OSCA-550, OSCA-550A Security Vulnerabilities

Multitech RouteFinder 550 - Remote Memory Corruption

...

Multitech RouteFinder 550 - Remote Memory Corruption

Multitech RouteFinder 550 - Remote Memory...

Vulnerability for Platinum FTP version 1.0.11

Vulnerability in PlatinumFTPserver V1.0.11 Vendor: PlatinumFTPserver (C)2002 BYTE/400 LTD Discovered by: SER Pui Kin, Hong Kong [email protected] Date: 24 Feb 2003 Summary A vulnerability in Platinum FTP server is that it cannot stop users to traverse the...

[SECURITY] [DSA 252-1] New slocate packages fix local root exploit

Debian Security Advisory DSA 252-1 [email protected] http://www.debian.org/security/ Martin Schulze February 21st, 2003 http://www.debian.org/security/faq Package : slocate Vulnerability : buffer overflow Problem-Type ...

[SECURITY] [DSA 252-1] New slocate packages fix local root exploit

Debian Security Advisory DSA 252-1 [email protected] http://www.debian.org/security/ Martin Schulze February 21st, 2003 http://www.debian.org/security/faq Package : slocate Vulnerability : buffer overflow Problem-Type ...

[immune advisory] Mulitple vulnerabilities found in BisonFTP

[immune advisory] Mulitple vulnerabilities found in BisonFTP BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems. -[ DESCRIPTION ]---------------------------------------------------------------- I) BisonFTP is vulnerable to a DoS attack by sending ftp commands with big data. By...

PlatinumFTP.txt

...

PivX Multi-Vendor Game Server dDoS Advisory

Mike Kristovich, PivX Security Advisory MK#001 Date: November 26, 2002 Released: January 16, 2002 Application: Battlefield 1942 (Server and Dedicated Server) America's Army Unreal Tournament 2003 and more.. see section 2. Version: All up to...

BRS WebWeaver FTP Server vulnerabilities

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: BRS WebWeaver FTP Server vulnerabilities product: BRS WebWeaver 1.01 (FTP Server) vendor: http://www.bsoutham.org/WebWeaver/ risk: high date: 01/10/2k3 discovered by: euronymous /F0KP /R00tC0de advisory urls:...

[VulnWatch] Multible Vulns in PlatinumFTP server

Multiple vulnerabilities found in PlatinumFTPserver V1.0.6 PlatinumFTPserver (C)2002 BYTE/400 LTD Discovered by Matrix http://www.infowarfare.dk SUMMARY PlatinumFTPserver simplifies management of all your Ftp...

Multiple vulnerabilities found in PlatinumFTPserver V1.0.6

Multiple vulnerabilities found in PlatinumFTPserver V1.0.6 PlatinumFTPserver (C)2002 BYTE/400 LTD Discovered by Dennis Rand - COWI A/S SUMMARY PlatinumFTPserver simplifies management of all your Ftp clients with regards to sending and...

Samba contains a remotely exploitable stack buffer overflow

Overview A remotely exploitable stack buffer overflow exists in the Samba server daemon (smbd). Description Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows: The Samba software suite is a collection of programs...

[SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows

Debian Security Advisory DSA 166-1 [email protected] http://www.debian.org/security/ Martin Schulze September 13th, 2002 http://www.debian.org/security/faq Package : purity Vulnerability : buffer overflows Problem-Type ...

[SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows

Debian Security Advisory DSA 166-1 [email protected] http://www.debian.org/security/ Martin Schulze September 13th, 2002 http://www.debian.org/security/faq Package : purity Vulnerability : buffer overflows Problem-Type ...

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn....

Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsu lated SMTP Address Vulnerability

Portcullis Security Advisory IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability Update to Microsoft Security Bulletin (MS99-027): NT Exchange Server Encapsulated SMTP Address Vulnerability. Vulnerability discovery and development: Thomas Liam Romanis (Security Testing Services...

Microsoft IIS 4.05.0 - SMTP Service Encapsulated SMTP Address (MS99-027)

Microsoft IIS 4.05.0 - SMTP Service Encapsulated SMTP Address...

Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)

...

SNMP Request Cisco Router Information Disclosure

It is possible to determine the model of the remote CISCO system by sending SNMP requests with the OID 1.3.6.1.4.1.9.1. An attacker may use this information to gain more knowledge about the remote...

Security Advisory: Transparent Cache Engine and Content Engine TCP Relay Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Transparent Cache Engine and Content Engine TCP Relay Vulnerability Revision 1.0: FINAL For Public Release 2002 May 15 18:00 GMT Please provide your feedback on this document. Contents Summary Affected Products Details Impact Software...

TCP connection establishing via Cisco Transparent Cache Engine

It's possible to establish TCP connection via transparent proxy in default...

wu-ftpd <= 2.6.1 Remote Root Exploit

Exploit for linux platform in category remote...

WU-FTPD 2.6.1 - Remote Command Execution

...

WU-FTPD 2.6.1 - Remote Command Execution

WU-FTPD 2.6.1 - Remote Command...

wu-ftpd &lt;= 2.6.1 Remote Root Exploit

No description provided by...

IIS SMTP component allows mail relaying via Null Session

BindView Security Advisory IIS SMTP component allows mail relaying via Null Session Issue Date: March 1, 2002 Contact: [email protected] Topic: The SMTP component that comes with IIS can be used by anyone for relaying email. Overview: IIS comes with a small SMTP component. The default...

Multiple vulnerabilities in SNMPv1 request handling

Overview Multiple vendor SNMPv1 GetRequest, GetNextRequest__, and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages...

Multiple vulnerabilities in SNMPv1 trap handling

Overview Multiple vendor SNMPv1 _Trap _handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below....

Multiple FTPD glob Command Arbitrary Command Execution

The FTPD glob vulnerability manifests itself in handling the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs - an implementation of the glob command that does not properly return an error condition when interpreting the...

Rational ClearCase 3.24.x - DB Loader TERM Environment Variable Buffer Overflow

Rational ClearCase 3.24.x - DB Loader TERM Environment Variable Buffer...

ClearCase db_loader TERM environment variable buffer overflow vulnerability

ClearCase db_loader TERM environment variable buffer overflow vulnerability Release infomation Found Date: 2001-10-02 Release Date: 2001-11-01 Author: [email protected] Homepage: http://xfocus.org Description Rational ClearCase is the market-leading software configuration management...

Rational ClearCase 3.2/4.x - DB Loader TERM Environment Variable Buffer Overflow

...

SNMP Query System Information Disclosure

It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target...

EFTP Version 2.0.7.337 vulnerabilities

EFTP Version 2.0.7.337 vulnerabilities According to their site @ www.eftp.org "EFTP is a 32bit combined Client/Server application, basically 2 programs in one. EFTP incorporates the 448bit Blowfish Encryption Algorithm and the FTP protocol (RFC 959 implementation) to provide secure file transfers.....

lil&#39; exim format bug

Hi BugTrackers Just a little bug to tell: THE BUG accept.c, line 2506: else if (smtp_reply != NULL) moan_smtp_batch(NULL, smtp_reply); while moan_smtp_batch is like this: moan_smtp_batch(char cmd_buffer, char format, ...) So when smtp_reply contains format strings, it get...

Exim 3.x - Format String

Exim 3.x - Format...

Exim 3.x - Format String

...

alt3kx-advisories-2001.txt

...

GuildFTPD v0.97 Directory Traversal / Weak password encryption

GuildFTPD v0.97 Directory Traversal / Weak password encryption AFFECTED SYSTEMS GuildFTPD v0.97 tested on Windows 9x, probably works on NT / 2k as well DESCRIPTION 1) Directory Traversal Consider the following FTP session (I'm using windows' FTP.EXE proggie, and its associated commands) : The...

Hexyn / Securax Advisory #15 - G6 FTP Full Installation Path

Hexyn / Securax Advisory #15 - G6 FTP Full Installation Path Topic: G6 FTP Full Installation Path Announced: 2001-02-17 Affects: G6 FTP Server up to version 2.0 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW...

CVE-1999-0760

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional...

CVE-1999-0760

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional...

Hexyn-sa-15.txt

...

Solaris FTP Daemon CWD Command Account Enumeration

It is possible to determine the existence of a user on the remote system by issuing the command CWD ~, even before logging in. An attacker can exploit this flaw to determine the existence of known vulnerable...

FreeBSD 4.2-stable - FTPd glob() Remote Buffer Overflow

FreeBSD 4.2-stable - FTPd glob() Remote Buffer...

FreeBSD 4.2-stable - FTPd &#039;glob()&#039; Remote Buffer Overflow

...

Solaris 2.67.0 - IN.FTPD CWD Username Enumeration

Solaris 2.67.0 - IN.FTPD CWD Username...

Solaris 2.6/7.0 - IN.FTPD CWD &#039;Username&#039; Enumeration

...

Multiple vendors FTP denial of service

Proftpd built-in 'ls' command has a globbing bug that allows remote denial-of-service. Here's a simple exploit, tested on the Proftpd site : $ ftp ftp.proftpd.org ... Name (ftp.proftpd.org:j): ftp ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode...

CVE-1999-0760

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional...