iDEFENSE Security Advisory 09.18.2002 - Three locally exploitable buffer overflows have been found in older versions of Tru64/OSF1. The -s parameter to the uucp utility can give local root, as can inc mail and dxterm.
613c7847d1e5ec418d42614e0651bd7d1c878053db6ad2a0af3bc69ad0dbbcc2Microsoft Windows NT, 2000 and XP do not check execution rights correctly before allowing 16-bit executables to load, allowing users to run 16 bit apps even if the execution permission is denied. More information available here.
6964e798605925a0df1a108eaea05a0cb0dce6760bfeb63b5160218271793347KPMG security advisory 2002035 - IBM Websphere 4.0.3 on Windows 2000 Server does not process large HTTP headers received from connected clients correctly. This can be used to remotely crash the application. The advisory contains patch information that can be used to counter this vulnerability.
42521d9ce42e9706532fdcd6ca4eb3e092a3f4f38c91caeec71e5b5a37a532d4The Check Point VPN-1/FireWall-1 4.1 and NG HTTP Security Server (in.ahttpd) can be used to proxy all kinds of different protocols. Since it is not possible to select the allowed protocols, this is considered a security risk.
a9b9e181e4d501629c8a297037d7956bcee7d444aaac7a7518d443cb31c01469Conectiva security advisory CLA-2002:524 - Several buffer overflow vulnerabilities found in PostgreSQL query functions affect Conectiva releases 6.0, 7.0 and 8. Abuse of these overflows, for which database access is needed, can result in a compromise of the affected systems.
a4d852419920ca11e133713dc203ab2d29ce4b0e093eb9b5b6244ae02f7fb036Personal FTP 4.0 stores all user names and passwords in the program in clear text, making it often possible to download all the users passwords.
4181e7f6b58a63526cec229d1d3ad58588252fdd1e3681f7f083a1f7753e2193NSSI-Research Labs Security Advisory NSSI-2002-sygatepfw5 - The Sygate Personal Firewall v5.0 does not log or block packets with a source address set to 127.0.0.1, allowing denial of service and other attacks. Tested under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a / Win2K Professional.
2040a3cfff094c044ece3e6a71854d2ed823fb4444b7f1e1eee639ea57f4aad4Outlook Express allows users to bypass many SMTP content protection programs by enabling the 'message fragmentation and re-assembly' feature. Vulnerable filters include GFI, Symantec, Trend Micro, and more.
f4e74ad446badf4dfeb8df4ef5e09926ea7b4179e2a15b6eeb976e5f55953a98GreyMagic Security Advisory GM#010-IE - Microsoft Internet Explorer 5.5 and above are vulnerable to an attacker who can execute scripts on any page that contains frame or iframe elements, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that an attacker can steal cookies from almost any site, access and change content in sites and in most cases also read local files and execute arbitrary programs on the client's machine. Note that any other application that uses Internet Explorer's engine is also affected.
536c623ed699440d80879e2d1a445648296439d9070e173e9d6be71b37dbd554Strategic Reconnaissance Team Security Advisory - The Tru64 operating system produced by HP/Compaq contains multiple buffer overflows in multiple system libraries and binaries. Tru64 is now shipped with its non-exec stack implementation enabled by default. This measure is intended to mitigate the risk presented by buffer overflow conditions in setuid binaries - However, it has been proven to be ineffective in preventing an attacker gaining increased privileges through traditional avenues of exploitation.
dd37ab957d77b03acf3db538c0909187267cdbbe7b785d465d561374ea3cb0cbThe NetGear FM114P is a hub, printer server, wireless access point, firewall and IDS. The firewalling module also supports filtering for domain names. This product does not resolve host and domain names by default. Due to this flaw, a user may access a site by entering the IP address instead of the host and domain name.
32ca50d10f76c08a1a6d948fd7845c7297eb3670d18b188200d7cb02da0cb701Rapid 7 Advisory R7-0005 - Granite Software ZMerge Administration Database Has Insecure Default ACLs. In the default configuration, the ZMerge administration database grants Manager access to all users (including anonymous web users). If the administrator neglects to change the database ACLs to something more appropriate, an unauthorized user could modify the data import/export scripts which might then be run by an administrator or scheduled agent.
fca3273915d5d225f6ed4dc2ee16b9d6643cd52d21160ebe5fc11fc9524bc748AFD v1.2.14 and below contains locally exploitable stack and heap overflows. Linux is verified to be vulnerable, other platforms are probably affected.
a980ba6ec8ed5d47bd0268e3701acab4f5636c2ef1af109cb0b08737c843510bCheckpoint Firewall-1 SecuRemote IKE usernames can be guessed or sniffed using IKE exchange and can be guessed separately from the password. Firewall-1 versions 4.0 SP 7, 4.1 SP2, 4.1 SP6, NG Base, NG FP1 and NG FP2 allow username guessing using IKE aggressive mode.
5a400ed8f87e890c92da75c23f927c0c3da387065ed5af4a3ab88c33d6c785a6NGSSoftware Security Research Advisory NISR03092002 - The sp_MSSetServerProperties stored procedure in Microsoft SQL Server 2000 contains a low risk issue which allows remote users to decide whether or not SQL server starts up automatically. This does not allow an attacker to com promise the server or data but may be used in conjunction with another attack.
2d8b8761c587c92d162bdf1ffcb36e42ec190e63cc9a5e3406c3b2a332cc6519NGSSoftware Security Research Advisory NISR03092002B - The Microsoft Windows .NET Server Release Candidate contains a buffer overflow in name resolution which allows an attacker without a userID or password to take control of the server with a single packet to UDP port 1434 on the machine running MSDE. Fix available here.
9db34630d664597a8cf29192735e45564c2d9e401bac5a6b0d4ed6fab67a82c6NGSSoftware Security Research Advisory NISR25072002 - Microsoft's database server SQL Server 2000 exhibits two buffer overrun vulnerabilities that can be exploited by a remote attacker without ever having to authenticate to the server. What further exacerbates these issues is that the attack is channeled over UDP port 1434. Whether the SQL Server process runs in the security context of a domain user or the local SYSTEM account, successful exploitation of these security holes will mean a total compromise of the target server and its data.
7374876a71fb3fcb12a28e6f8cfb96087512b03f0bc58422af03eaa003fa9944Multiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. Example URL's included. IIS 4.0 or later with ASP enabled and FactoSystem CMS is vulnerable.
ee36de64eb584a076aeb54df0ade130381a6b183754d96a8f8b501bcb9428882The ADP Forum v2.0.2 contains vulnerabilities which allow remote users to delete accounts, read encrypted passwords, and take admin access.
fac6bda213743acedaec62da8da9907f6ad07a7c30fcf40dde14e6e60ccc7ad6iDEFENSE Security Advisory 08.28.2002 - A local buffer overflow vulnerability exists in linuxconf v1.28r3 and below which allows users to spawn a root shell on Linux 7.3. Fix available here.
f9ba1eb1fdc12f40a3c9d1f1c58751fb4592b6d5203e97240852745915ace9d3The CGI Debugger v1.0 (/cgi-bin/debug.pl) displays information that may be useful to an attacker including the document root and server version info when passed a bogus argument.
fb7ac98f8314c3a58ff56f24e2e1c29c135d75c2f619f967ff2229d80ec3171fNSSI advisory NSSI-2002-keriopfw - The Kerio Personal Firewall 2.x.x firewall can be made to crash if flooded with SYN packets. Tested under Win2k Advance Server with SP3 and WinNT 4.0 with SP6a.
aa968e38233d82058a014061b76600a85e6043ca2aefb3216aa52b804db85ea7A denial of service vulnerability found in the Belkin F5D6130 802.11b AP allows remote users to disable this device.
eed3847e3ffbf5fa0484d6205df47b02f5bc57956d89bbf33bd5d456c5266aa9Digit-Labs Security Advisory - Microsoft Visual Studio .NET on all VS.NET platforms creates a file called *.vbproj in the Web root directory which reveals the web site file structure.
5e23baba88cdc73cc30dbc3a80d757303ef3061270ab40c1edfd68b399e7b62eNGSSoftware Security Advisory NISR22002002A - Microsoft SQL Server 2000 SP 2 allows unprivileged users to insert and run arbitrary commands because a public stored procedure fails to validate user input before passing it to xp_cmdshell. Fix available here.
ec956303773437c9c86299281915cc489c31d1aba9eef2f1ee381b8c865bfd6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed