NGSSoftware Insight Security Research Advisory #NISR18072003 - The WiTango application server is vulnerable to a remote system buffer overrun. By passing a long cookie to Witango_UserReference, a remote attacker can overwrite the saved return address on the stack. As Witango is installed as LocalSystem, any arbitrary code execution will run as SYSTEM.
059de172eff375a42985f940d179b214a19f158095cef3e1970170c2b0b3407e
NGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.
6792c533a2cd9f5fcacddb71b75e2176618d3457d31728ba0246ae3dfa98eb02
Mailmax Version 5 has a buffer overflow condition in its IMAP4 server that can cause the service to stop responding and allows a remote attacker to overwrite the exception handler on the stack. Doing this could allow arbitrary code execution as the SYSTEM user.
77a4c3f55a95ea74b2243674c8580202f49806febff62a751e26591ada15dac5
NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.
54067ee210fce9b8f593df9b701aad1f9b7f8d14e93cc22925ce3b332df7bdb6
NGSSoftware Insight Security Research Advisory #NISR07052003A - SLMail 5.1.0.4420 suffers from multiple remotely exploitable buffer overflows in its SMTP engine, poppasswd and pop3 server.
f1596ac171952997d68b570e48c7d33e603793b70bb773d5a05f225bd2eec995
NGSSoftware Insight Security Research Advisory NISR24042003 - There is an exploitable heap overflow vulnerability in Microsoft's ActiveX control, Plugin.ocx. By default, plugin.ocx is marked safe for scripting, and as such, if an IE user were to visit a malicious web page, the overflow could be triggered allowing for a remote compromise of the user's machine. Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1.
09846f5747f8a68ae2082855b7b8bddf3aa795b6b67998718a647a62cd330cdc
RealNetworks Helix Universal Server v9.0 and below for Windows, FreeBSD, HP-UX, AIX, Linux, Sun Solaris 2.7 & 2.8 contains buffer overflows which can cause code to be executed as SYSTEM over tcp port 554.
b39acaf9964d4389121ef064fdeeef266502772719c45556094be1fe82988b89
NGSSoftware Insight Security Research Advisory #NISR22112002 - Multiple Buffer Overruns in RealOne / RealPlayer / RealOne Enterprise. Three remotely exploitable overruns exist: two being heap based overflows and the other being a stack based overflow. On exploitation of these overruns any supplied code would execute in the security context of the logged on user.
4c45143df7581f419149bb29354b7898f743178a4437690f3558d6fdc69fb9cb
OLE controls or OCX controls, are components (or objects) you can insert into a Web page or other application to reuse packaged functionality someone else programmed. An unchecked buffer exists in the ActiveX control used to display specially formatted text. This could be executed by encouraging an unsuspecting user to visit a malicious web page.
7c6b577c63be58c08729f85ca1894a7f7b06ba1e0c5bfe3bcc43ca20f299264a
NGSSoftware Security Advisory NISR19082002B - The Tomahawk SteelArrow web application server v4.1 and below for Windows NT and 2k contains three buffer overflows which allow the remote execution of code. Fix available here.
4a8bff199da6f100e224f72780c912d5fb4b0f765ed077517469b6ea5326ca8a
NGSSoftware Security Advisory - Microsoft's SQL Server 2000's BULK INSERT query contains a buffer overflow which allows remote code execution as LOCAL SYSTEM. To be able to use the 'BULK INSERT' query one must have the privileges of the database owner or dbo. Microsoft Security bulletin available here..
beed091eb087b240ade24c710d5e6642ca80b3f180a2cb4baf37c543862b35d4
NGSSoftware Security Advisory - Microsoft's Commerce Server 2000 and 2002 contains several remotely exploitable buffer overruns in the Profile Service and a CGI executable that allows the execution of arbitrary commands.
5f49c7b4916d833e0dce23ac8eb20f45b61dfa9a25d2ab7df12e6438d85ed78c
Apache Advisory - A vulnerability found in the chucked encoding implementation of the Apache 1.3.24 and 2.0.36 and below servers can under some conditions be used to remotely execute code on systems running this software.
3576dbeaf81b78b50b61214cbe4d286dbbfd04b6af6a433d492bc3bd471c2dfc
Cerberus Information Security Advisory (CISADV000505) - The Cerberus Security Team has found a remotely exploitable buffer overrun in Netwin's (http://netwinsite.com) DNewsWeb (dnewsweb/dnewsweb.exe v5.3e1), CGI program designed to give access to NNTP services over the world wide web. By supplying a specially formed QUERY_STRING to the program a buffer is overflowed allowing execution of arbitrary code compromising the web server.
6f72b6f4d384bdcf7670e19301cef27ef2e199ac7ae94fecc8d11621cfa61f7b