Buffer overflow in Microsoft Messenger Service

Overview There is a buffer overflow in the Microsoft Windows Messenger service that could allow an attacker to execute arbitrary code on most recent versions of Microsoft Windows. Description There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This could allow an...

HP-UX "passwd" utility may corrupt password file

Overview The HP-UX "passwd" utility contains a denial-of-service vulnerability. Description The HP-UX "passwd" utility is used to make changes to a user's authentication credentials. A vulnerability in "passwd" may allow a local attacker to corrupt the password file. --- Impact An attacker may be...

Hewlett-Packard Company MPE/iX FTPSRVR does not properly validate certain commands

Overview A vulnerability in the FTP server included with the MPE/iX operating system may allow a remote attacker to gain unauthorized access. Description MPE/iX is an operating system produced by Hewlett-Packard Company. The FTP server included with MPE/iX FTPSRVR contains a vulnerability which m...

Sun ONE/iPlanet Web Server vulnerable to DoS

Overview A vulnerability in the SunOne/iPlanet Web Server may allow a remote attacker to cause a denial of service. Description The SunOne/iPlanet Web Server contains a vulnerability which may allow a remote attacker to disrupt the normal operation of the web server. This vulnerability is only...

BEA WebLogic Server code execution paths may cause the current user to be incorrect

Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...

Microsoft Internet Explorer does not safely handle multiple file download requests

Overview A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system. Description When Internet Explorer IE follows a link to an executable file .exe, a dialog window is displayed that...

rpc.walld fails to properly validate messages before broadcasting to clients

Overview A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available. Description From the rpc.walld man page:The wall command reads the named file, or, if no filename appears, it reads the standard input until an...

bttlxeForum login.asp Multiple Field SQL Injection

The remote host is running bttlxeForum, a set of CGIs designed to run a forum-based web server on Windows. There is a SQL injection bug in the remote server that allowed Nessus to log in as 'administrator' by supplying the password 'or id=' in a POST request. A remote attacker may use this flaw t...

SRT2003-04-15-1029 - Progres BINPATHX overflow

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

Icecast vulnerable to buffer overflow via long GET request

Overview A remotely exploitable buffer overflow exists in Icecast. Description A remotely exploitable buffer overflow exists in Icecast. By sending on overly long GET request to the server, an attacker can execute arbitrary code with the privileges of the Icecast server, or cause the service to...

gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences

Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...

Sun Solaris lockd(1M) daemon vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Solaris lockd1M daemon. Exploitation of this vulnerability may kill the lockd process. Description Sun Microsystems describes the lockd1M daemon as follows:The lockd utility is part of the NFS lock manager, which suppor...

Sun Solaris AUTH_DES authentication contains vulnerability allowing user to gain escalated privileges

Overview A remotely exploitable privilege escalation vulnerability exists in multiple versions of Solaris. Description RPC requests utilizing AUTHDES authentication can trigger a privilege escalation vulnerability in multiple versions of Solaris. For more details, please see Sun Alert ID 46944. -...

Apache discloses source code via POST requests to a location with WebDAV and CGI enabled

Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...

Microsoft Java implementation JDBC classes do not properly validate DLL requests

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM do not properly validate DLL requests, allowing a malicious applet to load and execute any DLL on the client system. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and XP. It is used...

Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check

Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...

HP Tru64 UNIX "dtsession" contains buffer overflow (SSRT2282)

Overview The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logou...

HP Tru64 UNIX "ping" contains locally exploitable vulnerability (SSRT2229)

Overview The HP Tru64 UNIX implementation of "ping" contains a locally exploitable vulnerability. Description "ping" is used to send ICMP echo requests to other hosts on the Internet. A locally exploitable vulnerability in "ping" may permit a local attacker to perform a denial-of-service attack o...

HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...

HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "csh" contains a locally exploitable buffer overflow. Description "csh" is used to invoke the C shell and interpret commands. A locally exploitable buffer overflow in "csh" may permit a local attacker to gain elevated privileges and execute arbitrary...