Twenty Year Anniversary
Showing 1 - 14 of 14 RSS Feed


Posted Feb 24, 2003
Authored by Knud Erik Hojgaard | Site

Sircd v0.4.0 and below and v0.4.4 from CVS before 04/02-03 contains buffer overflow vulnerabilities which allow remote users to execute arbitrary code. Exploit available here.

tags | advisory, remote, overflow, arbitrary, vulnerability
MD5 | 0d8f9f55f74e913e73e4440aa906ceb3
Posted Feb 24, 2003

A timing based attack has been discovered in OpenSSL v0.9.6h and below which allows SSL/TLS encrypted passwords to be recovered by analyzing the timing of the responses to invalid plaintext.

tags | advisory
MD5 | 9dc778d386cf1242fb314b8f1b7c4219
Posted Feb 21, 2003
Authored by Gregory Le Bras | Site

Security Corporation Security Advisory [SCSA-005]: Proxomitron Universal Web Filter, version 4.4 and below, is vulnerable to a denial of service when being given a parameter over the length of 1024 bytes.

tags | advisory, web, denial of service
MD5 | 0b1ece32944c0c17ec422faa0d5eff3d
Posted Feb 19, 2003
Authored by Jani Taskinen | Site

PHP Security Advisory - PHP 4.3.0 contains a bug that allows direct access to the PHP binary via the CGI SAPI which allows remote attackers to trick the server into executing arbitrary PHP code. PHP 4.3.1 fixes the vulnerability.

tags | advisory, remote, arbitrary, cgi, php
MD5 | 66a3e908d3dc182ef810e8953ce4b005
Posted Feb 19, 2003
Authored by Immune Advisory | Site

BisonFTP v4r2 is a FTP daemon used on Microsoft Windows 9x/NT systems which has a remote denial of service vulnerability if sent long FTP commands, and can be tricked into revealing information about files outside the ftp root. It's not possible to get in contact with the people at anymore. I guess a new version will never be released.

tags | advisory, remote, web, denial of service, root
systems | windows, 9x
MD5 | 9481f211960b4a41ce46be92d79f07e9
Posted Feb 19, 2003
Authored by Thomas Adams

The Abyss Web Server v1.1.2 and below allow unlimited brute force password guessing on the remote admin management port, tcp 9999 with no logging or delay.

tags | advisory, remote, web, tcp
MD5 | a591aa934da13b7710d7da9f7d7c4d70
Posted Feb 19, 2003

IBM Security Advisory - IBM AIX v4.3, 5.1, and 5.2 has a local root vulnerability in setuid applications linked with libIM.a. Fix available here.

tags | advisory, local, root
systems | aix
advisories | CVE-2003-0087
MD5 | 9d9d037456dc62ea9fcae93fc2636091
iDEFENSE Security Advisory 2003-02-12.t
Posted Feb 13, 2003
Authored by Euan Briggs, iDefense Labs | Site

IBM's AIX contains a locally exploitable buffer overflow in libIM which allows attackers to execute code with the privileges of an application calling the library. The "/usr/lpp/X11/bin/aixterm" binary calls the libIM library and is then installed setuid root by default on AIX. The "-im" command line argument used by aixterm causes the binary to crash when filled with a string about 50 bytes in length, allowing attackers to control the return address and run code as root.

tags | advisory, overflow, root
systems | aix
MD5 | 87f4bdc734b4cd2036f51279fb2d5690
Posted Feb 12, 2003
Authored by 3APA3A | Site

Kaspersky Antivirus (KAV) crashes when it tries access a path that has more the 256 characters. In addition to this vulnerability, a long path can be used to hide malware. Also, malware with specially crafted names are not detected by this anti-virus product. Tested on Kaspersky Antivirus

tags | advisory, virus
MD5 | 126928c9588b2eab41383e472ea23b6d
Posted Feb 12, 2003
Authored by 3APA3A | Site

It has been found that the Far file manager does not handle path names correctly. This can result in a buffer overflow condition that allows code execution. An example script to crash Far 1.70beta1 and 1.70beta4 is included. The Far developers (Rarlab) will fix this in version 1.70beta5.

tags | advisory, overflow, code execution
MD5 | ea865741d0f1582bf1dc37c083f5c81c
Posted Feb 11, 2003
Authored by Arjun Pednekar | Site

SQLBase 8.1.0, the database management system, has a buffer overflow when the EXECUTE string exceeds 700 characters. Possibilities for exploitation include privilege escalation to GuptaSQL uid and a denial of service against the database.

tags | advisory, denial of service, overflow
MD5 | f13c0549f43b15826305750b6b1d3b53
iDEFENSE Security Advisory 2003-02-10.t
Posted Feb 11, 2003
Authored by iDefense Labs, Knud Erik Hojgaard | Site

iDEFENSE Security Advisory 02.10.03: Eset Software's NOD32 Antivirus System is a cross-platform anti-virus application which contains a locally exploitable buffer overflow on the Unix version which could allow attackers to gain root privileges.

tags | advisory, overflow, root, virus
systems | unix
MD5 | ba0b96902c8a41dfb8e496a891596528
Posted Feb 7, 2003
Authored by Knud Erik Hojgaard | Site

The code that sets the programs title bar in AbsoluteTelnet contains a buffer overflow vulnerability that can allow code execution. This affects AbsoluteTelnet version 2.00, 2.11 and has been fixed in this beta version of AbsoluteTelnet.

tags | advisory, overflow, code execution
MD5 | 37c13470d238492e647dd46d8ddbff44
Posted Feb 4, 2003

MIT krb5 Security Advisory 2003-001: Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. These vulnerabilities allow a remote user the ability to crash the KDC, a user authenticated in a remote realm may be able to claim to be other non-local users to an application server, and it may be possible for a user to gain access to the KDC system and database.

tags | advisory, remote, local, vulnerability
MD5 | 6321ed770595ee4bb971e088455bfea2
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By