NetTerm-NetFTPD 4.2.2 suffers from multiple buffer overflows that can cause a denial of service against the server and possibly execute arbitrary commands.
5a306efd007be6e93b46a57ca18e8723f5dbb426b9df29199030f5864f8bfe0d
CERT Advisory CA-2003-16 - A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
b9bb753690553d6b31adc50199b09cdd488ccbf24144a64753c7c243ee7add0a
A massive security vulnerability has been discovered in all recent versions of the Microsoft operating systems. There is a buffer overflow vulnerability that exists in an integral component of any Windows operating system, the RPC interface implementing Distributed Component Object Model services, or DCOM, that allows remote attackers to obtain unauthorized access to vulnerable systems.
a2ab7e1ad93e552958685d18447336ec08b35a14099950c3e45ea405d5917eaf
CERT Advisory CA-2003-15 - A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable device.
af2755db813b1d4f9af9eda1bf413ce515f313ada93635dacefd03868b8b3d34
Advisory that discusses exploitation of the University of Minnesota Gopherd version 3.0.5 and below that makes use of the do_command() buffer overflow vulnerability.
41cd532c2317311e30c49cbcf529fbe61127eae9f335f83232fabbf1837663ed
Cisco Security Advisory: Cisco routers and switches running the IOS software are vulnerable to a denial of service attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full.
ef0504594a7ab6822dce58c8ba0c82480259ebe0b5d86f0f970b4e558f0f7b36
omniHTTPD 2.10 suffers from cross site scripting vulnerabilities that could lead to session hijacking.
52b5848c269b6da5f3724ecbe6e5ea940b8b8a3fbcfd5bff25bae930f4ebc792
SGI Security Advisory 20030702-01-P - It has been reported that logging into an IRIX 6.5 machine while particular environment variables are set can lead to /usr/lib/iaf/scheme dumping core. Since scheme is suid root, this could potentially lead to a root compromise.
cf55ec3e1e580ca7b85e91d22604fd9c68c6799680b2b730027f68cf4fe308de
SGI Security Advisory 20030701-01-P - Multiple vulnerabilities have been found in the Name Service Daemon, or nsd, on IRIX below version 6.5.21.
b6218821e51de97c515742f76bc0a7393297d398e8dfbefd71584ac16e407bec
The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
28d4e09c66a69895f688844fb1bccd3d2a1a91ee3d29b78564222eda4b3156f0
The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
051076503bc72c2b87f59aeb4ad73074c982cd00eb77cfd9f35afb69941adc65
Citadel/UX BBS versions 6.07 and below have faulty boundary checking that allows arbitrary code execution, poor random number seeding that allows predictable authentication tokens, and do not keep a user from filling up the harddrive when entering in data via the biography section.
85126978760da416df1927103a59644cf4487bcea2d8fd64641318e7d07a0eb7
Secure Network Operations, Inc. Advisory SRT2003-07-16-0358 - Backup and Restore Utility for Unix, aka BRU, has buffer overflow and formatting issues that allow a local user to escalate to root privileges due to poor usage of vsprintf().
78b6927c404e9221ca05fc1f8d33bab549bfa2eea16bf5b41e2c50ba75a66ad3
Secure Network Operations, Inc. Advisory SRT2003-07-08-1223 - IBM U2 UniVerse version 10.0.0.9 and below allows the uvadm user to escalate to root privileges via a buffer overflow in uvadmsh.
07bee1686a0c83e96b5a7d0c30fcdc0f47ba477ddd22842dd3e50400b4aa78c6
nfs-utils version 1.0.3 and below for Linux has an off-by-one bug that allows a local or remote attacker to send an RPC request to mountd that could execute arbitrary code or cause a denial of service.
3fe1bcb8239cc8b00c2dfcf354fa601b0b377cb56afd088883e8b2af3724d591
A buffer overflow has been discovered in the IMAP4rev1 MDaemon v6.7.9 and below that can allow malicious users to remotely crash this application and commit code execution with SYSTEM privileges.
abf6ce1c4d9bf7f8ca7fe731e42afda03ebc4f4ddfc1cbcedb749995121a265c
The TurboFTP client version 3.85 Build 304 is vulnerable to a buffer overflow attack from a malicious FTP server that can result in a denial of service and possibly remote command execution.
f666e3f6258f9bbb643fec3e3b0a1981eba0a2e3fab1c7aec152a14da0621a2d
MABRY ftpd is vulnerable to buffer overflows that result in a denial of service via the CWD, STAT, MKD, LIST, and RMD commands when an excess of 3200 bytes are sent.
2bd66cc50e84bb2b6524a75df67d487708d102ac22c134345b076c0ea1a49942
Cisco Security Advisory: After receiving eight TCP connection attempts using a non-standard TCP flags combination, a Catalyst switch will stop responding to further TCP connections to that particular service. In order to re-establish functionality of that service, the switch must be rebooted. CatOS for the following models is affected: 4000 Series including models 2948G and 2980G/2980G-A, 5000 Series including models 2901, 2902 and 2926, and the 6000.
43e0117dba1a5cf8c123455025e2ce7fb4995a48d74dcb66f65cba5b74ca7a5f
Addition to Atstake Security Advisory A070803-1 clarifying that the named pipe vulnerability discussed lies within the Windows NT/XP/2000 platform and that SQL Server 7.0 can be used as an attack vector along with potentially many other applications.
26389446575344782062c92749190328e8a6e10abf5b4d0f5b30a7cea7e76538
Atstake Security Advisory A070803-1 - By specifying the name of a named pipe instead of a file, as an argument to Microsoft SQL Server's xp_fileexist extended stored procedure, one can impersonate the user account Microsoft SQL Server is running under. This is due to the behavior of the CreateFile system call and Windows named pipe impersonation. This is not limited to Microsoft SQL Server, but a system wide problem.
a0e2cd066322faccbeda17b525edc1bfe19a840681e371d62018efeea6586415
In 2001, Elcomsoft discovered serious security flaws in Adobe Acrobat where pdf files could load malicious plug-ins and have Acrobat believe they were digitally signed. A plug-in loaded in this manner can perform any file operations on the system. Adobe slacked on doing anything about this until CERT released an advisory on it in March of 2003. With the new releases from Adobe, these issues were supposed to be addressed but vulnerabilities still remain.
97736473454a303c89f45f58b292c5e56504cf1a2f5382462a575fa2f759cfc4
IglooFTP PRO 3.8 and possibly earlier versions suffers from multiple client side vulnerabilities including the banner, username, password, and account SMTP parameters. Related proof of concept exploit here.
be6ba59a065b4bbfe9a8f5feb2cda1345218b4d6b7fbaca76ce60f31f06aaf3d
Linux eXtremail versions 1.5-8 and below hold a format string vulnerability in its logging mechanism. Exploiting this can allow for arbitrary code execution or a denial of service on the server.
9f300aec91de3f79ec8ad7dea040e62aded97cd4340b3ea05a7067bc03e93163
DTORS Security - First Security Agent, the first screen locking tool for win32 is vulnerable to a local user changing or disabling the password via the system registry.
658980c23c1c70311de70e308d4e010c29a4e526b9221aee3b44e87b040fb2ef