128 matches found
Buffer overflow in Shell32.dll . Net monitor
Issue Buffer overflow in Shell32.dll . Net monitor Tested version W2000 Server Sp3 Shell32.dll versin 5.0.3502.5436 Vendor status Microsoft was informed months ago but as they seem to be even slower than me debugging I dediced to publish it . Descripcin Net monitor is a traffic analisis tool that...
Microsoft Windows SMTP Service fails to properly handle responses from the NTLM authentication layer
Overview A flaw in the authentication code of the SMTP service provided with Windows 2000 server and Exchange 5.5 may allow a user access to the SMTP service. This acess could be used to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server...
KPMG-2002035: IBM Websphere Large Header DoS
-------------------------------------------------------------------- Title: IBM Websphere Large Header DoS BUG-ID: 2002035 Released: 19th Sep 2002 -------------------------------------------------------------------- Problem: ======== A malicious user can issue a malformed HTTP request and cause t...
Microsoft Windows XP Remote Desktop denial of service vulnerability
Vulnerable Microsoft Windows XP Professional Microsoft Windows .NET Standard Server Beta 3 Non-vulnerable Microsoft Windows 2000 Server Background Windows XP Professional has a remote denial of service attack when Remote Desktop is enabled. Remote Desktop is XP Professional's single-user RDP serv...
KPMG-2002032: Macromedia Sitespring Cross Site Scripting
-------------------------------------------------------------------- Title: Macromedia Sitespring Cross Site Scripting BUG-ID: 2002032 Released: 17th Jul 2002 -------------------------------------------------------------------- Problem: ======== A malicious user could use a default error page as...
KPMG-2002034: Jigsaw Webserver DOS device DoS
-------------------------------------------------------------------- Title: Jigsaw Webserver DOS device DoS BUG-ID: 2002034 Released: 17th Jul 2002 -------------------------------------------------------------------- Problem: ======== A malicious user can tie up working threads on the web server...
KPMG-2002031: Jigsaw Webserver Path Disclosure
-------------------------------------------------------------------- Title: Jigsaw Webserver Path Disclosure BUG-ID: 2002031 Released: 17th Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible to disclose the physical path to the webroot...
KPMG-2002033: Resin DOS device path disclosure
-------------------------------------------------------------------- Title: Resin DOS device path disclosure BUG-ID: 2002033 Released: 17th Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible to disclose the physical path to the webroot...
KPMG-2002026: Jrun sourcecode Disclosure
-------------------------------------------------------------------- Title: Jrun sourcecode Disclosure BUG-ID: 2002026 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible for a malicious user to trick the Jrun webserver int...
KPMG-2002020: Resin view_source.jsp Arbitrary File Reading
-------------------------------------------------------------------- Title: Resin viewsource.jsp Arbitrary File Reading BUG-ID: 2002020 Released: 17th Jun 2002 -------------------------------------------------------------------- Problem: ======== In a default installation of Resin server, the...
Windows 2000 Server IIS 5.0 .ASP Overflow Exploit
Summary: ======== The following code will allow you to safely test your system for the below motioned vulnerability. For more information about this vulnerability see http://www.eeye.com/html/press/PR20020410.html previous article:"windows 2000 and NT4 IIS .ASP Buffer Overflow". The following cod...
KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
-------------------------------------------------------------------- Title: Microsoft Distributed Transaction Coordinator DoS BUG-ID: 2002015 Released: 19th Apr 2002 -------------------------------------------------------------------- Problem: ======== A flaw in the way MSDTC handles malformed...
KPMG-2002006: Lotus Domino Physical Path Revealed
-------------------------------------------------------------------- -=Lotus Domino Physical Path Revealed=- courtesy of KPMG Denmark BUG-ID: 2002006 Released: 02nd Apr 2002 -------------------------------------------------------------------- Problem: ======== Due to problems handling Windows DOS...
KPMG-2002005: BitVise WinSSH Denial of Service
-------------------------------------------------------------------- -=BitVise WinSSH Denial of Service=- courtesy of KPMG Denmark BUG-ID: 2002005 Released: 18th Mar 2002 -------------------------------------------------------------------- Problem: ======== Using "ill-intended connection attempts...
Microsoft ISA Server Fragmented Udp Flood Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---- Microsoft ISA Server Fragmented Udp Flood Vulnerability ---- - ---- Type A system resource is exhausted. - ---- Summary A fragmented Udp attack through the microsoft isa server makes the system hampered by using the cpu at 100. Meanwhile server...
Security Bulletin MS01-052
---------------------------------------------------------------------- Title: Invalid RDP Data can Cause Terminal Service Failure Date: 18 October 2001 Software: Windows NT 4.0 Server, Terminal Server Edition, Windows 2000 Server and Advanced Server Impact: Denial of service Max Risk: Moderate...
Security Bulletin MS01-040
---------------------------------------------------------------------- Title: Invalid RDP Data Can Cause Memory Leak in Terminal Services Date: 25 July 2001 Software: Windows 2000 Server and Windows NT 4.0, Terminal Server Edition Impact: Denial of Service Bulletin: MS01-040 Microsoft encourages...
Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (5)
Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 5 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...
Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (6)
Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 6 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...
def-2001-24: Windows 2000 Kerberos DoS
====================================================================== Defcom Labs Advisory def-2001-24 Windows 2000 Kerberos DoS Author: Peter Grьndl [email protected] Release Date: 2001-05-09 ======================================================================...