Microsoft Security Bulletin MS03-018: Cumulative Patch for Internet Information Service (811114)

-----BEGIN PGP SIGNED MESSAGE----- - - ------------------------------------------------------------------ Title: Cumulative Patch for Internet Information Service 811114 Date: 28 May 2003 Software: Microsoftr Windows NTr 4.0, Windowsr 2000, or Windowsr XP Impact: Allow an attacker to execute code...

Ifenslave 0.0.7 - Argument Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It is...

Snowblind Web Server 1.01.1 - GET Buffer Overflow

Snowblind Web Server 1.01.1 - GET Buffer Overflow source: https://www.securityfocus.com/bid/7619/info Snowblind Web Server has been reported prone to a buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP requests of excessive length. Although...

CVE-2002-0968

AnaloxX SimpleServer:WWW (version 1.16 and earlier) is affected by a buffer overflow that can be triggered by a long HTTP request method name, allowing a remote attacker to crash the server and potentially execute arbitrary code. OpenVAS/Nessus/NVD entries confirm a remote DoS vector and, in some...

ftp_banner.txt

Banner Buffer Overflows found in Multible FTP Clients Discovered by Dennis Rand www.Infowarfare.dk ------------------------------------------------------------------------ SUMMARY A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large...

CVE-2002-1980

Buffer overflow in Volume Manager daemon vold of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors...

CVE-2002-2259

Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors...

Abuse 2.0 - Local Buffer Overflow

Abuse 2.0 - Local Buffer Overflow / source: https://www.securityfocus.com/bid/6094/info Vulnerabilities have been discovered in two files used by Abuse. By passing an execessively long commandline argument to Abuse, it is possible to overrun a buffer. Exploiting this issue could allow a local...

HP Tru64 UNIX "dtsession" contains buffer overflow (SSRT2282)

Overview The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logou...

HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "csh" contains a locally exploitable buffer overflow. Description "csh" is used to invoke the C shell and interpret commands. A locally exploitable buffer overflow in "csh" may permit a local attacker to gain elevated privileges and execute arbitrary...

HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (1)

source: https://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via a...

CVE-2002-0070

Buffer overflow in Windows Shell used as the Windows Desktop allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled...

CVE-2001-0920

Format string vulnerability in auto nice daemon AND 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string...

Netscape 4.77 - Composer Font Face Field Buffer Overflow

source: https://www.securityfocus.com/bid/5010/info Netscape is a freely available web browser distributed by Netscape Communications, and available for various platforms. This vulnerability is known to affect those installations on the Linux platform. A buffer overflow has been reported in the...

CVE-2001-1159

SquirrelMail 1.0.4 and earlier are affected by CVE-2001-1159 due to improper initialization of PHP variables in load_prefs.php and related include files. This allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary PHP code by uploadi...

CVE-2001-1093

CVE-2001-1093 concerns a buffer overflow in the msgchk utility of Digital UNIX 4.0G and earlier. A command-line argument of excessive length can overflow a buffer, enabling a local attacker to execute arbitrary code with the effective user ID of the msgchk process. The vulnerability is described ...

CVE-2001-1128

Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the 1 PROMSGS or 2 PROTERMCAP environment variables...

Tower Toppler 0.99.1 - Display Local Buffer Overflow

Tower Toppler 0.99.1 - Display Local Buffer Overflow source: https://www.securityfocus.com/bid/7028/info It has been reported that a buffer overflow exists in Tower Toppler. A local user may be able to exploit this issue to execute code with the privileges of the toppler program. !/usr/bin/perl...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...

CVE-2001-0691

Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations...