Software Insight Security Research Advisory #NISR29042003 - A classic stack based buffer overflow vulnerability exists in the Oracle database server that can be set up for exploitation by providing an overly long parameter for a connect string with the 'CREATE DATABASE LINK' query.
c3f8b0302120eee28deb89f9e37d6fc46825608d07e31b5127eebc4b72b60651Kerio Personal Firewall version 2.1.4 and below is vulnerable to a replay attack against the authenticated/encrypted channel for remote administration. A remotely exploitable buffer overflow also exists in the authentication process.
51f426c01a5ad688ec33c74da88fe1f7fc33549a9d8404fc4084179856d88505INetCop Security Advisory #2003-0x82-016 - Qpopper v4.0.x poppassd, the utility that allows users to change their mail passwords, is setuid root and allows for a definable path to smbpasswd. In doing so, a local attacker can easily escalate to root privileges.
20cb7ad78ee34a4462fc2669a4d2d11d3fe2de2037bd5095118d7d9b3abee361The code used in Microsoft Internet Explorer to parse web servers' HTTP
8409c280ff9852eade3c78cd582096e5c515b89d13acd91bc6e53196eeb73d5bSecure Network Operations Advisory SRT2003-04-24-1532 - The Options Parsing Tool shared library is vulnerable to a buffer overflow. If a setuid application makes use of this shared library privilege escalation can occur.
27653feb879a2466532cbf9dc02ab5adf50adeae30aed387f0723aaaaf1e7e51NGSSoftware Insight Security Research Advisory NISR24042003 - There is an exploitable heap overflow vulnerability in Microsoft's ActiveX control, Plugin.ocx. By default, plugin.ocx is marked safe for scripting, and as such, if an IE user were to visit a malicious web page, the overflow could be triggered allowing for a remote compromise of the user's machine. Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1.
09846f5747f8a68ae2082855b7b8bddf3aa795b6b67998718a647a62cd330cdcCisco Security Advisory: Cisco Catalyst software permits unauthorized access to the enable mode in the 7.5(1) release. Once initial access is granted, access can be obtained for the higher level "enable" mode without a password. This
d785b165ef0019a6df143d4b4bea9a49bff722284b56119f4262c51bbecfe4e9A vulnerability in the Xeneo Web Server can be exploited by malicious attackers to cause a denial of service due to an error in the handling of requests including a malformed URL encoding representation of a character.
893273caaeca2a5baa326a0456742a7e0d82e24c4657dbd8a249341dabfc93f5Cisco Security Advisory - Cisco Secure ACS for Windows is vulnerable to a buffer overflow on the administration service which runs on TCP port 2002. Exploitation of this vulnerability results in a Denial of Service, and can potentially result in system administrator access. Cisco Secure ACS versions up to and including version 2.6.4 , 3.0.3, and 3.1.1 are affected by this vulnerability.
480f30faba4a7dc1e5a194019281b719a20ce957e96e56bdb9b229dec2c34792Next Generation advisory NGSEC-2003-5. YABBS, the popular BBS system for unix and Windows, has a vulnerability in the HttPush code that allows a remote attacker to inject evil code via its PHP language support.
a52311ed4ce82096496852dbff6937714db96a018f5f4bc4c0c30521de8a9711A race condition exists in Windows XP Service Control Manager Service Shutdown Mechanism when a service shutdown is not correctly completed in a desired time period. Normal users can access open files which may end up with randomly cached data that could contain restricted data. Microsoft has not announce any plans to backport a patch but has announced that this issue will be addressed in Windows Server 2003.
41a02ad828c3ebc0dc61cce406afdab9e7375f885ee18abb77135abf5f1365c2A vulnerability discovered in Macromedia Flash in the advertisement user tracking field allows a remote user to perform Cross Site Scripting attacks and retrieve session information.
34cb76eaf3582ec18e4bc5d34fcd6e9901f19799e986a3588f9d2598636673d3Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.
ca8fa585c5c12890f30e767074ee9e77851c6c136557059afdae4911aeae24fdiDEFENSE Security Advisory 04.08.03 - Remote exploitation of a memory leak in the Apache 2.0 HTTP Server causes the characters. The web server allocates an eighty-byte buffer for each linefeed character without specifying an upper limit for allocation. Consequently, an attacker can remotely exhaust system resources by generating many requests containing these characters. Versions affected: < 2.0.45.
b48df828dbdecf9e21604f43457d667566af6ec88eb59354928059fb5619165diDEFENSE Security Advisory 04.09.03 - A vulnerability exists in Microsoft's Internet Security and Acceleration Server that allows attackers to cause a denial-of-service condition by spoofing a specially crafted packet to the target system. Another impact of this vulnerability is the capability of a remote attacker to generate an infinite packet storm between two unpatched systems implementing ISA Server or MS Proxy 2.0 over the Internet.
b573e2b6f6a85ab874cda45b55e19be72c075584f1a76e5079e895a43dc4c0demIRC versions 6.03 and below has limited visibility during a DCC GET that allows for an attacker to spoof a legitimate file and instead send an executable that can lead to a compromise.
1526285a6cfee9ec7f27c916f95f1a43e3c750528310833886e933edd45409b5UnitedLinux 1.0 ships with /usr/src/packages recursively set with full read, write, and execute permissions which makes way for planting of rogue source, ultimately leading to a full system compromise.
1ec77d05a51e34bf8f10fddbcea60b702cb5fe474c39d04ba118f2d496c1a10eAtstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.
819e7cf337971ea1efaa8dbf85a334f9b624b959117fa9e360810f3cac0f34acFreeBSD Security Advisory FreeBSD-SN-03:01 - Two different vulnerabilities in Samba have been recently identified by Sebastian Krahmer and Digital Defense, Inc. One is a race condition that could allow the overwriting of system files and the other is a buffer overflow that allows a remote attacker to gain root privileges.
23abd59338b2e7cba9ff83607ae2df35e0a61553e0f957bbac4570d67c681598Digital Defense Inc. Security Advisory DDI-1013 - A buffer overflow exists in Samba which allows a remote attacker to gain root privileges due to a a StrnCpy() into a char array (fname) using a non-constant length (namelen). Versions affected: < Samba 2.2.8a, <= Samba 2.0.10, < Samba-TNG 0.3.2.
962ecad2179dfe0cee6faea84ca0c80848964f1c2c98c2fd4afdf1aee435a89bSecure Network Operations Advisory 1106 - The AOLServer Proxy Daemon API contains exploitable syslog() calls in nspd/libnspd.a. This vulnerability is remotely exploitable.
68e25eb097cfab06cdbd23579c0aa94b2ed828355e93606d120a274ab998f1feThe 3Com 812 ADSL router will expose an internal computer's ports to an external computer once a connection between the two is established. Although 3Com denotes this as a feature, it inadvertently will leave a victim open to attack for up to 2 minutes.
a2090b18c0a9dfa47daaecc15e140a765d5af83ff73bec3f09c43087386c7f59There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. This problem is not related to the recent ISS vulnerability announcement.
e56c207e41ff83acb9da15ebf18f6f1fbeb72d0a5ba1c4f489470c49b23fc690iDEFENSE Security Advisory 03.31.03 - An exploitable buffer overflow has been found in Apple Computer's QuickTime Player v5.x and 6.0 which allows the remote execution of arbitrary code via long quicktime:// URL's or the -u command line switch. Any remote attacker can compromise a target system if he or she can convince a user to load a specially crafted exploit URL. Upon successful exploitation, arbitrary code can be executed under the privileges of the user who launched QuickTime.
63b4e5946d2c0800bdcb621548d55499d68e76124dd328d5ff058b472234203bNSFOCUS Security Advisory SA2003-03 - A local heap overflow was found in Sun Solaris's CDE manager dtsession which allows local users to execute code as root by setting a long HOME environment variable. Solaris 2.6, 2.7, 2.8, and 2.9 is affected.
d906f6000cf9a6b6bcee5345838232d36117025f3b2186a0a45ac2f0045dbe5a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed