Windows Media Services Remote Command Execution - There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request to the server that could cause IIS to fail or execute code on the system.
8f2e5764c182b67bd6e0097fd3e00391b5ccda2203e5742a4792b474ff7bf79c
NGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.
6792c533a2cd9f5fcacddb71b75e2176618d3457d31728ba0246ae3dfa98eb02
SGI Security Advisory 20030607-01-P - Several bugs in the IRIX 6.5.19 implementation of IPv6 result in inetd becoming hung when port scanned, snoop unable to handle packets as root, and other non-security related issues.
0fdaa24f936f93dd53593bf93d40a3969220454aeead17be748bfea6c4c28e2d
Secure Network Operations, Inc. Advisory SRT2003-06-20-123 - The Progress 4GL Compiler version 9.1D06 and below has a datatype buffer overflow that can be exploited if a malicious .p file is compiled. Both the Win32 and Unix variants are affected by this.
22d12cc34b522d69526bd9f24df1b3f06220ba1e69d4b24bfbecb9b39aa132ba
INetCop Security Advisory #2003-0x82-018 - The GNU bug tracking system GNATS has two bugs that exist in the pr-edit (Problem report editor) program. There is a heap based overflow when a user uses the -d option to input a directory name under version 3.2 There is an environment variable overflow vulnerability in version 3.113.x that will also yield root privileges.
ec98715198eb39ad65760e2d10ba0f2596b85ed8ee3d03b7491e1cdb626cea06
Rapid 7 Security Advisory - The secure redirect function of the RSA ACE/Agents protecting IIS, Apache, or SunONE web servers contains a cross-site scripting vulnerability. The redirector does not properly escape special characters, so requests for a URL containing special script characters will cause the ACE/Agent to emit a page containing web script which would execute in the user's browser. An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access.
d332921b1cffe2e12b86291375e5c8fff2ac5021f59bc3b7ad98fa7a22fa41c9
SGI Security Advisory 20030605-01-A - SGI acknowledges the MIPSPro compiler temporary file vulnerability reported by Crimelabs. The have nothing else to say about it at this time.
3977debbe76e19253bd052ccf85de793d7de03b7c0daa864382ffc4feafb04e9
Secure Network Operations, Inc. Advisory SRT2003-06-13-0945: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files for use in a dlopen statement Progress choose to look in the users PATH. No verification is performed upon the object that is located thus local non super users can make themselves root. Most binaries in /usr/dlc/bin can be exploited via this method.
cc47dfe490340c579a133daf438955383d7c3fc7d41008a2aff2e5564b96be2b
Signal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.
39d24e0bf7039655f777a3ec241d81e2d5c2ad7d2f230207fedcc80f5217e6f8
Secure Network Operations, Inc. Advisory SRT2003-06-12-0853: ike-scan, a tool to perform security audits in the VPN arena, is vulnerable to privilege escalation if it is setuid root for other users on the system to make use of the tool.
fb2974b5f5f7c3955537f5144cea1e1d3cf3625114335c88e940fcbfb22ad899
iDEFENSE Security Advisory 06.11.03 - SMC Networks Barricade Wireless Cable/DSL Broadband Router version SMC7004VWBR crashes when a specially formatted series of packets are sent to TCP port 1723 (PPTP) on its internal interface. Following the attack, the router remains unresponsive to requests on the wireless portions of the connected LAN, thus preventing users from accessing network resources.
06f5f4530631ec6de5e22a571bf7126c7ed146ccc935738f187e5617f9acca31
Secure Network Operations Advisory SRT2003-06-05-0935 - The ftpd that comes default with HPUX 11 is vulnerable to an attack that will allow an attacker to view the contents of any file on the system without first authenticating. To patch this, install HPUX patch PHNE_21936 or higher.
ca94fbeffc52d8737dabb08617866e580015a18548c6d5700a7f24fa31421685
mnGoSearch, formerly known as UdmSearch, has buffer overflow vulnerabilities in versions 3.1.20 and 3.2.10. In 3.1.20, the ul variable can be overflowed to allow remote command execution as the webserver user id. In 3.2.10, a remote attacker can crash search.cgi by overflowing the tmplt variable.
ac17442c31b15e3413d421ae705ffc5b64ba90f58e3a9a45847804e8ab31da87
Mollensoft Hyperion FTP Server version 3.5.2 is vulnerable to multiple buffer overflows that affect the cwd, mkd, rmd, stat, and nlst commands. Use of the overflows allow a remote attacker to cause a denial of service and there is the possibility of arbitrary code execution.
8f2e8ae2402a5f86274866eb84ecb38d70550e59db91e4899c4661a2e0f09d85
Apache Tomcat versions prior to tomcat-4.1.24 create /opt/tomcat with a directory mode which allowed users to access files containing passwords.
cde571310caa333d67c4be137c14773e0f74daef1c8995e8560ef274ee015dff