Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed


Posted Jun 29, 2003
Authored by Brett Moore SA | Site security-assessment.com

Windows Media Services Remote Command Execution - There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request to the server that could cause IIS to fail or execute code on the system.

tags | advisory, remote, web
systems | windows
MD5 | 884971311330a4b4a7e0c942d694fe37
Posted Jun 25, 2003
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.

tags | advisory, remote, overflow, arbitrary
MD5 | a9fad58fc9ca8bf01e6e1040fcf5cfae
HexView Security Advisory 2003-06-07.01
Posted Jun 25, 2003
Authored by HexView, SGI Security | Site sgi.com

SGI Security Advisory 20030607-01-P - Several bugs in the IRIX 6.5.19 implementation of IPv6 result in inetd becoming hung when port scanned, snoop unable to handle packets as root, and other non-security related issues.

tags | advisory, root
systems | irix
MD5 | 99d2e0ce6890eb6a4b4d3ae5e453c5d5
Posted Jun 24, 2003
Authored by Strategic Reconnaissance Team | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-06-20-123 - The Progress 4GL Compiler version 9.1D06 and below has a datatype buffer overflow that can be exploited if a malicious .p file is compiled. Both the Win32 and Unix variants are affected by this.

tags | advisory, overflow
systems | windows, unix
MD5 | bb498839551e11ac1506f58d96c4a5b5
Posted Jun 22, 2003
Authored by Xpl017Elz | Site inetcop.org

INetCop Security Advisory #2003-0x82-018 - The GNU bug tracking system GNATS has two bugs that exist in the pr-edit (Problem report editor) program. There is a heap based overflow when a user uses the -d option to input a directory name under version 3.2 There is an environment variable overflow vulnerability in version 3.113.x that will also yield root privileges.

tags | advisory, overflow, root
MD5 | ebc815caa9bbe255fc983c4395f2428d
Rapid7 Security Advisory 14
Posted Jun 21, 2003
Authored by Rapid7 | Site rapid7.com

Rapid 7 Security Advisory - The secure redirect function of the RSA ACE/Agents protecting IIS, Apache, or SunONE web servers contains a cross-site scripting vulnerability. The redirector does not properly escape special characters, so requests for a URL containing special script characters will cause the ACE/Agent to emit a page containing web script which would execute in the user's browser. An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access.

tags | advisory, web, xss
MD5 | 09a16fe365aa5f4e950536f6336e06a7
HexView Security Advisory 2003-06-05.01
Posted Jun 21, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030605-01-A - SGI acknowledges the MIPSPro compiler temporary file vulnerability reported by Crimelabs. The have nothing else to say about it at this time.

tags | advisory
MD5 | 2256e1cbf6d189696e2dd6a88d6633af
Posted Jun 14, 2003
Authored by Strategic Reconnaissance Team | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-06-13-0945: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files for use in a dlopen statement Progress choose to look in the users PATH. No verification is performed upon the object that is located thus local non super users can make themselves root. Most binaries in /usr/dlc/bin can be exploited via this method.

tags | advisory, local, root
MD5 | 7d79cf3811a56411f9d824d6ddc84af5
Posted Jun 14, 2003
Authored by LyNx

Signal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.

tags | advisory, remote
systems | linux, windows
MD5 | 8f3be32610c19c703a73542c27a25bfd
Posted Jun 14, 2003
Authored by Strategic Reconnaissance Team | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-06-12-0853: ike-scan, a tool to perform security audits in the VPN arena, is vulnerable to privilege escalation if it is setuid root for other users on the system to make use of the tool.

tags | advisory, root
MD5 | cd1c7127a25a9dc04e2cb6e8d7fbd9b3
iDEFENSE Security Advisory 2003-06-11.t
Posted Jun 14, 2003
Authored by iDefense Labs, Michael Sutton | Site idefense.com

iDEFENSE Security Advisory 06.11.03 - SMC Networks Barricade Wireless Cable/DSL Broadband Router version SMC7004VWBR crashes when a specially formatted series of packets are sent to TCP port 1723 (PPTP) on its internal interface. Following the attack, the router remains unresponsive to requests on the wireless portions of the connected LAN, thus preventing users from accessing network resources.

tags | advisory, tcp
MD5 | 763df2e8cde5475143e64a2215e3cb6d
Posted Jun 11, 2003
Authored by Strategic Reconnaissance Team | Site secnetops.com

Secure Network Operations Advisory SRT2003-06-05-0935 - The ftpd that comes default with HPUX 11 is vulnerable to an attack that will allow an attacker to view the contents of any file on the system without first authenticating. To patch this, install HPUX patch PHNE_21936 or higher.

tags | advisory
systems | hpux
MD5 | de85baf9ed049866832200e258542247
Posted Jun 11, 2003
Authored by Pokleyzz | Site scan-associates.net

mnGoSearch, formerly known as UdmSearch, has buffer overflow vulnerabilities in versions 3.1.20 and 3.2.10. In 3.1.20, the ul variable can be overflowed to allow remote command execution as the webserver user id. In 3.2.10, a remote attacker can crash search.cgi by overflowing the tmplt variable.

tags | advisory, remote, overflow, cgi, vulnerability
MD5 | d2d980d8b39388df16f9838e66d33881
Posted Jun 11, 2003
Authored by Dr. Insane | Site members.lycos.co.uk

Mollensoft Hyperion FTP Server version 3.5.2 is vulnerable to multiple buffer overflows that affect the cwd, mkd, rmd, stat, and nlst commands. Use of the overflows allow a remote attacker to cause a denial of service and there is the possibility of arbitrary code execution.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
MD5 | 534fa8af4ba66004411b9fbaf7ab7045
Posted Jun 3, 2003
Site gentoo.org

Apache Tomcat versions prior to tomcat-4.1.24 create /opt/tomcat with a directory mode which allowed users to access files containing passwords.

tags | advisory
MD5 | 98a899388064f4a01947cc96ab9484a8
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Lebanese Government Hackers Hit Thousands Of Victims With Incredibly Simple Campaign
Posted Jan 19, 2018

tags | headline, government, malware, fraud, cyberwar, phish
Dridex Banking Trojan Compromises FTP Sites In New Campaign
Posted Jan 19, 2018

tags | headline, malware, bank, trojan, cybercrime, fraud
Triton Exploited Zero-Day Flaw To Target Industrial Systems
Posted Jan 19, 2018

tags | headline, hacker, malware, cyberwar, scada
Apple Sued Over Being Susceptible To Meltdown / Spectre
Posted Jan 19, 2018

tags | headline, flaw, apple, intel
Intel Fix Causes Reboots And Slowdowns
Posted Jan 18, 2018

tags | headline, flaw, intel
Text Bomb Is Latest Apple Bug
Posted Jan 18, 2018

tags | headline, phone, denial of service, flaw, apple
Industrial Systems Scrambling To Catch Up With Meltdown, Spectre
Posted Jan 18, 2018

tags | headline, flaw, scada, intel
German Hacker Offers Rare Look Inside Secretive World Of Julian Assange, WikiLeaks
Posted Jan 18, 2018

tags | headline, hacker, government, britain, data loss, germany
Google Intros Security Center Tool For G Suite
Posted Jan 18, 2018

tags | headline, google
Hackers Can't Dig Into Latest Xiaomi Phone Due To GPL Violations
Posted Jan 18, 2018

tags | headline, hacker, phone, google
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By