Self-Executing FOLDERS: Windows XP Explorer Part V

Sunday, January 25, 2004 The following file is a 'folder' comprising both scripting and an executable .exe. We inject scripting and an executable into the 'folder' which is designed to point back to the executable in the 'folder' and execute it. Provided the 'folder' is an html file, Windows XP...

vbox3 privilege escalation

Elevated privileges are not dropped on external executable call...

Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service

Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service // source: https://www.securityfocus.com/bid/9379/info KpyM Telnet Server has been reported to be prone to a remote denial of service vulnerability. Due to a lack of resource limitations, a remote attacker may negotiate multiple...

SGDynamo sgdynamo.exe HTNAME XSS

The remote host is running the CGI 'sgdynamo.exe'. There is a bug in some versions of this CGI which makes it vulnerable to a cross-site scripting attack. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scripts License for details Changes by Tenable: - Revised...

CVE-2003-0936

Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe...

launchprotect.pl

Eudora 6.0.1 on Windows has LaunchProtect, to warn the user before running executable attachments. However this only works in the attach folder; using spoofed attachments, executables stored elsewhere may run without warning. In some setups, even executables in the attach folder may run without...

Eudora 6.0.1 LaunchProtect

Eudora 6.0.1 on Windows has LaunchProtect, to warn the user before running executable attachments. However this only works in the attach folder; using spoofed attachments, executables stored elsewhere may run without warning. In some setups, even executables in the attach folder may run without...

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass (1)

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass 1 source: https://www.securityfocus.com/bid/9101/info A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions. May...

Microsoft Internet Explorer 6 - Codebase Double Backslash Local Zone File Execution

source: https://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE object property. Under certain...

Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)

source: https://www.securityfocus.com/bid/9101/info A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions. May 21, 2004 - Eudora version 6.1.1 has been released, however, it is...

OpenBSD DoS and buffer overflow

NULL pointer is possible on executable file parsing. In case patches against this vulnerability are installed there is a new vulnerability with kernel mode buffer overflow...

POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III

Wednesday, November 5, 2003 In our never-ending quest for entertainment, we commece from this date forward to end-2004 our POS series of findings. That is the 'perfect operating system'. Today we debut and regurgitate new and not so new for fun as follows. A warm up for the New Year if you will !...

Microsoft Windows XP/2000 - RPC Remote Non Exec Memory

/ have you recently bought one of those expensive new windows security products on the market? do you think you now have strong protection? Look again: rpc!exec by ins1der trixterjack yahoo com windows remote return into libc exploit! remote rpc exploit breaking non exec memory protection schemes...

Buffer overflow in explorer.exe

Buffer overflow on desktop.ini parsing...

Caché weak permissions

Weak permissions for executable files and directories...

linux execve() unauthorized executable file access

During new application invocation through execve there is a race condition than parent application can access new discriptor for executable file...

Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read

Linux Kernel 2.4 - SUID execve System Call Race Condition Executable File Read / source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a...

CVE-2003-0365

ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs...

CVE-2003-0330

Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument...

kon2 buffer overflow

Buffer overflow in /usr/bin/kon on oversized -Coding parameter...