Exploit the possiblities
Showing 1 - 14 of 14 RSS Feed


Posted Feb 24, 2003
Authored by Knud Erik Hojgaard | Site kokanins.homepage.dk

Sircd v0.4.0 and below and v0.4.4 from CVS before 04/02-03 contains buffer overflow vulnerabilities which allow remote users to execute arbitrary code. Exploit available here.

tags | advisory, remote, overflow, arbitrary, vulnerability
MD5 | 0d8f9f55f74e913e73e4440aa906ceb3
Posted Feb 24, 2003
Site openssl.org

A timing based attack has been discovered in OpenSSL v0.9.6h and below which allows SSL/TLS encrypted passwords to be recovered by analyzing the timing of the responses to invalid plaintext.

tags | advisory
MD5 | 9dc778d386cf1242fb314b8f1b7c4219
Posted Feb 21, 2003
Authored by Gregory Le Bras | Site Security-Corp.org

Security Corporation Security Advisory [SCSA-005]: Proxomitron Universal Web Filter, version 4.4 and below, is vulnerable to a denial of service when being given a parameter over the length of 1024 bytes.

tags | advisory, web, denial of service
MD5 | 0b1ece32944c0c17ec422faa0d5eff3d
Posted Feb 19, 2003
Authored by Jani Taskinen | Site php.net

PHP Security Advisory - PHP 4.3.0 contains a bug that allows direct access to the PHP binary via the CGI SAPI which allows remote attackers to trick the server into executing arbitrary PHP code. PHP 4.3.1 fixes the vulnerability.

tags | advisory, remote, arbitrary, cgi, php
MD5 | 66a3e908d3dc182ef810e8953ce4b005
Posted Feb 19, 2003
Authored by Immune Advisory | Site immune.dk

BisonFTP v4r2 is a FTP daemon used on Microsoft Windows 9x/NT systems which has a remote denial of service vulnerability if sent long FTP commands, and can be tricked into revealing information about files outside the ftp root. It's not possible to get in contact with the people at http://www.bisonftp.com anymore. I guess a new version will never be released.

tags | advisory, remote, web, denial of service, root
systems | windows, 9x
MD5 | 9481f211960b4a41ce46be92d79f07e9
Posted Feb 19, 2003
Authored by Thomas Adams

The Abyss Web Server v1.1.2 and below allow unlimited brute force password guessing on the remote admin management port, tcp 9999 with no logging or delay.

tags | advisory, remote, web, tcp
MD5 | a591aa934da13b7710d7da9f7d7c4d70
Posted Feb 19, 2003
Site techsupport.services.ibm.com

IBM Security Advisory - IBM AIX v4.3, 5.1, and 5.2 has a local root vulnerability in setuid applications linked with libIM.a. Fix available here.

tags | advisory, local, root
systems | aix
advisories | CVE-2003-0087
MD5 | 9d9d037456dc62ea9fcae93fc2636091
iDEFENSE Security Advisory 2003-02-12.t
Posted Feb 13, 2003
Authored by Euan Briggs, iDefense Labs | Site idefense.com

IBM's AIX contains a locally exploitable buffer overflow in libIM which allows attackers to execute code with the privileges of an application calling the library. The "/usr/lpp/X11/bin/aixterm" binary calls the libIM library and is then installed setuid root by default on AIX. The "-im" command line argument used by aixterm causes the binary to crash when filled with a string about 50 bytes in length, allowing attackers to control the return address and run code as root.

tags | advisory, overflow, root
systems | aix
MD5 | 87f4bdc734b4cd2036f51279fb2d5690
Posted Feb 12, 2003
Authored by 3APA3A | Site security.nnov.ru

Kaspersky Antivirus (KAV) crashes when it tries access a path that has more the 256 characters. In addition to this vulnerability, a long path can be used to hide malware. Also, malware with specially crafted names are not detected by this anti-virus product. Tested on Kaspersky Antivirus

tags | advisory, virus
MD5 | 126928c9588b2eab41383e472ea23b6d
Posted Feb 12, 2003
Authored by 3APA3A | Site security.nnov.ru

It has been found that the Far file manager does not handle path names correctly. This can result in a buffer overflow condition that allows code execution. An example script to crash Far 1.70beta1 and 1.70beta4 is included. The Far developers (Rarlab) will fix this in version 1.70beta5.

tags | advisory, overflow, code execution
MD5 | ea865741d0f1582bf1dc37c083f5c81c
Posted Feb 11, 2003
Authored by Arjun Pednekar | Site nii.co.in

SQLBase 8.1.0, the database management system, has a buffer overflow when the EXECUTE string exceeds 700 characters. Possibilities for exploitation include privilege escalation to GuptaSQL uid and a denial of service against the database.

tags | advisory, denial of service, overflow
MD5 | f13c0549f43b15826305750b6b1d3b53
iDEFENSE Security Advisory 2003-02-10.t
Posted Feb 11, 2003
Authored by iDefense Labs, Knud Erik Hojgaard | Site idefense.com

iDEFENSE Security Advisory 02.10.03: Eset Software's NOD32 Antivirus System is a cross-platform anti-virus application which contains a locally exploitable buffer overflow on the Unix version which could allow attackers to gain root privileges.

tags | advisory, overflow, root, virus
systems | unix
MD5 | ba0b96902c8a41dfb8e496a891596528
Posted Feb 7, 2003
Authored by Knud Erik Hojgaard | Site kokanins.homepage.dk

The code that sets the programs title bar in AbsoluteTelnet contains a buffer overflow vulnerability that can allow code execution. This affects AbsoluteTelnet version 2.00, 2.11 and has been fixed in this beta version of AbsoluteTelnet.

tags | advisory, overflow, code execution
MD5 | 37c13470d238492e647dd46d8ddbff44
Posted Feb 4, 2003
Site web.mit.edu

MIT krb5 Security Advisory 2003-001: Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. These vulnerabilities allow a remote user the ability to crash the KDC, a user authenticated in a remote realm may be able to claim to be other non-local users to an application server, and it may be possible for a user to gain access to the KDC system and database.

tags | advisory, remote, local, vulnerability
MD5 | 6321ed770595ee4bb971e088455bfea2
Page 1 of 1

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By