333 matches found
Microsoft Windows NT 4.0/2000 - NTFS File Hiding
source: https://www.securityfocus.com/bid/3989/info There exists a condition in Microsoft Windows operating systems using NTFS that may allow for files to be hidden. Though the NTFS filesystem allows for a 32000 character path, Microsoft Windows operating systems NT4, 2000 and XP enforce a 256...
ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
Product: netkit telnet protocol daemon, in.telnetd Version: netkit-telnet-0.17 and previous /usr/sbin/in.telnetd Severity: High Remote: Yes Allows: Remote ROOT level access. Workaround: Disable telnet access. Fix: Check with your vendor for an updated package. from...
cobalt.webmail.txt
I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...
$HOME buffer overflow in SunOS 5.8 x86
Georgi Guninski security advisory 46, 2001 $HOME buffer overflow in SunOS 5.8 x86 Systems affected: SunOS 5.8 x86 have not tested on other OSes Risk: Medium Date: 4 June 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski. You may distribute it unmodified. You may not modify it a...
Microsoft SQL Server sa Account Default Blank Password
The remote instance of MS SQL / SQL Server has the default 'sa' account enabled without any password. An attacker may leverage this flaw to execute commands against the remote host, as well as read the content of any databases it might have. %NASLMINLEVEL 70300 this script attempts to log in to a...
Microsoft Indexing Service (Windows 2000NT 4.0) - .htw Cross-Site Scripting
Microsoft Indexing Service Windows 2000NT 4.0 - .htw Cross-Site Scripting source: https://www.securityfocus.com/bid/1861/info A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly...
Дырка во многих реализациях PHP
Из-за того, что сервер не сбрасывает некоторые переменные, которые могут задаваться пользователем, пользователь может указать временный файл, используемый при загрузке, что позволяет скомпрометировать системные файлы...
ISC BIND 4.9.7/8.x - Traffic Amplification and NS Route Discovery
source: https://www.securityfocus.com/bid/983/info ISC BIND 4.9.7/8.1/8.1.1/8.1.2/8.2/8.2.1/8.2.2 Traffic Amplification and NS Route Discovery Vulnerability A potential denial of service hence forth referred to as DoS attack exists in the default configuration of many popular DNS servers. If a...
cron_root_patch.txt
Subject: Vixie Cron version 3.0pl1 vulnerable to root exploit To: [email protected] Vixie Cron version 3.0pl1 vulne.ems Content-Type: text/plain; charset=us-ascii PGP Signature Status: unknown Signer: Unknown, Key ID xAE8F7CF5 Signed: 8/28/99 11:42:41 PM Verified: 9/22/99 1:44:11 AM BEGIN...
MDAC 2.1.2.4202.3 Microsoft Windows NT 4.0SP1-6 JETODBC Patch RDS Fix - Registry Key
MDAC 2.1.2.4202.3 Microsoft Windows NT 4.0SP1-6 JETODBC Patch RDS Fix - Registry Key MDAC 2.1.2.4202.3 GA,Microsoft Windows NT 4.0/alpha/SP1/SP1 alpha/SP2/SP2 alpha/SP3/SP3 alpha/SP4/SP4 alpha/SP5/SP5 alpha/SP6/SP6 alpha JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities source:...
hotmail.browser.trust.txt
Date: Wed, 5 May 1999 17:31:34 -0500 From: David L. Nicol To: [email protected] Subject: hotmail claims vulnerability patched, so here it is Dear Paul: I am reading your previous article on hotmail security, http://www.news.com/News/Item/0,4,33996,00.html and I'm CCing this message to the...
rsync.permissions.txt
Date: Wed, 7 Apr 1999 22:21:30 +1000 From: Andrew Tridgell To: [email protected] Subject: rsync 2.3.1 release - security fix I discovered a security hole in rsync yesterday and have released rsync 2.3.1 to fix it. The new version and patches against the last version are available at...
CVE-2022-40688
CVE-2022-40688 is rejected/not used and does not represent an active vulnerability entry.