what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files

tomcat-null-byte.txt
Posted Jan 31, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.

tags | advisory
SHA-256 | d53725d1e508b8d13aaa142c7e45373e1c4216348fe76af9dc8196021b9abf4b
NISR29012003.txt
Posted Jan 30, 2003

NGSSoftware Security Advisory NISR29012003 - There is a remotely exploitable buffer overflow vulnerability in the Microsoft RPC (Remote Procedure Call) Locator Service. This vulnerability, which especially affects Windows Domain Controllers, has been fixed by Microsoft and patch information can be found in Microsoft security advisory MS03-001.

tags | advisory, remote, overflow
systems | windows
SHA-256 | a2a3c79f201bcc9cccb987fb64883826f91e927d2436724e71aa37f834e00fdb
CLIVITT-2003-2.txt
Posted Jan 30, 2003
Authored by Carl Livitt

Carl Livitt security advisory CLIVITT-2003-2 - A format string vulnerability has been found in the plpnfsd daemon that comes with versions of the plptools package prior to 0.7. This issue can allow code execution with elevated privileges and has been fixed in newer versions of plptools. This advisory contains exploit code that may be used against affected SuSE Linux systems.

tags | advisory, code execution
systems | linux, suse
SHA-256 | f829611591f0d2e1fe21f665a3734db57a1c622bdeb93d60a441b30612987c9e
2003.001.txt
Posted Jan 27, 2003
Authored by inkubus | Site usg.org.uk

The utility slocate has a local buffer overflow vulnerability when the -r and -c switches are used. Due to this utility being setgid slocate on many default installs, slight privilege escalation is possible.

tags | advisory, overflow, local
SHA-256 | 7e71b25301d29a85ee989e3de872b234d94b33bc2d114ac572bfc141bb2eab8c
cvs-1.11.4.txt
Posted Jan 23, 2003
Authored by Stefan Esser | Site security.e-matters.de

CVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.

tags | advisory, root
advisories | CVE-2003-0015
SHA-256 | cf1e29270d759e81797059b571c99eff0c58d3aa9fffcdeb234d72fc4c3a22a7
iDEFENSE Security Advisory 2003-01-21.t
Posted Jan 23, 2003
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.

tags | advisory, overflow, local, root, vulnerability
systems | linux, mandrake
SHA-256 | 7176f37ea45e1920e9e214222d1b7446b1bb27eb36daf186f9b7edeb3b38a417
WebIntelligence.2.7.1.txt
Posted Jan 10, 2003
Authored by Stijn Durant | Site ubizen.com

The WebIntelligence application v2.x is a web interface which uses HTTPS and cookies to keep track of user sessions. Guessing session cookies, remote attackers can hijack the sessions of other users and take any action the account owner can take.

tags | advisory, remote, web
SHA-256 | b36e9e10f3c0edc71dc5a686d26c7cbafab869f763fb0db8bc410b5fc4dd0363
tanne.0.6.17.txt
Posted Jan 9, 2003

Tanne v0.6.17 contains a remote format string vulnerability in logger() which can lead to arbitrary code execution as root. for Linux/x86 which has been tested against Redhat 6.1, 7.0, and 8.0. Tanne is a secure http session management tool sometimes used in online banking.

tags | advisory, remote, web, arbitrary, x86, root, code execution
systems | linux, redhat
SHA-256 | 424ca1d3a400348bfeb0aab16cccbba84c3baac6882c426080179f6f88b31fb4
pine-cert-20030101.txt.asc
Posted Jan 6, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.

tags | advisory, denial of service, kernel, local
systems | freebsd
SHA-256 | 6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
platinumserver.ftp.txt
Posted Jan 6, 2003
Authored by Matrix

The Platinum FTP Server v1.06 contains remote directory traversal vulnerabilities that allow denial of service, list any directory on the server, and possibly arbitrary file deletion. Denial of service exploit in perl included. Fix available here.

tags | advisory, remote, denial of service, arbitrary, perl, vulnerability
SHA-256 | a8bc055674587d2f973081399e32d98230ea6742287042f8447672f8eb93bdab
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close