A buffer overflow vulnerability exists in the way a dynamic linking library (ssinc.dll)that is shipped with Microsoft IIS 4.0/5.0 handles the files it contains. Exploiting the vulnerability, local attackers could gain local system privileges.
80719fd500d2b9d91176bd0bb701df5bd2e4fa86a32fd7e6ccc2f7e5f15285f1
iDEFENSE Security Advisory 05.30.03: Passing an overly long string to the apr_psprintf() APR library function that is used by the Apache HTTP Server could cause an application to reference memory that should have already been returned to the heap allocation pool.
8f14d25b16284066d16c7efda2e0561997eb563778e85bcaa8276dd562be3cf7
The Goldmine mail agent can run arbitrary code via a malicious formed HTML e-mail. It does not even run the email in the 'security zone' as does Microsoft Outlook, but passes anything that looks like HTML to be executed unrestricted directly to the default Browser, which for many is usually Internet Explorer.
1b72a78af77f5a6ac40daf2d853841dc47e50923fa1bb291243b012faeec5599
Amusing addition to the vulnerability found in the Axis Network Camera HTTP server. Apparently the de-facto e-mail address for SMTP alerts is set to mail@somewhere.com and if this feature is enabled without changing the destination address, somewhere.com gets some very amusing insight as to what is being watched. Original vulnerability information is posted here.
225016262e5a5cb529003c7be0a202c691267391dccb9c88e1e937a94f4e7f81
S 2 1 S E C Advisory 017 - The Vignette Content Management and Application Portal software is vulnerable to a remote attacker accessing the SQL database without authentication by modifying a cookie. Affected versions: StoryServer 4 and 5 and Vignette V/5.
71e86e2b59d1310641859df7e5da7efd9c2cdd6dcc72e7971a5e708a03dbdc31
S 2 1 S E C Advisory 016 - Vignette Content Management and Application Portal software has a vulnerability that allows a remote attacker to inject a server side include that could lead to remote command execution. Affected versions include, but are not limited to, StoryServer 4 and 5 and Vignette V/5 and V/6.
6e683b01ef73501f7cca1af2773c0055d0e02e01749b77df85c5932c64cee74a
The AnalogX Proxy server suffers from a buffer overflow when handed a URL that is greater than 340 bytes in size. A specially crafted URL allows for remote execution of arbitrary code.
00acd9a86b5f532bc3c62df4b34c0948e2eab07919c6eb2747879cb3facc445d
Mailmax Version 5 has a buffer overflow condition in its IMAP4 server that can cause the service to stop responding and allows a remote attacker to overwrite the exception handler on the stack. Doing this could allow arbitrary code execution as the SYSTEM user.
77a4c3f55a95ea74b2243674c8580202f49806febff62a751e26591ada15dac5
Atstake Security Advisory A051203-1 - The Apple AirPort XORs a password with a fixed maximum of 32 bytes against a predefined key. If a password is set to one character, a simple sniff of the 32 byte block will reveal 31 bytes of the XOR key. The final byte can be obtained by XORing the obfuscated first byte against the first character of the plaintext password.
72c9a3c6b408f1e2bd344bc4e089fb5e6fd14d01b2497ba07065546cd0280432
Secunia Research Advisory - Opera browser versions 7.10 and 7.03 suffer from denial of service and possible remote code execution vulnerabilities due to incorrect handling of long filename extensions.
6813e2fb04422a621b2923b0573f448627a664e0e64d5de3ab7ba2ce8d64ae00
A buffer overflow exists in the ESMTP CMailServer 4.0.2002.11.24 SMTP Service, resulting in a denial of service attack. It is possible to overwrite the exception handler on the stack allowing a system compromise with code execution running as SYSTEM.
5b6c7e29cda4b4895c96fe3a992e7e4f08e616bb0355e42816d8f3195bf180b9
Secure Network Operations, Inc. Advisory SRT2003-05-08-1137: A problem appears to be created by a series of strcat(), sprintf(), and strcpy() functions in ListProc <= 8.2.09 enabling an attacker to gain root privileges through a buffer overflow.
6f50fd0f97d230ad3274da01950442528af3f72db94c34f4def4b44e8d943785
Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.
6830f8477260f63dd614d39ad9542f854621edd6549ee5f678a0dddd09b987a6
NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.
54067ee210fce9b8f593df9b701aad1f9b7f8d14e93cc22925ce3b332df7bdb6
NGSSoftware Insight Security Research Advisory #NISR07052003A - SLMail 5.1.0.4420 suffers from multiple remotely exploitable buffer overflows in its SMTP engine, poppasswd and pop3 server.
f1596ac171952997d68b570e48c7d33e603793b70bb773d5a05f225bd2eec995
Cisco Security Advisory: Multiple vulnerabilities have been found in the Cisco VPN 3000 Concentrator series which includes models 3005, 3015, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client. The enabling IPSec over TCP, malformed SSH initialization packet, and malformed ICMP traffic vulnerabilities are discussed.
af88958829ec7097e77e47c07920a93812b55c63f638f0ac556a6c8a32743dc5
Core Security Technologies Advisory ID: CORE-2003-0303 - Six vulnerabilities have been found in the Mirabilis ICQ Pro 2003a client that are both locally and remotely exploitable. Use of these allow for remote code execution and a denial of service.
0991a1824e78e4c8354e6a13a23e4dcb0744e6f23f88a6827fb82c4a80bcd380
youbin, the utility that acts as a network version of the utility biff, has insufficient bounds checking that allows arbitrary code execution.
246db609e0835a2434298e984b43373b3bfa91bc54ee98a12910070f03a1b529