Securax Security Advisory #10 - The Watchguard SOHO Firewall is a small personal hardware firewall used for xDSL, ISDN and Cable connections. Local and Remote users can crash the Watchguard SOHO Firewall using multiple get requests to the webserver. Perl exploit included. This attack will not show up in the logfile except for a reboot notice.
8cbd330a7967aec426b0384fc3164e9e13b747e02aa4999c841e1b6a29574a7a
Securax Security Advisory #21 - Globalscape's CuteFTP, a popular FTP client, uses a weak encryption scheme, allowing plaintext login and password recovery from the address book. Includes cuteftpd.c which calculates the plaintext.
2499dd93058956bab1a6f07a873e2dc6e7a2668ba0e1e125af0103445bbc88e9
Securax Security Advisory #20 - The 1st Up Mail Server version 4.1.6a and below contains a remote denial of service vulnerability. Fix available here.
c9d3d44add8e60cf5afe922404991f19df0341b12c9296a9ea83fa9b2c70ae33
Securax Security Advisory #14 - Symantec pcAnywhere 9.0 contains a remote denial of service vulnerability. Includes perl exploit.
f3aabfbdc4849e9d23de5fa5090f05eb0635dac8a1a39400e0f58a1b0dcc758a
Securax Security Advisory #13 - When someone telnets to a unix system, the tty that will be assigned to him will be writable for any user on the system. However, when he is logged in, his tty will not be writable for all users. So if someone would write data to a tty that is currently used by someone who's logging in, that person won't be able to log in. Includes ttywrite.c proof of concept code.
e75a840488618e3a62e3bda5514108f15199ee99169afe9ae87c7041a15d8156
Securax Security Advisory #11 - XFree86 Version 3.3.6 is vulnerable to a remote denial of service attack over tcp port 6000. The server can freeze if sent many characters, requiring a reboot to restore normal operation. Includes Linnuke.c proof of concept code.
d85f44f0f08c172627069fd7c4b1a4471100fdaa8e7642820989936cc36dee3f
Securax Security Advisory #12 - Apache 1.3.14 access_log and error_log can be altered somewhat by remote users if the site administrator reads the logs with cat or tail. Includes proof of concept code kosheen.c which attempts to display false values in a remote site's access_log and error_log.
e90beb99adb94acadafbb8f08e10bfc7cc59ecc22dd244a99d29f6720dd48e59
Securax Security Advisory Securax-SA-09 - The Serv-U FTP server for Windows v 2.4a, 2.5h, and 3.0b (all versions tested) have vulnerabilities stemming from improper handling of hex encoded characters in ftp commands. The server will reveal the full path to the ftproot, allow read/write/execute/list access to any other file on the partition, and allow listing of all hidden files. Fix available here.
e6a9f7a08b79162569e6194cad0956887de19d672150ee61fc642ddb1f1d8c63
Securax Security Advisory #8 - IIS 4.0 contains a denial of service vulnerability which is similar to the unicode vulnerability. This can be fixed by installing the recent unicode patches.
f877b8c806d53dfad30246acf6a74461dbb28f13b37fda783263068d9efcb449
Securax Security Advisory #2 - When the Microsoft Windows explorer tries to access parsing a filename that contains over 129 chars in the extension, a buffer will overflow, causing explorer to crash. EIP is overwritten, remote code execution is possible.
ca0475e472c074311283c6e68eb2f2b3788eee8f4ebe7e4d9c81e5bfada79c23
Securax Advisory - Many windows applications can be made to blue screen upon parsing special crafted path-strings refering to device drivers.
31710d57c071c1262e5bc7a98de1eeb7ff05d3119b5a5cefacd9f85fefd166f8