ngIRCd <= 0.8.2 Remote Format String Exploit

No description provided by source. / ngircdfsexp.c ngIRCd = 0.8.2 remote format string exploit Note: To obtain a successful exploitation, we need that ngIRCd has been compiled with IDENT, logging to SYSLOG and DEBUG enabled. Original Reference: http://www.nosystem.com.ar/advisories/advisory-11.tx...

perl -- vulnerabilities in PERLIO_DEBUG handling

Kevin Finisterre discovered bugs in perl's I/O debug support: The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 A buffer overflow may occur in...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version...

PuTTY for Symbian OS "SSH2_MSG_DEBUG" Buffer Overflow

No description provided...

CVE-2004-2498

Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors...

CVE-2004-2268

PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php...

DEBIAN-CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

PT-2004-3233 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000, XP, and possibly 2003 Description: The issue allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function,...

PT-2004-2909 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.4.25 and earlier Description: The issue is related to an integer overflow in the SCTP SOCKOPT DEBUG NAME SCTP socket option in socket.c. This overflow allows local users to execute arbitrary code via an optlen value of...

iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability

Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=175&type=vulnerabilities December 21, 2004 I. BACKGROUND HP-UX FTP Daemon is a service included in HP-UX that implements the File Transfer Protocol. II...

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure

Title: phpCMS = 1.2.1 Xss Vulnerability, Information disclosure Affects: - = 1.2.1 Effect: Cross Site Attack session hijacking, ... Id: cbsa-0006 Release Date: 2004/11/26 Author: Cyrille Barthelemy [email protected] -- 1. Introduction ------------------------ phpCMS is a content management...

[SECURITY] [DSA 596-2] New sudo packages removes debug output

-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 596-2] New sudo packages removes debug output

-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...

TIPS MailPost append Parameter XSS

TIPS MailPost, a web application used for emailing HTML form data to a third party, is installed on the remote host. The version of MailPost hosted on the remote web server has a cross-site scripting vulnerability in the 'append' variable of mailpost.exe when debug mode is enabled. Debug mode is...

MailPost vulnerable to cross-site scripting in the 'append' variable passed to the file as part of an HTTP GET request

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack via the 'append' variable. The 'append variable is passed as part ...

MailPost discloses sensitive system information when operating in debug mode

Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...

CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...