Microsoft Internet Explorer suffers from a potential user interaction race in its handling of security dialogs. As a result, it may be possible for a malicious web site to install software on a visiting system or take other actions that may compromise the privacy or the security of the visitor.
2e80f78b30be81e611a091caa94ab96e849742fa4ccfafa6ca94c1f6bd9cb89fPOC for the Internet Explorer Modal Dialog Issue: A malicious user could create content that would request the user to click an object or press a sequence of keys. By delivering a security prompt during this process, the site could subvert the prompting and obtain permission for actions that were not necessarily authorized.
37b851304649abe9415c7b7d8d0de6665b6c40ea7e57d02ef76eb6162b600e0aMicrosoft Windows Media Player 10 Plug-In EMBED overflow universal exploit that makes use of the flaw discussed in MS06-006.
2773662b377c0c196a0104ce112087de801337f51b5949420cc9fc8330f312a6Exploit for the Windows Media Player vulnerabilities discussed in MS06-006. Written in Perl.
bb7d11bbd0b5d375eb88156ba7c14a48802c78cd9b354a8fddc33c3472cc07b2An error in Microsoft Windows NTFS driver code causes the file system to incorrectly assign disk blocks to files before they have been initialized. Following a recovery from a system shutdown, uninitialized data may be visible in files from previously allocated disk blocks.
19a6813bec80b15a790ba4bf91503c452214f0dd11e222e2104658130b26d1f5Monit versions 4.2 and below have two basic authentication flaws that allow for a remote denial of service and a buffer overflow that can lead to arbitrary code execution. An off-by-one vulnerability also exists with POST requests.
810840b17572800a7f7b3a1a0f1869203058b4950c0967687cd2f0ee5da4baf4BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by 127.0.0.1 and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.
f852c3fef86aa05736d86e2685e0f3081337c1845300cb0286f034f7f66f44f0eServ's connection handling routine contains a memory leak that may be exploited to cause the eServ daemon to become unavailable. After several thousand successful connections, memory use on the system becomes exceedingly high, resulting in a denial of service.
d2f4390109435ee36d5dc375522685bfd5454f284c2857c2ce225b3a35457eadAN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
a74b48909192b5c91b042611f88dcec0fb0d56626236be2a2851014e83d805c1mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.
802cd05c619e98126a7d5192a17c55f423eeb343fb55248fd94b28417e566c3dThe Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.
0301f75e2783269edb2b7a6fa9c640c16ea311a21771c827602cb320b112c4d0BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from 127.0.0.1 (the loopback). By appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.
7c9fcc98b57a0be0b7411ecaa6864241a66336a2bf516c6147bd84a47cdcbafbA race condition exists in Windows XP Service Control Manager Service Shutdown Mechanism when a service shutdown is not correctly completed in a desired time period. Normal users can access open files which may end up with randomly cached data that could contain restricted data. Microsoft has not announce any plans to backport a patch but has announced that this issue will be addressed in Windows Server 2003.
41a02ad828c3ebc0dc61cce406afdab9e7375f885ee18abb77135abf5f1365c2Apache 2.x memory leak proof of concept exploit.
d4fbe74bb18c6e0f994d19cdb1e82f8a0689fa3ca218b404294e09b094809d44acFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows that generates error pages when unable to reach a destination host. The results of the error page do not have any input validation leaving it vulnerable to cross-site scripting attacks.
b73cb37d7003a95b03e17334931602a4021c36c50e68d3f36d09ad572bddca2dZeroo HTTPd server remote command execution exploit. Based on advisory by InetCop.
5fe342e390df430cbaf5f6ff02493e0c6a4b87aee4b723dd0bd56fe633aef058A vulnerability in the LiteServe combination server for Win32 exists in that the handling of filenames on Win32 platforms may reveal the code of a desired CGI script to an attacker. Windows handles file names with the period character (0x2E) on the end as if the character had been removed. LiteServe fails to compensate for this behavior, and is vulnerable to a simple CGI disclosure attack.
2c3ca28c00d0930e2a9c6fbc4f72dc74895e351d73e4de6f97aa89bb5230a2adThe KeyFocus Web server, a Win32 HTTP server with web administration, contains a flaw that enables attackers to traverse above the webroot in the directory structure. Only files with recognized MIME types can be compromised as there are internal defenses by the server that disallow retrieval of other files.
dc22d736a755b10bd7c27a85bf36efee3c7f89158ea10d7ed13173909498eafaiDEFENSE Security Advisory 10.24.02 - The Solarwinds TFTP server v5.0.55 and below contains a directory traversal bug which allows remote users to download any file on the system.
a7a4ff629f7e930a627e2df7c2e09b6d40a316d099e31b0a622bdad02850eb20The Apache servers prior to 2.0.43 insecurely include the value of the 'Host:' header field, received from a connected client, into the SSI error pages. This can be abused for remote cross-site scripting. Apache 1.3.x servers are not affected.
d50f05528a29fbb5a05af733fd529fd69f45701adeb8c86c64d8718b418adecdMultiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. Example URL's included. IIS 4.0 or later with ASP enabled and FactoSystem CMS is vulnerable.
ee36de64eb584a076aeb54df0ade130381a6b183754d96a8f8b501bcb9428882
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed