Windows Media Services Remote Command Execution - There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request to the server that could cause IIS to fail or execute code on the system.
8f2e5764c182b67bd6e0097fd3e00391b5ccda2203e5742a4792b474ff7bf79cNGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.
6792c533a2cd9f5fcacddb71b75e2176618d3457d31728ba0246ae3dfa98eb02SGI Security Advisory 20030607-01-P - Several bugs in the IRIX 6.5.19 implementation of IPv6 result in inetd becoming hung when port scanned, snoop unable to handle packets as root, and other non-security related issues.
0fdaa24f936f93dd53593bf93d40a3969220454aeead17be748bfea6c4c28e2dSecure Network Operations, Inc. Advisory SRT2003-06-20-123 - The Progress 4GL Compiler version 9.1D06 and below has a datatype buffer overflow that can be exploited if a malicious .p file is compiled. Both the Win32 and Unix variants are affected by this.
22d12cc34b522d69526bd9f24df1b3f06220ba1e69d4b24bfbecb9b39aa132baINetCop Security Advisory #2003-0x82-018 - The GNU bug tracking system GNATS has two bugs that exist in the pr-edit (Problem report editor) program. There is a heap based overflow when a user uses the -d option to input a directory name under version 3.2 There is an environment variable overflow vulnerability in version 3.113.x that will also yield root privileges.
ec98715198eb39ad65760e2d10ba0f2596b85ed8ee3d03b7491e1cdb626cea06Rapid 7 Security Advisory - The secure redirect function of the RSA ACE/Agents protecting IIS, Apache, or SunONE web servers contains a cross-site scripting vulnerability. The redirector does not properly escape special characters, so requests for a URL containing special script characters will cause the ACE/Agent to emit a page containing web script which would execute in the user's browser. An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access.
d332921b1cffe2e12b86291375e5c8fff2ac5021f59bc3b7ad98fa7a22fa41c9SGI Security Advisory 20030605-01-A - SGI acknowledges the MIPSPro compiler temporary file vulnerability reported by Crimelabs. The have nothing else to say about it at this time.
3977debbe76e19253bd052ccf85de793d7de03b7c0daa864382ffc4feafb04e9Secure Network Operations, Inc. Advisory SRT2003-06-13-0945: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files for use in a dlopen statement Progress choose to look in the users PATH. No verification is performed upon the object that is located thus local non super users can make themselves root. Most binaries in /usr/dlc/bin can be exploited via this method.
cc47dfe490340c579a133daf438955383d7c3fc7d41008a2aff2e5564b96be2bSignal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.
39d24e0bf7039655f777a3ec241d81e2d5c2ad7d2f230207fedcc80f5217e6f8Secure Network Operations, Inc. Advisory SRT2003-06-12-0853: ike-scan, a tool to perform security audits in the VPN arena, is vulnerable to privilege escalation if it is setuid root for other users on the system to make use of the tool.
fb2974b5f5f7c3955537f5144cea1e1d3cf3625114335c88e940fcbfb22ad899iDEFENSE Security Advisory 06.11.03 - SMC Networks Barricade Wireless Cable/DSL Broadband Router version SMC7004VWBR crashes when a specially formatted series of packets are sent to TCP port 1723 (PPTP) on its internal interface. Following the attack, the router remains unresponsive to requests on the wireless portions of the connected LAN, thus preventing users from accessing network resources.
06f5f4530631ec6de5e22a571bf7126c7ed146ccc935738f187e5617f9acca31Secure Network Operations Advisory SRT2003-06-05-0935 - The ftpd that comes default with HPUX 11 is vulnerable to an attack that will allow an attacker to view the contents of any file on the system without first authenticating. To patch this, install HPUX patch PHNE_21936 or higher.
ca94fbeffc52d8737dabb08617866e580015a18548c6d5700a7f24fa31421685mnGoSearch, formerly known as UdmSearch, has buffer overflow vulnerabilities in versions 3.1.20 and 3.2.10. In 3.1.20, the ul variable can be overflowed to allow remote command execution as the webserver user id. In 3.2.10, a remote attacker can crash search.cgi by overflowing the tmplt variable.
ac17442c31b15e3413d421ae705ffc5b64ba90f58e3a9a45847804e8ab31da87Mollensoft Hyperion FTP Server version 3.5.2 is vulnerable to multiple buffer overflows that affect the cwd, mkd, rmd, stat, and nlst commands. Use of the overflows allow a remote attacker to cause a denial of service and there is the possibility of arbitrary code execution.
8f2e8ae2402a5f86274866eb84ecb38d70550e59db91e4899c4661a2e0f09d85Apache Tomcat versions prior to tomcat-4.1.24 create /opt/tomcat with a directory mode which allowed users to access files containing passwords.
cde571310caa333d67c4be137c14773e0f74daef1c8995e8560ef274ee015dff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed