have you heard about it?



Bluetooth Denial of Service vulnerability

Multiple proxy server bypass -- 23-08-04

WGet File Creation Race Condition (exploit included) (bid 10361)

(New) ViewCVS Cross Site Scripting (bid 9291)

Intenet Explorer File Download Warning Bypass (bid 9278)

IIS 6.0 Web Admin Multiple Vulnerabilities (bid 8244)

3Com Office Connect OCR812 XSS vulnerabiltity + backdoor admin

KNOPPIX Qt temporary files race condition (bid 8139)

Microsoft User Domain Credendials access via OWA XSS (exploit included) (bid 8113)

HOTMAIL XSS and AV bypass (exploit included)

ZEUS server web admin XSS + information leak (bid 7751)

IPlanet Messaging Server XSS + SID hijacking (bid 7704)

Microsoft ISA Server XSS (only exploit) (bid 7623)

Inktomi Traffic-Server (Proxy Cache de Telefonica)(bid 7596)

PAM pam_xauth Module Unintended X Session Cookie Access Vulnerability (bid 6753)

AlphaShield "Unhackable" firewall Connection Tracking Weakness (bid 6637)

ILLC Inverse Lookup Log Corruption - 5 Bugs found with this technique:

   iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability (bid 7012)
   iPlanet Log Analyzer Logfile HTML Injection Vulnerability (bid 7017)
   WebTrends Analysis Suite Logfile HTML Injection Vulnerability (bid 7013)
   SurfStats Log Analyzer Logfile HTML Injection Vulnerability ( id 7014)
   WebLog Expert Logfile HTML Injection Vulnerability (bid 7016)

Logan Pro HTTP Header Code Injection Vulnerability (bid 7010)

WebLog Expert HTTP Header Code Injection Vulnerability (bid 7015)

Microsoft Content Management Server ManualLogin.asp XSS (bid 6668)

Microsoft Internet Security and Acceleration Server Land D.o.S

CheckPoint FW-1 D.o.S
   FW-1 NessusID 10617



Hugo Vazquez Carames

Copyright 2001 All rights reserved.