Lynx prior to v2.8.4rel.1 contains a vulnerability which allows a web site owner to cause lynx to download files from the wrong site on a webserver with multiple virtual hosts because lynx fails to remove or encode dangerous characters such as space, tab, CR and LF before constructing HTTP queries.
76cadd36c69520fb9295e1e9db5a96658f1721be3a8c838c891d9f76c4a927ae
NGSSoftware Security Advisory NISR19002002A - Microsoft SQL Server 2000 and 7 come with a "helper" service which allows a low privileged user to create and overwrite arbitrary files on the SQL server. Includes proof of concept SQL code.
d00fd77d758ad8f157ea1a193c0b5f00842cddd2ba606d82b82ca8b386411279
NGSSoftware Security Advisory NISR19082002B - The Tomahawk SteelArrow web application server v4.1 and below for Windows NT and 2k contains three buffer overflows which allow the remote execution of code. Fix available here.
4a8bff199da6f100e224f72780c912d5fb4b0f765ed077517469b6ea5326ca8a
NSSI Research Labs Security Advisory - Kerio Mail Server v5.x for Windows contains multiple denial of service and cross site scripting vulnerabilities in all mail services and the web mail module of the mail server.
eaeda46462c4a849df147445ef57db0d106619c359883b31544c418d2d5dada8
NSSI Research Labs Security Advisory NSSI-2002-tpfw - The Tiny Personal Firewall 3.0 for Windows contains contains denial of service vulnerabilities in the activity logger tab of the Personal Firewall Agent module which allow remote attackers to crash the OS, consuming 100% of the CPU.
4369b0114c0361e90582dcab9a61d7e641248ac2189b78b4b81faabc72a906cd
Ethereal Security Advisory enpa-sa-00006 - The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions contains a buffer overflow which can be exploited remotely to crash Ethereal or execute arbitrary code as root. To fix, upgrade to Ethereal v0.9.6 or disable the ISIS protocol dissector.
98f78a2eada9861a0e7be750264047f67fae5b481afc765afcb47870519120ac
FUDforum is templatable forum with i18n support based on PHP and either MySQL or PostgreSQL. It has got two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program has also got some SQL Injection problems.
e64f483bbd2b238d0b033fe09136f94a50002a78eace341308a2309094a7302c
NGSSoftware Security Advisory - Microsoft SQL Server 2000 and 7's helper service allows an attacker to submit jobs to the SQL Agent to be executed with elevated privileges. Proof of concept sql code included. This vulnerability is discussed in ms02-042.
9bf0a97cb7b8ed59e9098bf029a62f468d0bfbd94895eae5891363aff1545a15
Oracle provide a tool called the Listener Control utility (lsnrctl) to allow an Oracle DBA to remotely control the Listener. The Listener is responsible for dealing with client requests for database services. This control utility contains an indirect remotely exploitable format string vulnerability. By default the Oracle Listener is not protected against unauthenticated access and control. The configuration files of Listeners in such a state can be modified without the user needing to supply a password. By modifying certain entries in the listener.ora file, by inserting a format string exploit, an attacker can gain control of a Listener control utility.
670c33c99fb1077f6adc54c6ef7f9e82ca3f1c4fcc69fdf1ecde9e16b02514fa
Apache Security Bulletin 20020809 - Cygwin versions of Apache 2.0 contain a serious remote vulnerability which allows remote users to gain information and cause denial of service. Unix is unaffected.
198319872ce997d62aa5d8f16e26971bda60574ce55a1715a76d2068499317ff
iDEFENSE Security Advisory 08.08.2002 - Linux-iSCSI, an implementation of the iSCSI protocol, uses a config file that is world writable by default.
eadb00d67bce05eb26517a6aaeb26e36052d4a3bad13947038d571f9b0e8edb9
Georgi Guninski Security Advisory #56, 2002 - It is possible to inject user supplied input to file descriptors 0 through 2, which in some cases (for example if the user is permitted to do su) leads to local root compromise. Includes C code which checks if your system is vulnerable.
5f384a32d95069e2a59cd9ac291811139c17cd24f6fb6bf2e1c41c048807c9f3
Sendform.cgi v1.4.4 and below has a directory traversal vulnerability which allows remote attackers to read any file with the privileges of the web server. Fix available here. Bugtraq ID 5286.
694cdf39c7befd0a99c544d8c6c02d17f57020d35701886d6ec90789a6b1f585
Novell GroupWise Internet Agent 6.0.1 sp1 contains a buffer overflow in the smtp service which can be exploited over port 25. Tested on Novell NetWare 5.1 sp3. Fix available here.
a176e4e5a0799c3a71f7a3f6764dbd5dc8b33db8e6a3951197adf2671d937e12
The Pablo Software Solutions FTP server version 1.0 build 9 for Windows 98/NT/XP shows files and directories that reside outside the normal FTP root directory. Fix available here.
6df65debffed14ad12b5f0d01521b4a49980ff30538c271b7f1ec8895d429fa5
All versions of SSH and OpenSSH which use computability mode 1.99 are vulnerable to a mitm attack without the duplicate key warning because the attacker can force protocol version 1, so the only warning the user gets asks him if he wants to add the new key. Still suspicious, but less so.
98d4d1bb0a58e04cbf0d8839a3f693e46ecfcac7a397eef7bae93eb8985ab548
PHP Security Advisory - A vulnerability has been found in the parsing mechanism of headers that are received with POST requests. This vulnerability, which affects PHP 4.2.0 and 4.2.1, can be used in denial of service (IA-32) and remote code execution attacks and has been fixed on PHP 4.2.2.
069feb6775ff333892843900329a35f88dd3947893a63c02a9e57a870ba5b00a
A buffer overflow found in VanDyke SecureCRT v3.4 & 4.0 beta allows malicious server owners to execute code on systems running this software.
cb3b1d24a9ff87e3e05d59f562932d35f8b8b325d39643420d95ce5899443046
Angrypacket Security Advisory - The CGI rwcgi60 which comes with the Oracle Reports Server gives away the contents of several environment variables to attackers, disclosing version information and full paths.
0dfc187b0a6a2ff236da8d5333f2a0cdb6828869ef33bf29a0127ee64b318393
A remove buffer overflow in IBM Tivoli ManagedNode v3.6.x through 3.7.1 allows attackers to crash the spider process or execute arbitrary code on TMR ManagedNotes. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Solaris 8 (Sparc).
8cfc7d24ca4e2b6ff9a79befe4e32557c6ab3305892f9376b8d975a511dce55c
A remote buffer overflow in IBM Tivoli Management Framework v3.6.x through 3.7.1 running on tcp port 9495 allows attackers to deny service or execute arbitrary code. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Windows 2000 and NT4 SP6a.
e92e32242706e69a03bcae5286f23fa186f7abf143db928b16d7dc2496525c24
Outpost24 Advisory - The Oddsock Playlist Generator v2.1 contains multiple buffer overflow vulnerabilities which result in a denial of service against the winamp/shoutcast service.
90c57c359b6bdbc11c79f220a2fbf14980057252f61933fa10f8406116cc4f9f
A vulnerability found in the ICQ Sound Scheme can be used to remotely drop files on systems running ICQ by using an Internet Explorer mapping via .icm files.
a57d7bce4fffa574d030c75c76377bbf9a65d4383b975bd3504617e115664363
Double Choco Latte, a project management package, contains remote vulnerabilities which allow any file on the webserver to be read and cross site scripting bugs.
acb217fc6a980bd564416b4953fee5ba579712a79602d438e7328d8eb8697b65
Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
dbd58862ea6f2115690fadce0f1a6542f4250e2cdde34847da748b3f1cacca98