exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from Chris Anley

Email addresschris at ngssoftware.com
First Active2003-07-28
Last Active2007-02-06
NGS00471.txt
Posted Feb 6, 2007
Authored by Chris Anley | Site ngssoftware.com

Versions of Jetty, the popular java web server, are vulnerable to a session id prediction attack. Jetty uses java.util.Random to generate session ids. The internal state of this generator can be easily discovered, leading to an attacker being able to hijack existing and future sessions. Jetty versions below 4.2.27, 5.1.12, 6.0.2 and 6.1.0pre3 are affected.

tags | advisory, java, web
SHA-256 | c1d988304d1385f3280f2844850635794020da733cf9d0150423c973335069fc
sybase-ase.txt
Posted Apr 17, 2005
Authored by Mark Litchfield, Chris Anley, Sherief Hammad | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
SHA-256 | 8057a9b0c4794a5ecce8eb94c3a4e21b6ee749420f1666aa849c032a94346f39
Next Generation Security Advisory 205012005G
Posted Jan 6, 2005
Authored by NGSSoftware, Chris Anley | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005G - IBM DB2 is vulnerable to denial of service conditions when processing certain function calls. Systems Affected: DB2 8.1.

tags | advisory, denial of service
SHA-256 | f3c908713847b92460a5a7d99df17b60b369dd3c656c7cfc290d0f990ee42c85
Next Generation Security Advisory 205012005F
Posted Jan 6, 2005
Authored by NGSSoftware, Chris Anley | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005F - Almost all shared memory sections and events in the Windows version of DB2 have weak permissions; all sections can be read and written by Everyone, and all events can be set and waited on by Everyone. This results in a number of security issues relating to the privileges of local users. Systems Affected: DB2 8.1.

tags | advisory, local
systems | windows
SHA-256 | 710a1b87f503f48ddd770bd0d5c49acdd7ab71124cf9f67ce6157ca99e17f3fc
NGSextproc.txt
Posted Jul 28, 2003
Authored by David Litchfield, Chris Anley | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR25072003 - In an attempt to fix previous vulnerabilities discovered by NGSSoftware, the Oracle RDBMS fix patched the hole but left a logging function vulnerable to a stack overflow.

tags | advisory, overflow, vulnerability
SHA-256 | 237dd712fc93400a7d9eed9e111f3ab5238fd5fcb2322857fa12ec0d69be3187
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close