Lynx prior to v2.8.4rel.1 contains a vulnerability which allows a web site owner to cause lynx to download files from the wrong site on a webserver with multiple virtual hosts because lynx fails to remove or encode dangerous characters such as space, tab, CR and LF before constructing HTTP queries.
76cadd36c69520fb9295e1e9db5a96658f1721be3a8c838c891d9f76c4a927aeNGSSoftware Security Advisory NISR19002002A - Microsoft SQL Server 2000 and 7 come with a "helper" service which allows a low privileged user to create and overwrite arbitrary files on the SQL server. Includes proof of concept SQL code.
d00fd77d758ad8f157ea1a193c0b5f00842cddd2ba606d82b82ca8b386411279NGSSoftware Security Advisory NISR19082002B - The Tomahawk SteelArrow web application server v4.1 and below for Windows NT and 2k contains three buffer overflows which allow the remote execution of code. Fix available here.
4a8bff199da6f100e224f72780c912d5fb4b0f765ed077517469b6ea5326ca8aNSSI Research Labs Security Advisory - Kerio Mail Server v5.x for Windows contains multiple denial of service and cross site scripting vulnerabilities in all mail services and the web mail module of the mail server.
eaeda46462c4a849df147445ef57db0d106619c359883b31544c418d2d5dada8NSSI Research Labs Security Advisory NSSI-2002-tpfw - The Tiny Personal Firewall 3.0 for Windows contains contains denial of service vulnerabilities in the activity logger tab of the Personal Firewall Agent module which allow remote attackers to crash the OS, consuming 100% of the CPU.
4369b0114c0361e90582dcab9a61d7e641248ac2189b78b4b81faabc72a906cdEthereal Security Advisory enpa-sa-00006 - The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions contains a buffer overflow which can be exploited remotely to crash Ethereal or execute arbitrary code as root. To fix, upgrade to Ethereal v0.9.6 or disable the ISIS protocol dissector.
98f78a2eada9861a0e7be750264047f67fae5b481afc765afcb47870519120acFUDforum is templatable forum with i18n support based on PHP and either MySQL or PostgreSQL. It has got two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program has also got some SQL Injection problems.
e64f483bbd2b238d0b033fe09136f94a50002a78eace341308a2309094a7302cNGSSoftware Security Advisory - Microsoft SQL Server 2000 and 7's helper service allows an attacker to submit jobs to the SQL Agent to be executed with elevated privileges. Proof of concept sql code included. This vulnerability is discussed in ms02-042.
9bf0a97cb7b8ed59e9098bf029a62f468d0bfbd94895eae5891363aff1545a15Oracle provide a tool called the Listener Control utility (lsnrctl) to allow an Oracle DBA to remotely control the Listener. The Listener is responsible for dealing with client requests for database services. This control utility contains an indirect remotely exploitable format string vulnerability. By default the Oracle Listener is not protected against unauthenticated access and control. The configuration files of Listeners in such a state can be modified without the user needing to supply a password. By modifying certain entries in the listener.ora file, by inserting a format string exploit, an attacker can gain control of a Listener control utility.
670c33c99fb1077f6adc54c6ef7f9e82ca3f1c4fcc69fdf1ecde9e16b02514faApache Security Bulletin 20020809 - Cygwin versions of Apache 2.0 contain a serious remote vulnerability which allows remote users to gain information and cause denial of service. Unix is unaffected.
198319872ce997d62aa5d8f16e26971bda60574ce55a1715a76d2068499317ffiDEFENSE Security Advisory 08.08.2002 - Linux-iSCSI, an implementation of the iSCSI protocol, uses a config file that is world writable by default.
eadb00d67bce05eb26517a6aaeb26e36052d4a3bad13947038d571f9b0e8edb9Georgi Guninski Security Advisory #56, 2002 - It is possible to inject user supplied input to file descriptors 0 through 2, which in some cases (for example if the user is permitted to do su) leads to local root compromise. Includes C code which checks if your system is vulnerable.
5f384a32d95069e2a59cd9ac291811139c17cd24f6fb6bf2e1c41c048807c9f3Sendform.cgi v1.4.4 and below has a directory traversal vulnerability which allows remote attackers to read any file with the privileges of the web server. Fix available here. Bugtraq ID 5286.
694cdf39c7befd0a99c544d8c6c02d17f57020d35701886d6ec90789a6b1f585Novell GroupWise Internet Agent 6.0.1 sp1 contains a buffer overflow in the smtp service which can be exploited over port 25. Tested on Novell NetWare 5.1 sp3. Fix available here.
a176e4e5a0799c3a71f7a3f6764dbd5dc8b33db8e6a3951197adf2671d937e12The Pablo Software Solutions FTP server version 1.0 build 9 for Windows 98/NT/XP shows files and directories that reside outside the normal FTP root directory. Fix available here.
6df65debffed14ad12b5f0d01521b4a49980ff30538c271b7f1ec8895d429fa5All versions of SSH and OpenSSH which use computability mode 1.99 are vulnerable to a mitm attack without the duplicate key warning because the attacker can force protocol version 1, so the only warning the user gets asks him if he wants to add the new key. Still suspicious, but less so.
98d4d1bb0a58e04cbf0d8839a3f693e46ecfcac7a397eef7bae93eb8985ab548PHP Security Advisory - A vulnerability has been found in the parsing mechanism of headers that are received with POST requests. This vulnerability, which affects PHP 4.2.0 and 4.2.1, can be used in denial of service (IA-32) and remote code execution attacks and has been fixed on PHP 4.2.2.
069feb6775ff333892843900329a35f88dd3947893a63c02a9e57a870ba5b00aA buffer overflow found in VanDyke SecureCRT v3.4 & 4.0 beta allows malicious server owners to execute code on systems running this software.
cb3b1d24a9ff87e3e05d59f562932d35f8b8b325d39643420d95ce5899443046Angrypacket Security Advisory - The CGI rwcgi60 which comes with the Oracle Reports Server gives away the contents of several environment variables to attackers, disclosing version information and full paths.
0dfc187b0a6a2ff236da8d5333f2a0cdb6828869ef33bf29a0127ee64b318393A remove buffer overflow in IBM Tivoli ManagedNode v3.6.x through 3.7.1 allows attackers to crash the spider process or execute arbitrary code on TMR ManagedNotes. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Solaris 8 (Sparc).
8cfc7d24ca4e2b6ff9a79befe4e32557c6ab3305892f9376b8d975a511dce55cA remote buffer overflow in IBM Tivoli Management Framework v3.6.x through 3.7.1 running on tcp port 9495 allows attackers to deny service or execute arbitrary code. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Windows 2000 and NT4 SP6a.
e92e32242706e69a03bcae5286f23fa186f7abf143db928b16d7dc2496525c24Outpost24 Advisory - The Oddsock Playlist Generator v2.1 contains multiple buffer overflow vulnerabilities which result in a denial of service against the winamp/shoutcast service.
90c57c359b6bdbc11c79f220a2fbf14980057252f61933fa10f8406116cc4f9fA vulnerability found in the ICQ Sound Scheme can be used to remotely drop files on systems running ICQ by using an Internet Explorer mapping via .icm files.
a57d7bce4fffa574d030c75c76377bbf9a65d4383b975bd3504617e115664363Double Choco Latte, a project management package, contains remote vulnerabilities which allow any file on the webserver to be read and cross site scripting bugs.
acb217fc6a980bd564416b4953fee5ba579712a79602d438e7328d8eb8697b65Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
dbd58862ea6f2115690fadce0f1a6542f4250e2cdde34847da748b3f1cacca98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed