294 matches found
Immunity Canvas: GROUPWISE_WEBACCESS
Name| groupwisewebaccess ---|--- CVE| CVE-2007-2171 Exploit Pack| CANVAS Description| Novell GroupWise WebAccess Base64 Decoding Stack Overflow Notes| CVE Name: CVE-2007-2171 VENDOR: Novell VersionsAffected: Repeatability: References: http://www.zerodayinitiative.com/advisories/ZDI-07-015.html CV...
Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow
The remote host is running a version of GroupWise WebAccess from Novell that is vulnerable to a stack overflow in the way it handles HTTP Basic Authentication. By sending a specially crafted request, an attacker can exploit this flaw to execute code on the remote host with administrative...
Novell Groupwise WebAccess buffer overflow
Stack buffer overflow stack overrun during TCP/7205 TCP/7211 HTTP basic authentication on base64 decoding...
ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-015.html April 18, 2007 -- CVE ID: CVE-2007-2171 -- Affected Vendor: Novell -- Affected Products: Groupwise WebAccess -- TippingPointTM IPS Customer Protection:...
Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the...
PHP Subscriber远程密码泄露漏洞
PHP Subscriber是一款基于PHP的WEB应用程序。 PHP Subscriber不正确过滤用户提交的输入,远程攻击者可以利用漏洞获得密码敏感信息。 攻击者可以请求http://www.site.com/path/pwd.txt连接获得密码文件信息,然后使用BASE64解码密码信息。 PHP Subscriber 目前没有详细漏洞细节提供...
Fedora Core 6 : mutt-1.4.2.2-3.fc6 (2006-1063)
Tue Oct 24 2006 Miroslav Lichvar 5:1.4.2.2-3 - fix insecure temp file creation on NFS 211085, CVE-2006-5297 - Thu Aug 3 2006 Miroslav Lichvar 5:1.4.2.2-2 - fix a SASL authentication bug 199591 - Mon Jul 17 2006 Miroslav Lichvar 5:1.4.2.2-1 - update to 1.4.2.2 - fix directories in manual.txt...
Authentication Buffer Overflows
Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation and for an FTP server to overflow the client during krb4 negotiation. The announcement of this flaw w...
PT-2005-1545 · Curl +1 · Curl +1
Name of the Vulnerable Software and Affected Versions: cURL versions 7.12.1 and possibly other versions Description: The issue arises from multiple stack-based buffer overflows in libcURL and cURL, allowing remote malicious web servers to execute arbitrary code. This occurs when base64 encoded...
Samba SWAT buffer overflow
Buffer overflow in Base64 decoding functions...
Potential Buffer Overrun in SWAT
Description The internal routine used by the Samba Web Administration Tool SWAT v3.0.2 and later to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. It is recommended that all Samba v3.0.2 or later installations running...
Multiple Potential Buffer Overruns in Samba
Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool SWAT on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected. Another buffer overflow bug has been found in the code used to support the "mangling...
Переполнение буфера в thttpd (buffer overflow)
Переполнение буфера при base64-декодировании заголовка HTTP-авторизации...
PT-2012-6326 · Libotr +1 · Libotr +1
Name of the Vulnerable Software and Affected Versions: libotr versions prior to 3.2.1 Description: The issue is related to the allocation of a zero-length buffer when decoding a base64 string, which can lead to a denial of service application crash via a message with a specific value. This can be...