CVE-2001-0720

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled...

CVE-2001-0720

CVE-2001-0720 affects Internet Explorer 5.1 for Macintosh on Mac OS X. The issue allows remote execution of arbitrary commands by triggering the download of a BinHex or MacBinary file type that is executed if automatic decoding is enabled. The vulnerability arises in how the browser handles certa...

CVE-2001-1035

Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post...

Oracle9i Application Server Apache PL/SQL module does not properly decode URL

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS in which the module does not properly decode double URL encoded strings. This vulnerability could allow an intruder to read files outside the web...

Переполнение буфера в thttpd (buffer overflow)

Переполнение буфера при base64-декодировании заголовка HTTP-авторизации...

CVE-2001-1035

Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post...

Roxen security alert: URL decoding vulnerable

Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...

CVE-2001-1118

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL...

Sambar Server all versions password decoding

Topic: Sambar Server all versions password decoding Author: 3APA3A SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com Released: 24 July 2001 Credits:...

Декодирование паролей в Sambar (password decoding)

пароли хранятся в обратимом виде и могут быть декодированы...

SECURITY.NNOV: Sambar Server all versions password decoding

Hello, Topic: Sambar Server all versions password decoding Author: 3APA3A [email protected] SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com...

Слабый алгоритм шифрования в Crypt-PW (weak encryption)

Шифрованный парль легко декодируется...

sa2001_02.txt

NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system...

Дырка в IIS (double decoding directory traversal)

Путь к CGI-программе декодируется дважды, что позволяет обойти проверку на обратный путь в директориях...

Advisory CA-2001-12

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-12 Superfluous Decoding Vulnerability in IIS Original release date: May 15, 2001 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Microsoft IIS Overview A serious...

IIS decodes filenames superfluously after applying security checks

Overview Microsoft IIS decodes filenames after applying security checks, allowing an attacker to execute commands. Description To accomodate complex URIs, RFC 2396 specifies a means to encode arbitrary octets using hexadecimal characters and the percent sign %. Quoting from RFC 2396: An escaped...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (7)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 7 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (1)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 1 // source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request...

Дырка в tcpdump

Переполнение буфера при декодировании AFS...

format string in ssl dump

Sorry if this has already got posted. Seeweed found this in ssldump the other day. The follwoing text is from his website http://dropwire.dhs.org/seeweed/: SSLDUMP is a program witch is simallar to tcpdump, but also adds encryption to its network debugging procedures..It captures traffic then...