QNX RTOS 6.1 - 'PKG-Installer' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/4918/info It has been reported that the pkg-installer utility for QNX is vulnerable to a buffer overflow condition. The vulnerability is a result of an unbounded string copy of the argument to the "-U" commandline option of pkg-installer to a local...

CVE-2001-1541

Buffer overflow in Unix-to-Unix Copy Protocol UUCP in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument...

ActivePerl 5.6.1 - perlIIS.dll Remote Buffer Overflow (1)

ActivePerl 5.6.1 - perlIIS.dll Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/3526/info ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a...

Progress Database vulnerabilities

strcpy and pstcopy dbutpstcopy are BAD!@@!$! you need to make use of strncpy or invent pstncopy This is straight from the unix man pages for strcpy NAME strcpy, strncpy - copy a string SYNOPSIS include string.h char strcpychar dest, const char src; BUGS If the destination string of a strcpy is no...

FreeBSD 4.2-stable - FTPd 'glob()' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing operations, the ftp daemon assume...

CVE-2000-1178

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes...

PT-2001-1011 · Joe · Joe

Name of the Vulnerable Software and Affected Versions: joe affected versions not specified Description: The issue allows local users to overwrite the files of other users whose joe session crashes, due to the joe text editor following symbolic links when creating a rescue copy called DEADJOE duri...

DEBIAN-CVE-2000-0992

Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. dot dot attack...

PT-2000-1902 · Openssh +1 · Sshd +1

Name of the Vulnerable Software and Affected Versions: sshd versions 1.2.xx Description: A directory traversal issue in the scp component of sshd allows a remote malicious scp server to overwrite arbitrary files using a .. dot dot attack. Recommendations: For sshd versions 1.2.xx, consider...

AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/2118/info AOL Instant Messenger AIM is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exist...

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_peekqueue Buffer Overflow

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xppeekqueue Buffer Overflow // source: https://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_showcolv Buffer Overflow

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpshowcolv Buffer Overflow // source: https://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...

Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow

// source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...

Joe's Own Editor File Link Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TITLE: Joe's Own Editor File Link Vulnerability ADVISORY ID: WSIR-00/11-01 CONTACT: Patrik Birgersson, Wkit Security AB CLASS: File Handling Error OBJECT: joe1 exec VENDOR: Josef H. Allen STATUS: Vendor not reachable REMOTE: No LOCAL: Yes DATE:...

MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun problem.

X-PMC-CI-e-mail-id: 13428 A replacement library for checking well-known type of stack overrun caused by memory copy / string copy operations has been made available, namely libsafe. I have used it on Linux and I spotted a couple of suspicous popular programs on linux. I have been using libsafe on...

CVE-2000-0545

Buffer overflow in mailx mail command aka Mail on Linux systems allows local users to gain privileges via a long -c carbon copy parameter...

another WU imapd buffer overflow

Hi, While doing code security audit, I discovered another buffer overflow in imapd. This time security flaw exist in standard rfc 1064 COPY command: OK mail IMAP4rev1 v12.264 server ready login siva9 secret OK LOGIN completed select inbox 2 EXISTS 0 RECENT OK UIDVALIDITY 956162550 UID validity...

linux.2.x.mmap.DoS.txt

Date: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Linux 2.x mmap vunerability Linux 2.0.36 has the similiar problem with copy-on-write pages allocated with mmap - as these pages are not accounted within per-user limits. Fortunately, it's less harmfull than 5, because memory will be freed...

nt4+sp4.y2k.txt

Date: Tue, 23 Mar 1999 18:31:34 -0500 From: Ilya Slavin To: [email protected] Subject: NT Y2K issue post SP4 Those of you who are in the process of deploying SP4 or are planning to do so should be aware that a new Y2K problem was discovered in this service pack. Here's the scoop. I...

nt4+sp4.profile.quota.dos.txt

Date: Fri, 21 May 1999 01:15:11 +0200 From: Tonino Lucca To: [email protected] Subject: Ordinary user can easily surpass profiles quota in NT+SP4 Hi all, File system full in %systemdrive% in Terminal Server can easily be reached by an ordinary user by growing his own profile so...