Software Insight Security Research Advisory #NISR29042003 - A classic stack based buffer overflow vulnerability exists in the Oracle database server that can be set up for exploitation by providing an overly long parameter for a connect string with the 'CREATE DATABASE LINK' query.
c3f8b0302120eee28deb89f9e37d6fc46825608d07e31b5127eebc4b72b60651
Kerio Personal Firewall version 2.1.4 and below is vulnerable to a replay attack against the authenticated/encrypted channel for remote administration. A remotely exploitable buffer overflow also exists in the authentication process.
51f426c01a5ad688ec33c74da88fe1f7fc33549a9d8404fc4084179856d88505
INetCop Security Advisory #2003-0x82-016 - Qpopper v4.0.x poppassd, the utility that allows users to change their mail passwords, is setuid root and allows for a definable path to smbpasswd. In doing so, a local attacker can easily escalate to root privileges.
20cb7ad78ee34a4462fc2669a4d2d11d3fe2de2037bd5095118d7d9b3abee361
The code used in Microsoft Internet Explorer to parse web servers' HTTP
8409c280ff9852eade3c78cd582096e5c515b89d13acd91bc6e53196eeb73d5b
Secure Network Operations Advisory SRT2003-04-24-1532 - The Options Parsing Tool shared library is vulnerable to a buffer overflow. If a setuid application makes use of this shared library privilege escalation can occur.
27653feb879a2466532cbf9dc02ab5adf50adeae30aed387f0723aaaaf1e7e51
NGSSoftware Insight Security Research Advisory NISR24042003 - There is an exploitable heap overflow vulnerability in Microsoft's ActiveX control, Plugin.ocx. By default, plugin.ocx is marked safe for scripting, and as such, if an IE user were to visit a malicious web page, the overflow could be triggered allowing for a remote compromise of the user's machine. Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1.
09846f5747f8a68ae2082855b7b8bddf3aa795b6b67998718a647a62cd330cdc
Cisco Security Advisory: Cisco Catalyst software permits unauthorized access to the enable mode in the 7.5(1) release. Once initial access is granted, access can be obtained for the higher level "enable" mode without a password. This
d785b165ef0019a6df143d4b4bea9a49bff722284b56119f4262c51bbecfe4e9
A vulnerability in the Xeneo Web Server can be exploited by malicious attackers to cause a denial of service due to an error in the handling of requests including a malformed URL encoding representation of a character.
893273caaeca2a5baa326a0456742a7e0d82e24c4657dbd8a249341dabfc93f5
Cisco Security Advisory - Cisco Secure ACS for Windows is vulnerable to a buffer overflow on the administration service which runs on TCP port 2002. Exploitation of this vulnerability results in a Denial of Service, and can potentially result in system administrator access. Cisco Secure ACS versions up to and including version 2.6.4 , 3.0.3, and 3.1.1 are affected by this vulnerability.
480f30faba4a7dc1e5a194019281b719a20ce957e96e56bdb9b229dec2c34792
Next Generation advisory NGSEC-2003-5. YABBS, the popular BBS system for unix and Windows, has a vulnerability in the HttPush code that allows a remote attacker to inject evil code via its PHP language support.
a52311ed4ce82096496852dbff6937714db96a018f5f4bc4c0c30521de8a9711
A race condition exists in Windows XP Service Control Manager Service Shutdown Mechanism when a service shutdown is not correctly completed in a desired time period. Normal users can access open files which may end up with randomly cached data that could contain restricted data. Microsoft has not announce any plans to backport a patch but has announced that this issue will be addressed in Windows Server 2003.
41a02ad828c3ebc0dc61cce406afdab9e7375f885ee18abb77135abf5f1365c2
A vulnerability discovered in Macromedia Flash in the advertisement user tracking field allows a remote user to perform Cross Site Scripting attacks and retrieve session information.
34cb76eaf3582ec18e4bc5d34fcd6e9901f19799e986a3588f9d2598636673d3
Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.
ca8fa585c5c12890f30e767074ee9e77851c6c136557059afdae4911aeae24fd
iDEFENSE Security Advisory 04.08.03 - Remote exploitation of a memory leak in the Apache 2.0 HTTP Server causes the characters. The web server allocates an eighty-byte buffer for each linefeed character without specifying an upper limit for allocation. Consequently, an attacker can remotely exhaust system resources by generating many requests containing these characters. Versions affected: < 2.0.45.
b48df828dbdecf9e21604f43457d667566af6ec88eb59354928059fb5619165d
iDEFENSE Security Advisory 04.09.03 - A vulnerability exists in Microsoft's Internet Security and Acceleration Server that allows attackers to cause a denial-of-service condition by spoofing a specially crafted packet to the target system. Another impact of this vulnerability is the capability of a remote attacker to generate an infinite packet storm between two unpatched systems implementing ISA Server or MS Proxy 2.0 over the Internet.
b573e2b6f6a85ab874cda45b55e19be72c075584f1a76e5079e895a43dc4c0de
mIRC versions 6.03 and below has limited visibility during a DCC GET that allows for an attacker to spoof a legitimate file and instead send an executable that can lead to a compromise.
1526285a6cfee9ec7f27c916f95f1a43e3c750528310833886e933edd45409b5
UnitedLinux 1.0 ships with /usr/src/packages recursively set with full read, write, and execute permissions which makes way for planting of rogue source, ultimately leading to a full system compromise.
1ec77d05a51e34bf8f10fddbcea60b702cb5fe474c39d04ba118f2d496c1a10e
Atstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.
819e7cf337971ea1efaa8dbf85a334f9b624b959117fa9e360810f3cac0f34ac
FreeBSD Security Advisory FreeBSD-SN-03:01 - Two different vulnerabilities in Samba have been recently identified by Sebastian Krahmer and Digital Defense, Inc. One is a race condition that could allow the overwriting of system files and the other is a buffer overflow that allows a remote attacker to gain root privileges.
23abd59338b2e7cba9ff83607ae2df35e0a61553e0f957bbac4570d67c681598
Digital Defense Inc. Security Advisory DDI-1013 - A buffer overflow exists in Samba which allows a remote attacker to gain root privileges due to a a StrnCpy() into a char array (fname) using a non-constant length (namelen). Versions affected: < Samba 2.2.8a, <= Samba 2.0.10, < Samba-TNG 0.3.2.
962ecad2179dfe0cee6faea84ca0c80848964f1c2c98c2fd4afdf1aee435a89b
Secure Network Operations Advisory 1106 - The AOLServer Proxy Daemon API contains exploitable syslog() calls in nspd/libnspd.a. This vulnerability is remotely exploitable.
68e25eb097cfab06cdbd23579c0aa94b2ed828355e93606d120a274ab998f1fe
The 3Com 812 ADSL router will expose an internal computer's ports to an external computer once a connection between the two is established. Although 3Com denotes this as a feature, it inadvertently will leave a victim open to attack for up to 2 minutes.
a2090b18c0a9dfa47daaecc15e140a765d5af83ff73bec3f09c43087386c7f59
There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. This problem is not related to the recent ISS vulnerability announcement.
e56c207e41ff83acb9da15ebf18f6f1fbeb72d0a5ba1c4f489470c49b23fc690
iDEFENSE Security Advisory 03.31.03 - An exploitable buffer overflow has been found in Apple Computer's QuickTime Player v5.x and 6.0 which allows the remote execution of arbitrary code via long quicktime:// URL's or the -u command line switch. Any remote attacker can compromise a target system if he or she can convince a user to load a specially crafted exploit URL. Upon successful exploitation, arbitrary code can be executed under the privileges of the user who launched QuickTime.
63b4e5946d2c0800bdcb621548d55499d68e76124dd328d5ff058b472234203b
NSFOCUS Security Advisory SA2003-03 - A local heap overflow was found in Sun Solaris's CDE manager dtsession which allows local users to execute code as root by setting a long HOME environment variable. Solaris 2.6, 2.7, 2.8, and 2.9 is affected.
d906f6000cf9a6b6bcee5345838232d36117025f3b2186a0a45ac2f0045dbe5a