CVE-2002-1139

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target...

Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities

Overview Microsoft Internet Explorer IE may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file. Description IE does not properly verify the Content-Disposition and Content-Type header...

Netris 0.3/0.4/0.5 - Remote Memory Corruption

// source: https://www.securityfocus.com/bid/5680/info Netris is prone to a remotely exploitable memory corruption issue. Netris is prone to a remotely exploitable memory corruption issue. An attacker may exploit this to execute arbitrary code with the privileges of the user invoking the vulnerab...

SAME LADY, DIFFERENT DRESS: Internet Explorer 6

Monday, August 12, 2002 Yet another silent delivery and installation of an executable on the target computer using Internet Exlorer 6. This can be achieved by reversing the following: http://online.securityfocus.com/bid/5350 And: HTM. In order to to achieve the required results as outlined in the...

CVE-2002-0718

Web authoring command in Microsoft Content Management Server MCMS 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."...

Qualcomm Eudora 56 - File Attachment Spoofing (1)

Qualcomm Eudora 56 - File Attachment Spoofing 1 source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing...

Qualcomm Eudora 5/6 - File Attachment Spoofing (2)

source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...

Qualcomm Eudora 56 - File Attachment Spoofing (2)

Qualcomm Eudora 56 - File Attachment Spoofing 2 source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing...

Qualcomm Eudora 5/6 - File Attachment Spoofing (1)

source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...

REFRESH: EUDORA MAIL 5.1.1

Tuesday, July 23, 2002 Trivial silent delivery and installation of an executable on a target computer. This can be accomplished with the default installation of the mail client Eudora 5.1.1: 'allow executables in HTML content' DISABLED 'use Microsoft viewer' ENABLED The manufacturer...

CORE-20020620: Inktomi Traffic Server Buffer Overflow

CORE SECURITY TECHNOLOGIES http://www.corest.com Vulnerability Report For Inktomi Traffic Server Date Published: 2002-07-02 Advisory ID: CORE-20020620 Bugtraq ID: 5098 CVE CAN: None currently assigned. Title: Inktomi Traffic Server trafficmanager local overflow. Class: Boundary error condition...

CVE-2001-1149

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service crash when a user selects an action for a malformed UPX packed executable file...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded stri...

ICQLite executable trojaning

Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Risk: Average Exploitable: Yes Remote: No I. Intro: ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges such as Power User to work, so, it's often used by...

TRU64 /usr/bin/passwd overflow

In light of the recent conversations on the non-executable stack I have decided to release some of the information I have been sitting on. alpha.snosoft.com uname -a OSF1 alpha.snosoft.com V5.1 732 alpha alpha.snosoft.com id uid=201dotslash gid=15users groups=0system alpha.snosoft.com ls -al...

[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability

---------------------------------------------------------------------- SNS Advisory No.51 Compaq Tru64 UNIX libc Buffer Overflow Vulnerability Problem first discovered: Sun, 18 Nov 2001 Published: Thu, 17 Apr 2002 ---------------------------------------------------------------------- Overview:...

DoS через специальные устройства в Domino (DOS DoS)

Обращение к CGI-файлу с именем содержащим название DOS-устройства и длинным расширением приводит к запуску cmd.exe...

HELP.dropper: IE6, OE6, Outlook...lookOut

Thursday, 28 March, 2002 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post or web site. This can be accomplished with the default installation of Internet Explorer 6.0, Outlook Express 6.0 and probably Outlook and...

Executable launch via Windows Medial Player from Microsoft Outlook/Outlook express

Via Windows Media file wma it's possible to open HTML file in local security zone, from html it's open chm, from chm - executable...

CVE-2001-1140

BadBlue Personal Edition v1.02 beta is affected by CVE-2001-1140, where remote attackers can read source code of executables by adding a null byte (%00) to the request. The vulnerability is exploitable over a network with low attack complexity and no authentication, causing partial confidentialit...