Advisories

December 22nd - Alfredo Ortega
The VNC server of Qemu and KVM virtualization solutions are vulnerable to a remote DoS, when specially crafted packets are received by the host VNC server causing an infinite loop.

December 10th - Ricardo Narvaja
A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value.

December 9th - Alfredo Ortega
Vinagre is a VNC client for the GNOME Desktop and it is prone to a remote format string vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the application.

November 4th - Damian Frizza
Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function.

October 14th - Francisco Falcon
VLC media player is vulnerable to a memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system, by providing a specially crafted XSPF playlist file.

September 12th - Nicolas Economou
Apple's Safari is the default web browser included on Apple's iPhone. A vulnerability has been found on the WebKit library used by Safari inside iPhone. Inserting a special string on the alert() JavaScript method it is possible to crash Safari via an outbound memory read triggering an access violation.

August 20th - Federico Muttis
A XSS vulnerability has been discovered in vBulletin that could allow an attacker to carry out an action impersonating a legal user, or to obtain access to a user's account. This flaw allows unauthorized disclosure and modification of information, and it allows disruption of service.

August 20th - Francisco Falcón
Anzio Web Print Object is vulnerable to a buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious web page with a long "mainurl" parameter for the WePO ActiveX component.

August 13th - Jorge Luis Alvarez Medina
Issues have been found in the way that Internet Explorer security policies are applied: when a remote site attempts to access a local resource, Internet Explorer will fail to enforce the Zone Elevation restrictions; and when browsing a remote site, Internet Explorer will not apply the right Security Zone permissions, allowing a site belonging to a less secure zone to be treated as one belonging to a more privileged zone.

August 4th - Anibal Sacco
Local exploitation of an input validation vulnerability within VirtualBox's VBoxDrv.sys driver could allow an unprivileged attacker to execute arbitrary code within the kernel of a Windows host operating system.

June 11th - Sebastián Muñiz and Nicolás Economou
A vulnerability was found in CitectSCADA that could allow a remote un-authenticated attacker to force an abnormal termination of the vulnerable software (Denial of Service) or to execute arbitrary code on vulnerable systems to gain complete control of the software. To accomplish such goal the would-be attacker must be able to connect to the vulnerable service on a TCP high-port.

June 4th - Alfredo Ortega
The NASA BigView package suffers from a stack buffer overflow when parsing specially crafted (invalid) PNM input files. If successful, a malicious third party could trigger execution of arbitrary code within the context of the application, or otherwise crash the whole application.

May 21st - Rodrigo Carvalho and Ricardo Narvaja
Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeateadly execute a denial of service attack to crash the iCal application.

May 20th - Damian Frizza and Alfredo Ortega
The Borland Interbase 2007 database server [1] is vulnerable to an integer overflow when a malformed packet is sent to the default TCP port 3050. The integer overflow can cause a stack overflow, which allows arbitrary code execution with system privileges.

May 5th - Alfredo Ortega
The popular NASA's CDF open source library is vulnerable to a buffer overflow in the stack, enabling client-side attacks on users and server-side attacks on web services.

April 30th - Sebastián Muñiz
This is a remote denial of service vulnerability found in a component that is part of the WonderWare InTouch supervisory HMI sofware. HMI stands for Human-Machine-Interface and its the term commonly applied to refer to the use interface of Process Control Systems software. The vulnerability allows an attacker to crash the SuiteLink Service which is used by WonderWare InTouch software to receive input from devices on the network over TCP/IP.

28th April - Damian Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco and Rodrigo Carvalho
Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls (BitDefender Antivirus, Comodo Firewall, Sophos Antivirus and Rising Antivirus) have been found that could lead to a local Denial of Service (DoS) and possibly to code execution attacks.

April 3rd - Diego Juarez
Orbit downloader is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers to execute arbitrary code.

March 25th - Ariel Waissbein, Pedro Varangot, Martin Mizrahi, Oren Isacson, Carlos Garcia and Ivan Arce
A remote buffer overflow vulnerability found in a library used by both the SILC server and client to process packets containing cryptographic material may allow an un-authenticated client to execute arbitrary code on the server with the privileges of the user account running the server, or a malicious SILC server to compromise client systems and execute arbitrary code with the privileges of the user account running the SILC client program.

March 18th - Rodrigo Carvalho
The Wiki Server is vulnerable to a path traversal attack, which can be exploited by non-privileged system users via a forged file upload to write arbitrary files on locations in the server filesystem, restricted only by privileges of the Wiki Server application.

March 11th - Sebastián Muñiz
The vulnerabilities discovered allow a remote attacker to upload a file to an arbitrary location on the victim's machine and forge peer information on the log lines of the victim's application.

4th March - Alfredo Ortega
Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality.

27th February - Felipe Manzano and Anibal Sacco The Videolan (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system.

25th February - Gerardo Richarte and Nicolas Economou
A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files. Exploitation of these vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it.

February 4th - Damian Frizza and Alfredo Ortega
The MPlayer package (and other related projects) are vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers.

February 4th - Felipe Manzano and Anibal Sacco
The MPlayer package is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system.

January 28th - Damian Frizza and Alfredo Ortega
The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server. The vulnerability allows remote attackers to crash the system (denial of service) and potentially execute arbitrary code.

January 17th - Sebastian Gottschalk
A locally exploitable kernel buffer overflow vulnerability has been found in CORE FORCE firewall module. The vulnerability allows unprivileged logged on users to crash the system (denial of service), write data and potentially execute arbitrary code into the kernel.

January 7th - Alfredo Ortega and Oren Isacson
The vdccm daemon (part of the SynCE package) is vulnerable to a remote command injection, which can be exploited by malicious remote attackers.

December 3rd - Ricardo Narvaja
A vulnerability has been found in the ActiveX control DLL (axvlc.dll) used by VLC player. This library contains three methods whose parameters are not correctly checked, and may produce a bad initialized pointer. By providing these functions specially crafted parameters, an attacker can overwrite memory zones and execute arbitrary code.

November 27th - Sebastian Muniz
Several buffer overflow vulnerabilities were found in the third-party library used by Lotus Notes to process Lotus 1-2-3 file attachments.

October 10th - Nahuel Riva and Gerardo Richarte
A vulnerability found in OpenBSD's dhcpd allows attackers on the local network to remotely cause the DHCP server to corrupt its process memory and crash; or continue functioning erratically thus denying service to all DHCP clients on the network and, if PF updates are in use, potentially affecting egress/ingress filtering as well.

September 25th - Lucas Lavarello
A vulnerability was discovered in AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite, which expose workstations running the IM clients and their users to several immediate high-risk attack vectors.

March 13th - Alfredo Ortega with assistance from Mario Vilas and Gerardo Richarte
The vulnerability is due to improper handling of kernel memory buffers using mbuf structures. The vulnerability is triggered by OpenBSD-specific code at the mbuf layer and developed to accommodate the processing of IPv6 protocol packets.

March 5th - Gerardo Richarte

Scripts and applications using GnuPG are prone to a vulnerability in how signature verification information is shown to the end user. An attacker is able to add arbitrary content to a signed message. The receiver of the message (using a mail client such as Enigmail to read the message) will not be able to distinguish the forged and the properly signed parts of the message.

December 13th - Alfredo Ortega

A locally exploitable stack overflow vulnerability has been found in the mod_ctrls module of ProFTPD server. The vulnerability allows local attackers with access to the Controls features (and who have been allowed by Controls ACLs in proftpd.conf) to gain root privileges.

September 7th - Luciana Tabo, Lucas Lavarello, Sebastian Cufre, Ezequiel Gutesman and Javier Garcia Di Palma

A vulnerability found in the way the ICQ Pro 2003b client handles incoming message lengths could lead to denial of service attacks and remote compromise of systems running vulnerable versions of the client.

September 7th - Lucas Lavarello, Sebastian Cufre, Ezequiel Gutesman, Javier Garcia Di Palma and Luciana Tabo

Security problems found in the ICQ Toolbar v1.3 may allow attackers to control and change configuration settings and to inject scripting code in RSS feed contents and execute it in the context of the feed interface (IE's Local Zone)

August 14th, 2006 - Gerardo Richarte

While investigating the Microsoft Server Service Mailslot heap overflow vulnerability reported in Microsoft Security Bulletin MS06-035 [1], Core Security Technologies researcher Gerardo Richarte discovered a second bug in the server service.

June 9th, 2006 - Damian Saura, Alejandro Lozanoff, Eduardo Koch, Norberto Kueffner and Ivan Arce

A vulnerability found in the Asterisk's handling of IAX2 video frames couldlead to remote compromise of the system running vulnerable versions of the PBX software through execution of arbitrary code of the attacker's choosing with the privileges of the Asterisk daemon

June 9th, 2006 - Damian Saura, Alejandro Lozanoff, Eduardo Koch, Norberto Kueffner andIvan Arce

IAXclient is an open source library that implements the IAX2 VoIP protocol used by the Asterisk IP PBX and several VoIP software phones.Two vulnerabilities have been found in the library that may grant attackers remote execution of arbitrary code on systems using software packages that rely on it to implement the IAX2 protocol support.

March 20th, 2006 - Alberto Soliño

A cross-site scripting vulnerability found in Verisign’s haydn.exe could allow an attacker to execute scripting code in the machine of a user within the user's web browser with the trust level of the site hosting the haydn.exe file

July 12th, 2005 - Ariel Sanchez

A buffer overflow vulnerability was found in the status command. Remote exploitation of this vulnerability could allow an attacker to execute arbitrary code with System privileges. The status command requires an authenticated session, so valid credentials are required.

February 8th, 2005 - Juliano Rizzo

A vulnerability found in the parsing of PNG images could allow an attacker to execute arbitrary code in the chat partner's machine and gain access to the system with the privileges of the user running the MSN Messenger client program.
This vulnerability can be exploited on Windows 2000 (all service packs) and Windows XP (all service packs) that run vulnerable clients of MSN Messenger.

October 12th, 2004 - Lucas Lavarello and Juliano Rizzo

Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections.
Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

August 9th, 2004 - Juan Pablo Martinez Kuhn

Two vulnerabilities were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests.
Cfservd uses an IP based access control (AllowConnectionsFrom) which must be passed before the vulnerabilities can be exploited. The level of risk thus depends on how this access control is configured.

August 4th, 2004 - Daniel De Luca, Laura Nuñez and Carlos Sarraute

By sending specially crafted packets to the client during the authentication process, an attacker is able to compromise and execute arbitrary code on the machine running PuTTY or PSCP.
In SSH2, an attacker impersonating a trusted host can launch an attack before the client has the ability to determine the difference between the trusted and fake host. This attack is performed before host key verification.
WinSCP is an open source SFTP (SSH File Transfer Protocol) and SCP (Secure CoPy) client for Windows using SSH (Secure SHell). The SSH core of WinSCP is based on PuTTY and is affected by the same vulnerabilities.

December 10th, 2003 - Javier Kohen and Juliano Rizzo

Core Security Technologies researchers discovered new attack vectors for recently published vulnerabilities in Microsoft Windows operating systems.
These new attack methods were found while researching exploitation conditions for the Workstation Service vulnerability discovered by eEye Digital Security and disclosed in Microsoft security bulletin MS03-049 of November 11th, 2003.

September 18th, 2003 - Juan Pablo Martinez Kuhn

IBM's DB2 database ships with two vulnerable setuid binaries, namely db2licm and db2dart. Both binaries are vulnerable to a buffer overflow that allows a local attacker to execute arbitrary code on the vulnerable machine with privileges of the root user. The vulnerability is triggered providing a long command line argument to the binaries.

July 2nd, 2003 - Eduardo Arias, Gabriel Becedillas, Ricardo Quesada and Damian Saura

A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service.
The vulnerability can be triggered when an LDAP version 3 search request with more than 1000 "AND" statements is sent to the server, resulting in a stack overflow and subsequent crash of the Lsaas.exe service.

July 2nd, 2003 - Hernán Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma and Pablo Rubinstein

A directory traversal vulnerability was found in NetMeeting when doing File Transfers. An attacker can use filenames containing "..\.." when doing a file transfer, and in this manner, create a file in any place of the victim's filesystem, escaping the directory where NetMeeting usually stores incoming files (e.g. C:\Program Files\Received\Received Files).
This makes it possible to force the execution of arbitrary code on vulnerable systems.

May 27th, 2003 - Juliano Rizzo

We have discovered the following security vulnerability: by accessing http://camera-ip//admin/admin.shtml (notice the double slash) the authentication for "admin" is bypassed and an attacker gains direct access to the configuration.
Using this vulnerability, an attacker can reset the root password, then enable the telnet server by modifying configuration files, giving the attacker interactive access to a Unix like command line, allowing her to execute arbitrary commands as root.

May 5th, 2003 - Lucas Lavarello, Daniel Benmergui, Norberto Kueffner and Fernando Russ

Six security vulnerabilities were found that could lead to various forms of exploitation ranging from denying users the ability to use ICQ services to execution of arbitrary commands on vulnerable systems.

April 28th, 2003 - Emiliano Kargieman, Hernán Gips and Javier Burroni

Kerio Personal Firewall (KPF) is a firewall for workstations designed to protect them against attacks from the Internet and the local network. We found two security vulnerabilities in KPF's remote administration system:
Click for more information

April 15th, 2003 - Bruce Leidl and Juan Pablo Martinez Kuhn

The stream4 preprocessor module is a Snort plugin that reassembles TCP traffic before passing it on to be analyzed. It also detects several types of IDS evasion attacks.
We have discovered an exploitable heap overflow in this module resulting from sequence number calculations that overflow a 32 bit integer variable.

March 28th, 2003 - Juliano Rizzo, Agustin Azubel Friedman, Bruno Acselrad and Carlos Sarraute

RealPlayer is a popular program provided by RealNetworks, Inc. It is used to play live video and audio over the net. This program is able to play a great set of media file formats, between them is the PNG graphic file format. A vulnerability has been found in the way that RealPlayer decompress those files.
If exploited, this vulnerability allows an attacker to execute arbitrary code and obtain a remote command shell with those privileges of the user running RealPlayer.

March 28th, 2003 - Diego Kelyacoubian, Javier Kohen, Alberto Solino, and Juan Vera

The Eye Of Gnome (EOG for short) is an image viewer, as well as an image cataloging program. EOG is part of the GNOME desktop and is bundled with all major Linux distributions.
A vulnerability was found in this application that could lead to the execution of arbitrary code with the privileges of the user running EOG. This vulnerability can be exploited from within email clients (MUAs) that use EOG as default for image viewing.

March 20th, 2003 - Diego Kelyacoubian, Javier Kohen, Alberto Solino, and Juan Vera

Mutt is a very popular small text-based MUA (Mail User Agent) for Unix operating systems.
For more information about Mutt visit http://www.mutt.org
The Mutt Mail User Agent (MUA) has support for accessing remote mailboxes through the IMAP protocol.
By controlling a malicious IMAP server and providing a specially crafted folder, an attacker can crash the mail reader and possibly force execution of arbitrary commands on the vulnerable system with the privileges of the user running Mutt.

March 19th, 2003 - Diego Kelyacoubian, Javier Kohen, Alberto Solino, and Juan Vera

Ximian Evolution is a personal and workgroup information management solution for Linux and UNIX-based systems. The software integrates email, calendaring, meeting scheduling, contact management, and task lists, in one application. For more information about Ximian Evolution visit http://www.ximian.com
Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems.

December 2nd, 2002 - Gerardo Richarte

Many Linksys' network appliances have a remote administration and configuration interface via HTTP, either from the local network, or, if it's enabled, from any host across the internet. The implementation of the embedded HTTP server presents several different exploitable vulnerabilities, some of them allow an unauthorized user to gain control of the appliance, some let an attacker reboot it, and some are of an unknown severity. >>

December 2nd, 2002 - Gerardo Richarte

Many Linksys' network appliances have a remote administration and configuration interface via HTTP, either from the local network, or, if it's enabled, from any host across the internet. The implementation of the embedded HTTP server presents several different exploitable vulnerabilities, some of them allow an unauthorized user to gain control of the appliance, some let an attacker reboot it, and some are of an unknown severity. >>

August 22nd, 2002 - Alberto Solino and Hernan Ochoa

SMB stands for "Server Message Block" and is also known as CIFS (Common Internet File System).This protocol is intended to provide an open cross-platform mechanism for client systems to request file services from server system over a network.Current CIFS implementation under Windows runs over port tcp/139 and/or port tcp/445 (Direct Host), depending whether NetBIOS over TCP/IP is enabled or not.
By sending a specially crafted packet requesting the NetServerEnum2, NetServerEnum3 or NetShareEnum transaction, an attacker can mount a denial ofservice attack on the target machine.It might be possible to abuse this vulnerability to execute arbitrary code, although the research performed so far can not confirm this possibility (see 'Technical Description' below for more precise information). >>

July 10th, 2002 - Ricardo Quesada

The ToolTalk service allows independently developed applications to communicate with each other by exchanging ToolTalk messages. Using ToolTalk, applications can create open protocols which allow different programs to be interchanged, and new programs to be plugged into the system with minimal reconfiguration. >>

July 2nd, 2002 - Juliano Rizzo

Inktomi's Traffic Server product provides transparent web caching, access control and content filtering. It is available for Linux, Solaris and Windows platforms. A vulnerability that could allow a local attacker to gain root access has been discovered in the unix version of the software.

Problem: Buffer overflow in traffic_manager executable
The traffic_manager executable is used to manage Traffic Server, it is installed setuid-root by default under the [installpath]/bin directory.When traffic_manager is executed with a long command line argument, a buffer overflow occurs.This vulnerability can be exploited locally to gain root access. >>

April 22nd, 2002 - Gerardo Richarte

In the past years, several technologies (in the form of software packages) have been developed to protect programs against exploitation of buffer overflow vulnerabilities. These technologies aim at detecting and preventing the execution of hostile code that takes advantage of software security vulnerabilities by overwriting a critical portion of a running program's memory known as the stack. >>

November 28th, 2001 - Luciano Notarfrancesco and Juan Pablo Martinez Kuhn

The Washington University FTP daemon (WU-FTPD) is a highly modified and significantly complex version of FTPD that provides some extra features: custom logging, limited remote command support, and other enhacements to the standard BSD version of FTPD.
A problem was found in all versions of Wu-FTPD included by default in all major Linux distributions. Other platforms that ship wu-ftpd and FTP server programs derived from it are affected.
By exploiting this problem, any user who is able to log into a vulnerable version of the WU-FTPD server may be able to execute arbitrary code remotely with the privileges of the server process (usually root) which can lead to complete system compromise. >>

August 13th, 2001 - Juliano Rizzo

PGP Keyserver is a product aimed primarily for storage and retrieval of public keys. It acts both as HTTP and LDAP server for this purpose.
Web Console is the Web-based portion of the software that gives administrators the ability to remotely monitor and manage their PGP Keyserver. There exist several security flaws in the Web Console system that can allow an attacker to gain full control of server configuration.
Taking advantage of console's configuration functionalities an attacker is able to read and overwrite almost any file on the system. Carefully overwriting files could also allow an intruder to run arbitrary commands on the server.

June 26th, 2001 - Alberto Soliño and Juliano Rizzo

GroupWise is Novell's truly integrated messaging, Groupware and document management product. It combines document management, e-mail, group calendaring and scheduling, task management, imaging and workflow in one tightly integrated package.
When the Post Office mailboxes are accessed through a network share it is possible, by patching Groupwise's client software, to get access to any user's mailbox (including the administrator) without knowing its password.

February 8th, 2001 - Michal Zalewski of the Bindview RAZOR Team

SSH is a widely used client-server application for authentication and encryption of network communications.
In 1998 Ariel Futoransky and Emiliano Kargieman [1] discovered a design flaw in the SSH1 protocol (protocol 1.5) that could lead an attacker to inject malicious packets into an SSH encrypted stream that would allow execution of arbitrary commands on either client or server. >>

February 7th, 2001 - Ariel Waissbein and Agustin Azubel Friedman

SSH is a widely used client-server application for authentication and encryption of network communications. In order to ensure that all data exchanged between client and server is kept confidential a symmetric algorithm is used with a key obtained from the key exchange and authentication process done upon connection from the client to an SSH server. >>

January 29th, 2001 - Emiliano Kargieman, Agustín Azubel Friedman and Maximiliano Cáceres

As stated in the VNC home page ( http://www.uk.research.att.com/vnc/ ):
"VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures"

The ATT VNC client ships with a remotely exploitable buffer overflow.
By providing a specially crafted response a malicious server has the ability to obtain access to the client machine and execute arbitrary commands as the user running the client software. >>

January 29th, 2001 - Emiliano Kargieman, Agustín Azubel Friedman and Maximiliano Cáceres

As stated in the VNC home page ( http://www.uk.research.att.com/vnc/ ):

"VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures"

The ATT VNC server for windows ships with a remotely and locally exploitable buffer overflow if it is configured with a certain debug level.
By providing a specially crafted HTTP request an attacker has the ability to obtain access to the VNC server and execute arbitrary commands with the privileges of the user running the server. >>

January 23rd, 2001 - Emiliano Kargieman, Agustín Azubel Friedman and Maximiliano Cáceres

As stated in the VNC home page ( http://www.uk.research.att.com/vnc/ ):

"VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures".

VNC uses a challenge/response mechanism for authenticating clients in order to avoid the transmition of clear text passwords over insecure channels and prevent unauthorized clients to get access to the VNC server.
A design flaw in the client authentication mechanism permits an attacker to obtain legit credentials from a valid client in order to gain unauthorized access to the server.
The attack can be performed by an attacker eavesdropping the client/server communications with the ability to modify the data flow. NO TCP hijacking techniques are required. >>

December 4th, 2000.Alberto Soliño

November 16th, 2000. Gerardo Richarte and Claudio Castiglia

November 8th, 2000.Bruno Acselrad and Agustín Azubel Friedman

October 31st, 2000.Emiliano Kargieman and Agustín Azubel Friedman

October 31st, 2000.Emiliano Kargieman and Agustín Azubel Friedman

October 26th, 2000.Emliano Kargieman and Agustín Azubel Friedman

October 25th, 2000.Alberto Soliño

October 23rd, 2000.Ariel Waissbein, Emiliano Kargieman, Carlos Sarraute, Gerardo Richarte and Agustín Azubel Friedman

September 27th, 2000.Juliano Rizzo

September 4th, 2000.Ivan Arce

August 15th, 2000.Gerardo Richarte and Hernán Ochoa

August 2nd, 2000.Juliano Rizzo

April 14th, 2000. Gerardo Richarte and Alberto Soliño

December 1st, 1999.Alberto Soliño and Gerardo Richarte

June 11th, 1998.Ariel Futoransky and Emiliano Kargieman

March 23th, 1998.Core SDI and Secure Networks Inc.

April 22nd, 1997. Cache corruption.Core SDI and Secure Networks Inc (spanish version).