Alp-al00b, Bla-al00b Security Vulnerabilities
7.4AI Score
EPSS
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting...
AI Score
An unknown service was found running on this port. Trojan Horses and other malware may sometimes open these ports to allow remote access to the machine. Ensure that this port is intended to be open and controlled by legitimate software installed by the...
7.1AI Score
Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
Title: Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow Author: Marco van Berkum Classification: High risk Date: 25/07/2002 Email: [email protected] Company: OBIT Company site: http://www.obit.nl Personal website: ...
-0.6AI Score
Again NULL and addslashes() (now in 123tkshop)
Hi! Ok, another announce about a php application containing unslashed SQL-Queries and bad include/require statements. Several problems in 123tkshop What is 123tkshop? 123tkshop is a ecommerce software written in php. It's providing a full featured online shop. More information are available at:...
-0.7AI Score
Several problems in CARE 2002 What is CARE 2002? CARE 2002 is a free software package for hospitals. It's based on php + mysql. For further information visit <http://www.care2x.com/>. include + NULL problem Problem description There are several include statements which use variables passed by...
-0.6AI Score
[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability
itcp advisory 5 [email protected] http://www.it-checkpoint.net/advisory/5.html March 21th, 2002 phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability Affected program: phpBB 1.4.4 Vendor: www.phpBB.org Vulnerability-Class: Cross Site Scripting (CSS) OS specific: No...
AI Score
Maelstrom 1.4.3 abartity file overwrite
Program: Maelstrom Version: 1.4.3 Distribution: RedHat 7.1 When trying to break stuff, ltracing Maelstrom showed the following: fopen("/tmp/f", "w") = 0x08081f58 fprintf(0x08081f58, "Main program = %s\n", "Maelstrom") = 25...
3.5AI Score
[ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability
-00 ASGUARD LABS ADVISORY 00- :Summary: Release Date : 2001-10-04 Affected : TYPSoft FTP Server v0.95 Not Affected : - Attack Type : Denial Of Service Credits to : Jan Wagner :Description: The TYPSoft FTP Server v0.95 contains a simple D.O.S....
0.8AI Score
[CLA-2001:427] Conectiva Linux Security Announcement - mod_auth_pgsql
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : mod_auth_pgsql SUMMARY : Remote vulnerability allows an attacker to bypass authentication DATE : 2001-09-28 11:26:00 ID : CLA-2001:427 RELEVANT RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0,...
AI Score
[ASGUARD-LABS] glFTPD v1.23 DOS Attack
-00 ASGUARD LABS ADVISORY 00- :Summary: Release Date : 2001-08-17 Affected : glFTPD for Linux v1.23 / glFTPD BSD v1.23 bins Not Affected : glFTPD for Linux v1.24 / glFTPD BSD v1.24 bins Attack Type : Denial Of Service Credits to ...
0.7AI Score
AI Score
7.4AI Score
EPSS
-0.3AI Score
Netscape 4.76 gif comment flaw
Product: Netscape Navigator/Communicator Tested on: 4.76 (on Linux and Win98/NT) Vendor Contact: Reported 2001-03-22 { Problem }-------------------------------------------------------- Overview: The Netscape browser does not escape the gif file comment in the image information page. This...
-0.3AI Score
Here is a possible bug in rcp; since I think it calls system(). I haven't had much time to play with this, because exama are coming up. It is negated because system() calls /bin/cp which with the newer versions of bash, it drops it's effective credientals... $ ls -alF which rcp -rwsr-xr-x 1 ...
1.5AI Score
On Wed, Nov 22, 2000 at 09:11:20AM +1100, Andrew Griffiths wrote: > Here is a possible bug in rcp; since I think it calls system(). I > haven't had much time to play with this, because exama are coming up. > > It is negated because system() calls /bin/cp which with the newer > versio...
1.4AI Score
WuFTPD: Providing *remote* root since at least1994
/ - wuftpd2600.c * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999 * * WUFTPD 2.6.0 REMOTE ROOT EXPLOIT * by tf8 * * NOTE: For ethical reasons, only an exploit for 2.6.0 will be * released (2.6.0 is the most popular version nowadays), and it * should suffice to proof this...
0.1AI Score
Problem Splitvt 1.6.3 contains a buffer overflow, if you have installed splitvt suid root (like Debian/Redhat/etc, btw not slackware) you should upgrade to 1.6.4. Solution Debian users: see http://www.debian.org/security/2000/20000605a Redhat: Redhat did respond with a "that package comes from our....
-0.5AI Score
Sam Lantinga splitvt 1.6.3 - Local Buffer Overflow
Sam Lantinga splitvt 1.6.3 - Local Buffer...
AI Score
7.4AI Score
EPSS
I searched the archives and did not find this one. Program : fdmount Version : 0.8 OS : linux Slackware 7.0 (maybe others) This program is normally only executable by members of group 'floppy' and installed suid-root by default. Bug Details: void msg(char *text,...) { char buff[80]; ...
1.8AI Score
Re: Denial of Service in Xitami webserver all versions...
Xitami also has an overflow in one of the default example CGI programs that it comes with. http://server.com/cgi-bin/TESTCGI.EXE bla bla bla overflow argv fun. Signed, Marc eEye Digital Security http://www.eEye.com "Its a bullshit, three ring, circus sideshow. The only way to fix it is to flush it....
0.8AI Score
7.4AI Score
EPSS
WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (1)
WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite...
0.3AI Score
-0.1AI Score
-0.4AI Score
-0.3AI Score
7.4AI Score
EPSS
1AI Score