index.shtml

一个FTP密码破解程序的源代码

<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/filter-xpl.c>filter-xpl.c</a></td><td class=fl align=center width=10>2027</td><td class=fl align=center nowrap><nobr>Jul 18 02:50:05 2001</nobr></td><td class=fl align=center width=10>ac0593f66f87f941019423787bd8fce7</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>/usr/local/bin/filter local exploit. Gives GID=mail. More information available <a class=fd href="http://www.tao.ca/fire/bos/0354.html"here.</a> Tested against Slackware 3.1. Exploits the nlspath buffer overflow. By <a class=fd href="mailto:vali@lhab.soroscj.ro">_Phantom_</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ibm-db2.c>ibm-db2.c</a></td><td class=fl align=center width=10>1841</td><td class=fl align=center nowrap><nobr>Jul 29 02:28:44 2001</nobr></td><td class=fl align=center width=10>3de9be6028bd648021d753ebaaf12c72</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>IBM DB2 (which works under W98/NT/2000) Proof of concept Denial of Service. Sending 1 byte to port 6789 or 6790 IBM DB2 crashes, as described in <a class=fd href="http://packetstormsecurity.org/0107-exploits/ibm.db2.dos.txt">ibm.db2.dos.txt</a>. By <a class=fd href="mailto:honoriak@mail.ru">Honoriak</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ibm.db2.dos.txt>ibm.db2.dos.txt</a></td><td class=fl align=center width=10>491</td><td class=fl align=center nowrap><nobr>Jul 12 00:26:20 2001</nobr></td><td class=fl align=center width=10>f4b462d2987f201a50bd03e6f68934fd</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>IBM db2 for Windows (98/NT/2000) is vulnerable to a simple remote denial of service attack via db2ccs.exe (listening on port 6790) and db2jds.exe (port 6789). By <a class=fd href="mailto:gilles.lami@hays-dsia.fr">Gilles</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ida-exploit.sh>ida-exploit.sh</a></td><td class=fl align=center width=10>6176</td><td class=fl align=center nowrap><nobr>Jul 23 21:42:25 2001</nobr></td><td class=fl align=center width=10>00e34a156bbe3fe1825c7cec62b3b266</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Windows 2000 remote IIS .ida exploit - Spawns a shell on port 8008. Tested on Win2k with no service pack and SP2. Includes instructions on finding the offset. &nbsp;Homepage: <a class=fd href=http://monkey.org/~mat target=newbrowser>http://monkey.org/~mat.</a> By <a class=fd href="mailto:mat@monkey.org">Mat</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/idcf.c>idcf.c</a></td><td class=fl align=center width=10>2877</td><td class=fl align=center nowrap><nobr>Jul 11 23:58:58 2001</nobr></td><td class=fl align=center width=10>127d493b92791085586c97eff83512dc</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger. By <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/kppp.c>kppp.c</a></td><td class=fl align=center width=10>3279</td><td class=fl align=center nowrap><nobr>Jul 11 00:55:47 2001</nobr></td><td class=fl align=center width=10>62c2590edd286ebb913f7a78b60441ad</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Kppp (/usr/local/kde/bin/kppp) v1.1.2 and below local exploit. Tested against x86 and Sparc Linux. &nbsp;Homepage: <a class=fd href=http://nbs.extremenetworking.net target=newbrowser>http://nbs.extremenetworking.net.</a> By <a class=fd href="mailto:smashstack@hushmail.com">Smashstack</a>, <a class=fd href="mailto:doom@sekurity.net">Doom</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ktv.sh>ktv.sh</a></td><td class=fl align=center width=10>1822</td><td class=fl align=center nowrap><nobr>Jul 18 02:59:25 2001</nobr></td><td class=fl align=center width=10>e7386b4de150129eee315ee540b989bc</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Ktvision v0.1.1-271 and below symlink local root exploit. Tested against SuSE 7.1. By <a class=fd href="mailto:IhaQueR@IRCnet">Ihaquer</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ldap_exp2.c>ldap_exp2.c</a></td><td class=fl align=center width=10>2818</td><td class=fl align=center nowrap><nobr>Jul 12 06:35:25 2001</nobr></td><td class=fl align=center width=10>fdb9fe8c09fcd1a59d191b3a276848d3</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Solaris 5.8 ldap / passwd local root exploit. Tested on SunOS 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-60. By <a class=fd href="mailto:fygrave@tigerteam.net">Fyodor</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/libsldap-exp.c>libsldap-exp.c</a></td><td class=fl align=center width=10>2358</td><td class=fl align=center nowrap><nobr>Jul 12 05:46:28 2001</nobr></td><td class=fl align=center width=10>7fb624eef82b60ad70c6ccf9b601a763</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Solaris 8 libsldap local root exploit. Tested on an Ultra10 and an Enterprise 3500 with success. By <a class=fd href="mailto:noir@gsu.linux.org.tr">Noir</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/lmail-xpl.c>lmail-xpl.c</a></td><td class=fl align=center width=10>2014</td><td class=fl align=center nowrap><nobr>Jul 12 06:26:25 2001</nobr></td><td class=fl align=center width=10>7f9da8c5028c2fd49aa9c8210d25ec8d</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>lmail local root exploit. Simply run it with the file you want to create/overwrite and the data you wish to place in the file. By <a class=fd href="mailto:core@ezlink.com">Charles Stevenson</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/mambo_advisorie.txt>mambo_advisorie.txt</a></td><td class=fl align=center width=10>2945</td><td class=fl align=center nowrap><nobr>Jul 26 12:04:43 2001</nobr></td><td class=fl align=center width=10>407a1020f4107e848ced585227bc294c</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>The Mambo Site Server v3.0.0 - 3.0.5 contains a vulnerability which allows users to gain administrative privileges by changing global variables via URL parsing. &nbsp;Homepage: <a class=fd href=http://www.reverseonline.com target=newbrowser>http://www.reverseonline.com.</a><a class=fd href="mailto:postmaster@reverseonline.com">Ismael Peinado Palomo</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/mcaffee.mycio.traversal.txt>mcaffee.mycio.traver..></a></td><td class=fl align=center width=10>2559</td><td class=fl align=center nowrap><nobr>Jul 12 00:04:18 2001</nobr></td><td class=fl align=center width=10>3dda84290792822ead2aa88636a565b1</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>McAffee's MyCIO directory traversal vulnerability - Any machine running McAffee Agent ASaP VirusScan Software is vulnerable to a remote vulnerability which allows any file on the machine to be read. This software incorporates what is known as "Rumor Technology" that facilitates in the transfer of virus definitions between neighboring machines. This agent software runs as a service ("McAfee Agent") under the local system account and uses a light weight HTTP server that listens on TCP port 6515. Exploit URL included. By <a class=fd href="mailto:ade245@hushmail.com">Ade245</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ml85p.sh>ml85p.sh</a></td><td class=fl align=center width=10>1751</td><td class=fl align=center nowrap><nobr>Jul 17 17:43:02 2001</nobr></td><td class=fl align=center width=10>27106ddc98e2b944324483817b655184</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default. By <a class=fd href="mailto:suid@sneakerz.org">Suid</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/nerf.iis.dos.txt>nerf.iis.dos.txt</a></td><td class=fl align=center width=10>1136</td><td class=fl align=center nowrap><nobr>Jul 12 06:39:19 2001</nobr></td><td class=fl align=center width=10>86ac77030b990207e5472ee62b0bd790</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Nerf Group Security Advisory #4 - Microsoft IIS 4 and 5 can be crashed remotely by reading device files (com1, com2, etc). Exploit URL included. &nbsp;Homepage: <a class=fd href=http://www.nerf.ru target=newbrowser>http://www.nerf.ru.</a> By <a class=fd href="mailto:buggzy@nerf.ru">Buggzy</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/pic-lpr-remote.c>pic-lpr-remote.c</a></td><td class=fl align=center width=10>5320</td><td class=fl align=center nowrap><nobr>Jul 27 02:30:12 2001</nobr></td><td class=fl align=center width=10>b872ac8b739399184c12ab501762793c</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Pic / LPRng format string remote exploit. Pic is part of the groff package. It is used by troff-to-ps.fpi as uid lp when perl, troff and LPRng are installed. Tested against Redhat 7.0 (groff-1.16-7). By <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/pileup-xpl.c>pileup-xpl.c</a></td><td class=fl align=center width=10>3489</td><td class=fl align=center nowrap><nobr>Jul 29 04:07:36 2001</nobr></td><td class=fl align=center width=10>7db2fa47bb548a4281aad6708c157b54</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>/usr/bin/pileup local root exploit. Tested against Debian 2.2. By Core</td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/QDAV-2001-7-1>QDAV-2001-7-1</a></td><td class=fl align=center width=10>11799</td><td class=fl align=center nowrap><nobr>Jul 11 23:31:41 2001</nobr></td><td class=fl align=center width=10>454c4032e3ae794c228b5636ca6399ae</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters. &nbsp;Homepage: <a class=fd href=http://qDefense.com target=newbrowser>http://qDefense.com.</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/QDAV-2001-7-3>QDAV-2001-7-3</a></td><td class=fl align=center width=10>1896</td><td class=fl align=center nowrap><nobr>Jul 18 02:13:43 2001</nobr></td><td class=fl align=center width=10>ccfd18fc1da76e132dea511b4220808d</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>qDefense Advisory Number QDAV-2001-7-3 - Interactive Story does not properly validate the contents of a hidden field entitled "next". By setting that field to the name of a file, and using double dots and poison nulls, an attacker can cause Interactive Story to display the contents of any file. Exploit URL included. &nbsp;Homepage: <a class=fd href=http://qDefense.com target=newbrowser>http://qDefense.com.</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/qflood.c>qflood.c</a></td><td class=fl align=center width=10>6903</td><td class=fl align=center nowrap><nobr>Jul 17 17:58:58 2001</nobr></td><td class=fl align=center width=10>7588a0c0ef179e78557b962a95c75291</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Qflood.c fills up a Quake server with spoofed "unconnected" clients, disallowing other players the ability to connect to the server since the player limit fills up quickly. Additionally, if the server does not support multiple clients from the same IP address, it will disconnect legitimate players if the spoofed connection request matches that player. By <a class=fd href="mailto:_k3nny@Efnet">Andy Gavin</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/sig.c>sig.c</a></td><td class=fl align=center width=10>1752</td><td class=fl align=center nowrap><nobr>Jul 18 02:46:13 2001</nobr></td><td class=fl align=center width=10>e9b50e27f1042cfbac603ed819ac6420</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>FreeBSD 3.1 - 4.3 local root exploit - Uses the signal condition vulnerability discovered by G. Guninski. By Lamerboy.</td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/slackware.init.txt>slackware.init.txt</a></td><td class=fl align=center width=10>2582</td><td class=fl align=center nowrap><nobr>Jul 18 02:06:29 2001</nobr></td><td class=fl align=center width=10>da683d52f3f0072dc6963928eed7696f</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Slackware 8.0 local root exploit - Creates a suid shell when "modprobe lp" is run from the startup scripts. By <a class=fd href="mailto:josh@pulltheplug.com">Josh</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/slackware.man.c>slackware.man.c</a></td><td class=fl align=center width=10>2216</td><td class=fl align=center nowrap><nobr>Jul 17 17:55:38 2001</nobr></td><td class=fl align=center width=10>c1c8ef9823405a020ea2cc19d098e213</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Slackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man. By <a class=fd href="mailto:josh@pulltheplug.com">Josh</a>, <a class=fd href="mailto:lockdown@lockeddown.net">Lockdown</a>, <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/sneaky2.sh>sneaky2.sh</a></td><td class=fl align=center width=10>12487</td><td class=fl align=center nowrap><nobr>Jul 18 02:10:26 2001</nobr></td><td class=fl align=center width=10>25055226b0a890073e135c5b546d136f</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Sneaky2.sh is a swiss army knife for Hotmail/Messenger. Implements Spoofing/brute force/misconception/unexpected input Class Attacks. Will spoof Hotmail/messenger server to recover user hotmail/password, crash messenger client, remotely inject and execute malicious exe on the victim host. &nbsp;Homepage: <a class=fd href=http://www.securite-internet.com target=newbrowser>http://www.securite-internet.com.</a> By Gregory Duchemin</td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/spadv03.txt>spadv03.txt</a></td><td class=fl align=center width=10>5094</td><td class=fl align=center nowrap><nobr>Jul 30 02:12:09 2001</nobr></td><td class=fl align=center width=10>34db49ab75ca4fc3edbb7aa09d278554</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>The Windows 2000 telnetd service is vulnerable to a remote denial of service attack. The service crashes when scanned for the recent AYT telnetd vulnerability discovered by <a class=fd href="mailto:scut@www.team-teso.net">Scut</a>. Includes SPtelnetAYT.c, a scanner for the AYT vulnerability in telnet daemons build upon the BSD source. &nbsp;Homepage: <a class=fd href=http://www.secpoint.com target=newbrowser>http://www.secpoint.com.</a> By <a class=fd href="mailto:info@secpoint.com">Security Point</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/squidmap.pl>squidmap.pl</a></td><td class=fl align=center width=10>1499</td><td class=fl align=center nowrap><nobr>Jul 29 03:30:54 2001</nobr></td><td class=fl align=center width=10>3072c26d039e563fde8246ed1e61f590</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Squid can be used to port scan if set up as a httpd accelerator (reverse proxy). Tested on Redhat 7.0. By <a class=fd href="mailto:pnasrat@uk.now.com">Paul Nasrat</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/sr.pl>sr.pl</a></td><td class=fl align=center width=10>3907</td><td class=fl align=center nowrap><nobr>Jul 18 01:47:37 2001</nobr></td><td class=fl align=center width=10>64a69339c5b64edbad5cc889a991464a</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Checkpoint Firewall-1's SecureRemote allows any IP to connect and download sensitive network information. This perl script gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions). &nbsp;Homepage: <a class=fd href=http://www.sensepost.com target=newbrowser>http://www.sensepost.com.</a> By <a class=fd href="mailto:haroon@sensepost.com">Haroon Meer & Roelof Temmingh</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/tstot.c>tstot.c</a></td><td class=fl align=center width=10>10102</td><td class=fl align=center nowrap><nobr>Jul 12 01:13:12 2001</nobr></td><td class=fl align=center width=10>84f0f17bc976e6b8be69bacaeb5bf596</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available <a class=fd href="http://www.securityfocus.com/archive/1/195792">here.</a> By <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/ttawebtop.html>ttawebtop.html</a></td><td class=fl align=center width=10>610</td><td class=fl align=center nowrap><nobr>Jul 18 02:54:16 2001</nobr></td><td class=fl align=center width=10>3c05d637d7955fb852fe1c1ec31d1681</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Tarantella 3.01 ttawebtop.cgi "show files" exploit. '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retrieve files from remote sever, which should not be accessible normally. Exploit URL included. By <a class=fd href="mailto:dotslash@snosoft.com">KF</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/vvfreebsd.txt>vvfreebsd.txt</a></td><td class=fl align=center width=10>3901</td><td class=fl align=center nowrap><nobr>Jul 12 01:51:40 2001</nobr></td><td class=fl align=center width=10>2d223327e13a25c1742fe30e2fda51ba</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Georgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit. &nbsp;Homepage: <a class=fd href=http://www.guninski.com target=newbrowser>http://www.guninski.com.</a> By <a class=fd href="mailto:guninski@guninski.com">Georgi Guninski</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/whodo-ex.c>whodo-ex.c</a></td><td class=fl align=center width=10>2500</td><td class=fl align=center nowrap><nobr>Jul 12 05:58:37 2001</nobr></td><td class=fl align=center width=10>82dffcd2065e49a4222ebc5c8dbea224</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86. By <a class=fd href="mailto:psor@ccc.uba.a">Pablo Sor</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/xdm-cookie-exploit.c>xdm-cookie-exploit.c</a></td><td class=fl align=center width=10>6142</td><td class=fl align=center nowrap><nobr>Jul 12 15:26:04 2001</nobr></td><td class=fl align=center width=10>cb62c9d2e6db81932cda010ba727d2a0</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Current versions of xdm are sensitive to trivial brute force attack if it is compiled with bad options, mainly HasXdmXauth. Without this option, cookie is generated from gettimeofday(2). If you know starting time of xdm login session, computation of the cookie just takes a few seconds. By <a class=fd href="mailto:ntf@epita.fr">Ntf</a>, <a class=fd href="mailto:sky@epita.fr">Sky</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl width=40% nowrap><a class=fl href=/0107-exploits/xxman.sh>xxman.sh</a></td><td class=fl align=center width=10>832</td><td class=fl align=center nowrap><nobr>Jul 17 17:39:08 2001</nobr></td><td class=fl align=center width=10>631ac7297588dc7496aa411184167887</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Xxman.sh is a local root exploit for an insecure system call in xman. &nbsp;Homepage: <a class=fd href=http://www.realhalo.org target=newbrowser>http://www.realhalo.org.</a> By <a class=fd href="mailto:v9@realhalo.org">Vade79</a></td></tr>
</table></td></tr></table></td></tr></table></td></tr></table><p>
<table border=0 width=90% bgcolor=#000000><tr><td class=name height=10 ><img src=/images/spacer.gif></td></tr>
<tr><td class=name align=left>&nbsp;</td></tr>
<tr><td class=name align=left>&nbsp;</td></tr>
<tr><td class=small align=center><a class=small href=/privacy.html>Privacy Statement</a><
td></tr>
<tr><td class=name align=left><a href=#top><img border=0 src=/images/top.gif></a></td></tr>
<tr><td class=name align=left>&nbsp;</td></tr>
</table>
</body>
</html>