what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files

visnetic.dos.txt
Posted Dec 25, 2002
Authored by Peter Kruse | Site krusesecurity.dk

The VisNetic WebSite Server for Windows v3.5.13.1 and below contains a remote denial of service vulnerability which can be exploited by sending a 5000 character URL.

tags | advisory, remote, denial of service
systems | windows
SHA-256 | 3c584629b51d943bbf04163d06512c711249ee635d947585e6b48ef586d7e361
ftp.client.traversal.txt
Posted Dec 25, 2002
Authored by Steven M. Christey

FTP clients, including those that may be embedded in web clients, can be vulnerable to certain directory traversal attacks by modified FTP servers. If successful, the attacks could allow the server to overwrite or create arbitrary files outside of the client's working directory, subject to file/directory permissions and the privilege level of the client. Vulnerable clients include wget-1.8.1, OpenBSD 3.0 ftp, and Solaris 2.7 and 2.7 ftp.

tags | advisory, web, arbitrary
systems | solaris, openbsd
SHA-256 | e04b3f39784fb43911484c74fae121e90aac99afd0985873bce51157ed79afb2
12.16.02b.txt
Posted Dec 25, 2002
Authored by Blink

iDEFENSE Security Advisory 12.16.02b - The Melange chat server v1.10 and blow has a remotely exploitable buffer overflow.

tags | advisory, overflow
SHA-256 | 35a79f4872f06a1b867013ada8d7bb62b3fb09aa02b2a772292fb1694b36d7b6
hyperion.2.8.11.txt
Posted Dec 24, 2002
Authored by Securma Massine

The Hyperion FTP Server v2.8.11 and below for Windows 95/98/NT/2000 contains a buffer overflow in ftpservx.dll which allows remote code execution.

tags | advisory, remote, overflow, code execution
systems | windows
SHA-256 | a852a01717f525ea2029404cc63c43275bb34de7252eca8aec2116d4637f10b7
iDEFENSE Security Advisory 2002-12-23.t
Posted Dec 24, 2002
Authored by Zen-Parse, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.

tags | advisory, overflow, local
systems | unix
SHA-256 | e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577
eeye.flash.6.0.65.0.txt
Posted Dec 21, 2002
Authored by eEye Digital Security | Site eEye.com

Macromedia Shockwave Flash Malformed Header Overflow #2 - Macromedia Flash Player versions less than 6.0.65.0 allows remote code execution via HTML email and web pages. Fix available here.

tags | advisory, remote, web, overflow, code execution
SHA-256 | 018888a6c288f72d88dd0f5fddd22ecea22e5d438947c9dabdd5059490d624a6
iDEFENSE Security Advisory 2002-12-20.t
Posted Dec 21, 2002
Authored by iDefense Labs, David Zentner | Site idefense.com

iDEFENSE Security Advisory 12.20.02 - Microsoft"s Hotmail service contains cross site scripting vulnerabilities which allow session hijacking and arbitrary action execution.

tags | advisory, arbitrary, vulnerability, xss
SHA-256 | aafa3e18425d9f046e54dc567ee2fcce025cf56610f8af6c1a137a6f802f4eca
real.helix.9.0.txt
Posted Dec 21, 2002
Authored by Mark Litchfield | Site ngssoftware.com

RealNetworks Helix Universal Server v9.0 and below for Windows, FreeBSD, HP-UX, AIX, Linux, Sun Solaris 2.7 & 2.8 contains buffer overflows which can cause code to be executed as SYSTEM over tcp port 554.

tags | advisory, overflow, tcp
systems | linux, windows, solaris, freebsd, aix, hpux
SHA-256 | b39acaf9964d4389121ef064fdeeef266502772719c45556094be1fe82988b89
enceladus-3.9.11.txt
Posted Dec 21, 2002

The Enceladus Web and FTP server suite for Windows below v3.9.11 contains a buffer overflow which allows remote command execution. More information available http://www.mollensoft.com.

tags | advisory, remote, web, overflow
systems | windows
SHA-256 | bc56ff8f7fcff42ba61b72dc3e45978976994ff033fe3cee6516d6863ba75f6e
php-nuke_mail_crlf.patch
Posted Dec 21, 2002
Authored by Ulf Harnhammar

PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.

tags | advisory, remote, php
SHA-256 | f324c19dbb506141832f85077a736850e56b7b492f689c7d1dbbcc19a71e156e
oss-00001.txt
Posted Dec 21, 2002
Authored by Burn-X | Site opensourcesecurity.com

Pine v4.44 contains a local buffer overflow in the -x command line option.

tags | advisory, overflow, local
SHA-256 | 1ef3e1c8a908d842ce87bbcf654b3e3ef0f8778d1b327a332d6955a77aa0658f
iDEFENSE Security Advisory 2002-12-19.t
Posted Dec 21, 2002
Authored by Zen-Parse, David Endler, iDefense Labs | Site idefense.com

iEasy Software Products' Common Unix Printing System (CUPS) vCUPS-1.1.14-5 to 1.1.17 contains an integer overflow in the CUPSd interface which allows attackers to gain the permissions of the LP user and the sys GID. In addition, a race condition allows any file to be overwritten as root. Affected systems include Red Hat 7.3, 8.0, and OS/X 10.2.2.

tags | advisory, overflow, root
systems | linux, redhat, unix, apple, osx
SHA-256 | 7c6ba1d4608fa090e656e197e22e24c9627af18d3d3a39b6434f0b189bc7eae8
polycom.auth-bypass.txt
Posted Dec 21, 2002
Authored by Tamer Sahin | Site securityoffice.net

The Polycom ViewStation FX set top video system allows users to change configuration of the video conferencing system. A bug introduced in the Polycom ViewStation FX Release v4.2 allows users full access to the video conferencing system including changing the admin password.

tags | advisory, bypass
SHA-256 | efc1399c213252cbb952cdd78a552988b8c768fd731044eb40928f453a8af4c3
Rapid7 Security Advisory 9
Posted Dec 16, 2002
Authored by Rapid7 | Site rapid7.com

Rapid 7 Security Advisory - SSH servers and clients from several vendors contain vulnerabilities in the greeting and key-exchange-initialization phases of the SSHv2 transport layer that allow denial of service attacks and/or arbitrary code execution. OpenSSH, SecureCRT, and LSH are not affected - vulnerable versions include F-Secure 3.1.0 and below for unix and v5.2 and below for Windows, SSH 3.2.2 and below for windows and unix, putty v0.53 and below, WinSCP 2.0.0 and below, and more.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | windows, unix
SHA-256 | 4e0095d93035f5f570e62c687c4ba8324db7f74b95ef0d6aad64c3c1651a3e9c
eeye.png.txt
Posted Dec 14, 2002
Authored by eEye Digital Security | Site eEye.com

EEye Security Advisory - During a review of the PNG image format implemented in Microsoft Windows, pngfilt.dll, serious vulnerabilities were discovered related to the interpretation of PNG image data. The more serious bug is a heap overflow which can be exploited to execute code when the malicious PNG image is viewed. IE 5.01-6.0 is vulnerable, along with the IE web control for Outlook, Access 2000, Backoffice, Microsoft Visual Studio .NET 2002, Office 2000, Office XP pro, Project 2002 Professional, Publisher 98, SNA Server 4.0, SQL Server 7.0, Visio 2002, Visual Basic .NET Standard 2002, Visual C, Visual C++ .NET Standard 2002, Visual FoxPro 7.0, Visual Studio 6.0, Windows 2000, Windows 95, Windows 98, NT, and XP. Microsoft advisory is ms02-066.

tags | advisory, web, overflow, vulnerability
systems | windows
SHA-256 | f11b994b879980c3165d71f5cef07811d6d5feb5f65c16286a58a35a2b0cacf3
mysql.4.0.5a.txt
Posted Dec 14, 2002
Authored by Stefan Esser | Site security.e-matters.de

The MySQL database versions <= 3.23.53a and <= 4.0.5a contains local and remote vulnerabilities allowing remote attackers to bypass the MySQL password check and execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability which allows '\0' to be written to any memory address allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient.

tags | advisory, remote, overflow, arbitrary, local, vulnerability, code execution
SHA-256 | b385bbffd26b7aac37dec468afd6558f47557fa4ccb25456b032f8f0f3e77828
fetchmail.6.1.3.txt
Posted Dec 14, 2002
Authored by Stefan Esser | Site security.e-matters.de

A heap overflow has been found in Fetchmail v6.1.3 and below which allows remote attackers to execute code with the privileges of the user running fetchmail on Linux. It is a denial of service vulnerability on BSD. Fixed in v6.2.0.

tags | advisory, remote, denial of service, overflow
systems | linux, bsd
SHA-256 | 00367f13a6c9121041c44e2a0b3582239a66f54aeae1714fc5cf1dc427242f38
suse.grub.txt
Posted Dec 14, 2002
Authored by Matthias Andree

SuSE 8.1's "gfxmenu" which is configured into GRUB by default on many machines allows the user to pass in additional kernel boot parameters without entering the password, allowing users who can locally reboot the machine to easily spawn a root shell.

tags | advisory, shell, kernel, root
systems | linux, suse
SHA-256 | 8835b98c7e6cc1122e66d91619047a0fcc3b5ad373a989202c6f9b7dbbe592f8
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close