5666 code included: no name: WebDiscount's eShop Allows Execution of Arbitrary Commands versions: none stated [assume all] description: an unchecked variable does not filter the ';' character allowing unix commands to be passed to the perl interpreter for execution link: http://neworder.box.sk/showme.php3?id=5675 code included: no, url based name: Textor Webmasters CGI versions: Listrec.pl version earlier than 1998 (including) description: again, an unchecked variable blah blah link: http://neworder.box.sk/showme.php3?id=5676 code included: no, url based name: ICQ Web Portal Multiple Cross Site Scripting versons: web client description: allows attackers to spoof information coming from supposedly the icq.com website to users clicking on malformed urls link: http://neworder.box.sk/showme.php3?id=5683 code included: no, url based name: HP UNIX /usr/sbin/swverify versions: HP Unix 11 description: a buffer overflow exists allowing code exectution link: http://neworder.box.sk/showme.php3?id=5694 code included: Unix C name: CardBoard Greeting Card CGI versions: 2.4 only description: user input is not fully filtered allowing users to insert shell commands in the recipient field link: http://neworder.box.sk/showme.php3?id=5699 code included: no, url based name: H-Sphere CGI versions: > http://black.box.sk | Email Articles to >> zwanderer@box.sk Current Issue now available from the site (#12) along with all back-issues [c d l n i s h u t s d o w n] alot of you guys will have heard of cdlni.box.sk (that would be my site[cd]). ive decided to shut it down pretty much indefinitly. that doesnt mean that the cdlni produced material will no londer be available however, just for a short while. at the minute i am recoding a php/mySQL engine similar in style and operation to what is affectionatly known as the edge engine (that would be what powers most of the boxnetwork sites). this will form the basis of a new site that i have not decided on a launch date for. as for the name, thats still in the thinking process so suggestions are welcome. the reasoning for shutting down this site was basically time commitments, the neworder newsletter is a major chunk of my time and with starting university in london and really just settling in, well you guys know how much that can kill your time. zerostealth quit the site to dedicate his time to stealthway labs which is yet to come about, so i wish him all the luck for that. it was great working with the team and the feedback we got back was always good [well most of the time]. hopefully thran and hellbound will be joining me on the new site when its up, but you'll hear about it in the next issue if all goes well. for my full statement of why the site was taken down as well as some other points, visit cdlni.box.sk or www.cdlni.com where the index page has been replaced. [a n d . . .] as a final note, if your interested in getting your articles published in this newsletter or the new order website than please send them in to webmaster@box.sk. articles should be directly related to either the boxnetwork or a security topic. read comments (2) / write comment views: 28316   printer-friendly version Top of page

powered by

The content, logo and design of this site is © 2008 by particular authors, the New Order team and Box Network ltd.
For more information about New Order contact Marek
The privacy policy statement for Box Network.