Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed


Posted Jun 29, 2003
Authored by Brett Moore SA | Site

Windows Media Services Remote Command Execution - There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request to the server that could cause IIS to fail or execute code on the system.

tags | advisory, remote, web
systems | windows
MD5 | 884971311330a4b4a7e0c942d694fe37
Posted Jun 25, 2003
Authored by Mark Litchfield | Site

NGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.

tags | advisory, remote, overflow, arbitrary
MD5 | a9fad58fc9ca8bf01e6e1040fcf5cfae
HexView Security Advisory 2003-06-07.01
Posted Jun 25, 2003
Authored by HexView, SGI Security | Site

SGI Security Advisory 20030607-01-P - Several bugs in the IRIX 6.5.19 implementation of IPv6 result in inetd becoming hung when port scanned, snoop unable to handle packets as root, and other non-security related issues.

tags | advisory, root
systems | irix
MD5 | 99d2e0ce6890eb6a4b4d3ae5e453c5d5
Posted Jun 24, 2003
Authored by Strategic Reconnaissance Team | Site

Secure Network Operations, Inc. Advisory SRT2003-06-20-123 - The Progress 4GL Compiler version 9.1D06 and below has a datatype buffer overflow that can be exploited if a malicious .p file is compiled. Both the Win32 and Unix variants are affected by this.

tags | advisory, overflow
systems | windows, unix
MD5 | bb498839551e11ac1506f58d96c4a5b5
Posted Jun 22, 2003
Authored by Xpl017Elz | Site

INetCop Security Advisory #2003-0x82-018 - The GNU bug tracking system GNATS has two bugs that exist in the pr-edit (Problem report editor) program. There is a heap based overflow when a user uses the -d option to input a directory name under version 3.2 There is an environment variable overflow vulnerability in version 3.113.x that will also yield root privileges.

tags | advisory, overflow, root
MD5 | ebc815caa9bbe255fc983c4395f2428d
Rapid7 Security Advisory 14
Posted Jun 21, 2003
Authored by Rapid7 | Site

Rapid 7 Security Advisory - The secure redirect function of the RSA ACE/Agents protecting IIS, Apache, or SunONE web servers contains a cross-site scripting vulnerability. The redirector does not properly escape special characters, so requests for a URL containing special script characters will cause the ACE/Agent to emit a page containing web script which would execute in the user's browser. An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access.

tags | advisory, web, xss
MD5 | 09a16fe365aa5f4e950536f6336e06a7
HexView Security Advisory 2003-06-05.01
Posted Jun 21, 2003
Authored by HexView | Site

SGI Security Advisory 20030605-01-A - SGI acknowledges the MIPSPro compiler temporary file vulnerability reported by Crimelabs. The have nothing else to say about it at this time.

tags | advisory
MD5 | 2256e1cbf6d189696e2dd6a88d6633af
Posted Jun 14, 2003
Authored by Strategic Reconnaissance Team | Site

Secure Network Operations, Inc. Advisory SRT2003-06-13-0945: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files for use in a dlopen statement Progress choose to look in the users PATH. No verification is performed upon the object that is located thus local non super users can make themselves root. Most binaries in /usr/dlc/bin can be exploited via this method.

tags | advisory, local, root
MD5 | 7d79cf3811a56411f9d824d6ddc84af5
Posted Jun 14, 2003
Authored by LyNx

Signal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.

tags | advisory, remote
systems | linux, windows
MD5 | 8f3be32610c19c703a73542c27a25bfd
Posted Jun 14, 2003
Authored by Strategic Reconnaissance Team | Site

Secure Network Operations, Inc. Advisory SRT2003-06-12-0853: ike-scan, a tool to perform security audits in the VPN arena, is vulnerable to privilege escalation if it is setuid root for other users on the system to make use of the tool.

tags | advisory, root
MD5 | cd1c7127a25a9dc04e2cb6e8d7fbd9b3
iDEFENSE Security Advisory 2003-06-11.t
Posted Jun 14, 2003
Authored by iDefense Labs, Michael Sutton | Site

iDEFENSE Security Advisory 06.11.03 - SMC Networks Barricade Wireless Cable/DSL Broadband Router version SMC7004VWBR crashes when a specially formatted series of packets are sent to TCP port 1723 (PPTP) on its internal interface. Following the attack, the router remains unresponsive to requests on the wireless portions of the connected LAN, thus preventing users from accessing network resources.

tags | advisory, tcp
MD5 | 763df2e8cde5475143e64a2215e3cb6d
Posted Jun 11, 2003
Authored by Strategic Reconnaissance Team | Site

Secure Network Operations Advisory SRT2003-06-05-0935 - The ftpd that comes default with HPUX 11 is vulnerable to an attack that will allow an attacker to view the contents of any file on the system without first authenticating. To patch this, install HPUX patch PHNE_21936 or higher.

tags | advisory
systems | hpux
MD5 | de85baf9ed049866832200e258542247
Posted Jun 11, 2003
Authored by Pokleyzz | Site

mnGoSearch, formerly known as UdmSearch, has buffer overflow vulnerabilities in versions 3.1.20 and 3.2.10. In 3.1.20, the ul variable can be overflowed to allow remote command execution as the webserver user id. In 3.2.10, a remote attacker can crash search.cgi by overflowing the tmplt variable.

tags | advisory, remote, overflow, cgi, vulnerability
MD5 | d2d980d8b39388df16f9838e66d33881
Posted Jun 11, 2003
Authored by Dr. Insane | Site

Mollensoft Hyperion FTP Server version 3.5.2 is vulnerable to multiple buffer overflows that affect the cwd, mkd, rmd, stat, and nlst commands. Use of the overflows allow a remote attacker to cause a denial of service and there is the possibility of arbitrary code execution.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
MD5 | 534fa8af4ba66004411b9fbaf7ab7045
Posted Jun 3, 2003

Apache Tomcat versions prior to tomcat-4.1.24 create /opt/tomcat with a directory mode which allowed users to access files containing passwords.

tags | advisory
MD5 | 98a899388064f4a01947cc96ab9484a8
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
The Unpatchable Exploit That Makes Every Current Nintendo Switch Hackable
Posted Apr 24, 2018

tags | headline, hacker, flaw, nintendo
Police Visit Funeral Home To Unlock Dead Man's Phone
Posted Apr 24, 2018

tags | headline, government, privacy, usa, phone
Satan Ransomware Adds EternalBlue Exploit
Posted Apr 24, 2018

tags | headline, malware, microsoft, flaw, zero day, nsa
WikiLeaks, Russia, Trump Jr. Named In New DNC Hacking Lawsuit
Posted Apr 23, 2018

tags | headline, government, usa, russia, data loss, fraud, cyberwar
Quihoo 360 Finds Windows Zero Day, Stays Schtum On Specifics
Posted Apr 23, 2018

tags | headline, microsoft, china, flaw
Gmail Spam Mystery: Why Have Secure Accounts Started Spamming Themselves?
Posted Apr 23, 2018

tags | headline, email, spam, google
Iran's Banks Banned From Dealing In Crypto Currencies
Posted Apr 23, 2018

tags | headline, government, bank, iran, cryptography
RSA Fails To Assess Vendor, Leaks Attendee Details
Posted Apr 21, 2018

tags | headline, privacy, phone, data loss, flaw, conference, rsa
Trustjacking Exploit Abuses iTunes Feature To Spy On iOS Devices
Posted Apr 21, 2018

tags | headline, flaw, apple, conference
Ex-Employee Sun Trust Helps Compromise 1.5 Million Bank Clients
Posted Apr 21, 2018

tags | headline, privacy, bank, cybercrime, data loss, fraud
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By