lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1092.63.205.57.187.1050456037.squirrel@web.axisamerica.com>
From: badpack3t at security-protocols.com (badpack3t)
Subject: Twilight Utilities TW-WebServer/1, 3, 2, 0 DoS

SP Research Labs Advisory x02
-----------------------------
www.security-protocols.com

Product - Twilight Utilities TW-WebServer/1,3,2,0

Download it here:
http://www.twilightutilities.com/WebServer.html

Date Released - 04/15/2003

Release Mode - 0hday, why contact the vendor?

Advisory Link:
http://www.security-protocols.com/article.php?sid=1474&mode=thread&order=0

----------------------------

Product Description from the vendor -

We are excited to present this completely new Modem Ready Internet Web
Server supporting these terrific features.

-Installs in seconds
-Lets you INSTANTLY share pictures and files
-Modem aware
-Automates telling friends and family when you start serving
-Automatically integrates your web camera
-Allows others to send files to you
-Automatically generates web pages
-Supports file resume
-A truely unique files-sharing tool

-----------------------------

Vulnerability Description -

To exploit this vulnerability, simply do a GET / with 4096 A's or more
will cause the webserver to go down.  Who really gives a damn right?

Tested on:

Windows XP Pro SP1
Windows 2000 SP3
-----------------------------

Credit ?

2PAC and Snoop Dogg did most of the work on this one.

-----------------------------

peace out,

badpack3t
www.security-protocols.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: sp-urfuqed.pl
Type: application/x-perl
Size: 1609 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030415/7d909dea/sp-urfuqed.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ