Sircd v0.4.0 and below and v0.4.4 from CVS before 04/02-03 contains buffer overflow vulnerabilities which allow remote users to execute arbitrary code. Exploit available here.
e6cd4e6b3ed5a50f2058983327655cd6782b4cf9f1554404cf8127b30d18f04cA timing based attack has been discovered in OpenSSL v0.9.6h and below which allows SSL/TLS encrypted passwords to be recovered by analyzing the timing of the responses to invalid plaintext.
b1ed1ca04af4fe1e6f92f49d5e3c992d946702a52d11817f84b2a60f0ab85f2eSecurity Corporation Security Advisory [SCSA-005]: Proxomitron Universal Web Filter, version 4.4 and below, is vulnerable to a denial of service when being given a parameter over the length of 1024 bytes.
f88a50da4c3cc775d3517f57fcc25525d5375f35ea97d33b6ce9d470135ba850PHP Security Advisory - PHP 4.3.0 contains a bug that allows direct access to the PHP binary via the CGI SAPI which allows remote attackers to trick the server into executing arbitrary PHP code. PHP 4.3.1 fixes the vulnerability.
21cbf19fe4a85a2248c6ff1bd76047da3c8253975dfcee6e5099cbb61651d08aBisonFTP v4r2 is a FTP daemon used on Microsoft Windows 9x/NT systems which has a remote denial of service vulnerability if sent long FTP commands, and can be tricked into revealing information about files outside the ftp root. It's not possible to get in contact with the people at http://www.bisonftp.com anymore. I guess a new version will never be released.
4787f651afaf0dc5c002b1ae7fb801b816220ee83fcb6ed6d91fbd0895b33bf9The Abyss Web Server v1.1.2 and below allow unlimited brute force password guessing on the remote admin management port, tcp 9999 with no logging or delay.
aa3c944b4f85c34c5806f7acbe78d1eaa9f59c0ca2c7249a2f2fc55a1464e328IBM Security Advisory - IBM AIX v4.3, 5.1, and 5.2 has a local root vulnerability in setuid applications linked with libIM.a. Fix available here.
8d53c13846ee5f97fc58ab0627a476ae048a8340d08ce8b33f3c38ffdbe77412IBM's AIX contains a locally exploitable buffer overflow in libIM which allows attackers to execute code with the privileges of an application calling the library. The "/usr/lpp/X11/bin/aixterm" binary calls the libIM library and is then installed setuid root by default on AIX. The "-im" command line argument used by aixterm causes the binary to crash when filled with a string about 50 bytes in length, allowing attackers to control the return address and run code as root.
d48b6926c82ffe75c223b8a03b1f5182ccf081eafc0e952920b165ba77191d02Kaspersky Antivirus (KAV) crashes when it tries access a path that has more the 256 characters. In addition to this vulnerability, a long path can be used to hide malware. Also, malware with specially crafted names are not detected by this anti-virus product. Tested on Kaspersky Antivirus 4.0.9.0.
6949810c13d2cba2796d0abbbae6962016128aba3acc695195bdaa032d0e85b3It has been found that the Far file manager does not handle path names correctly. This can result in a buffer overflow condition that allows code execution. An example script to crash Far 1.70beta1 and 1.70beta4 is included. The Far developers (Rarlab) will fix this in version 1.70beta5.
3c005022589cdd7f5a8b111e3c1376932e2a7aa5e26e42083ce66606bbf95efbSQLBase 8.1.0, the database management system, has a buffer overflow when the EXECUTE string exceeds 700 characters. Possibilities for exploitation include privilege escalation to GuptaSQL uid and a denial of service against the database.
ffa52760c1c161417420ffd38630b1569751d5cb660a82c0add839da2e0fb68aiDEFENSE Security Advisory 02.10.03: Eset Software's NOD32 Antivirus System is a cross-platform anti-virus application which contains a locally exploitable buffer overflow on the Unix version which could allow attackers to gain root privileges.
9c873e85cfe6992b13b2e8da5382e348d3979db26cf79e682de57495f210babfThe code that sets the programs title bar in AbsoluteTelnet contains a buffer overflow vulnerability that can allow code execution. This affects AbsoluteTelnet version 2.00, 2.11 and has been fixed in this beta version of AbsoluteTelnet.
65f6d610ec78851f395bbebde3a968de65fed38e03e1bd3371bc86a90631695fMIT krb5 Security Advisory 2003-001: Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. These vulnerabilities allow a remote user the ability to crash the KDC, a user authenticated in a remote realm may be able to claim to be other non-local users to an application server, and it may be possible for a user to gain access to the KDC system and database.
b4f8f659f09ba8c3ad8b82d31e826dd9864091b0a2158b838d6900b5c237cea2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed