7016 matches found
DSA-136-2 openssl - multiple remote exploits
Bulletin has no description...
Buffer overflow in afd
Buffer overflow on long path in suid utils...
Happy Labor Day from Snosoft
For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these...
More Vulnerabilities with Pingtel xpressa SIP-based IP phones
The Sys-Security Group Security Advisory "More Vulnerabilities with Pingtel xpressa SIP-based IP Phones" Release Date: 08/20/2002 Affected Platforms: Pingtel xpressa SIP IP phones model PX-1 with software version 2.0.1 and below; Pingtel instant xpressa softphones with software version 2.0.1 and...
CVE-2002-0805
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, 1 creates new directories with world-writable permissions, and 2 creates the params file with world-writable permissions, which allows local users to modify the files and execute code...
CVE-2002-0429
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface lcall...
CVE-2002-0770
Quake 2 Q2 server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated...
[SECURITY] [DSA-136-1] Multiple OpenSSL problems
Package : openssl Problem type : multiple remote exploits Debian-specific: no CVE : CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659 The OpenSSL development team has announced that a security audit by A.L. Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed remotely...
DSA-136-1 openssl - multiple remote exploits
Bulletin has no description...
DSA-136 openssl - multiple remote exploits
Bulletin has no description...
AOL Instant Messenger 4.x - Unauthorized Actions
AOL Instant Messenger 4.x - Unauthorized Actions source: https://www.securityfocus.com/bid/5246/info The AOL Instant Messenger client is prone to an issue which may allow maliciously crafted HTML to perform unauthorized actions such as adding entries to the buddy list on behalf of the user of a...
DLA-25-06-2002.txt
Digit-Labs Security Advisory http://www.digit-labs.org/ Advisory Name: IIS Administration Web Site redirect exploits Release Date: 25.June-2002 Application: Microsoft Internet Information Server 5.0 Platform: Windows 2000 Professional Severity: Low/Medium Authors: GoLLuM.no...
CVE-2002-0456
CVE-2002-0456 affects Eudora 5.1 and earlier. The issue arises because attachments are stored in a directory with a fixed name, which could enable attackers to exploit vulnerabilities in other software that rely on installing/reading files from directories with known pathnames. The provided docum...
Security holes : Rose, EasyNews, User Online, Mon Album, KorWebLog
Hello people : Product 1 : Rose http://www.jinxm.co.uk Version : 4.52 Problem : - Admin access Exploit : - newsadmin/upload.php?userinfousername=hop&userinfouserlevel=100 Product 2 : EasyNews http://www.webrc.ca Version : 4.3 Problem : - Admin access Exploits : - admin.php?enlogid=0&action=users ...
solaris lpd thing
I'm going through a rough period in my life -- I don't know what to do. Attached below is a shitty remote that I leaked to the kids last year. Now is a good time to submit it to Bugtraq. It's incredibly lame code, but why not get it working, and then go hack some stuff... Originally it was writte...
Security holes in OpenBB
Product : OpenBB http://www.prolixmedia.com Versions : 1.0.0 RC3 and less ? Problems : - XSS - Access to moderators' options Exploits : - /myhome.php?action=messages&box=form20name=ainput 20name=i20value=XSS/formscriptalert document.a.i.value/script - imghttp://" onerror="SCRIPT"/img - glow...
NTP Vulnerability
...
Security holes : Ultimate PHP Board
Product : Ultimate PHP Board http://xcrew.host.sk Versions : 1.0 Beta 1.1 Problems : 1.0 B : - Reading of privates messages 1.1 & 1.0 B : - Access to users/admins accounts Exploits : 1.0 B : - /members/ID.pm - /members/ID.xbb 1.1 : - imgjavascript:window.open' index.php?...
MiniBB 1.2 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/4619/info MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. MiniBB does not filter script code from URL parameters, making it prone to cross-site scripting...
Security holes : Linker, Pharao
Product1 : Linker http://enproject.codelib.co.kr Versions : 2.0 Problems : - Reading in HD - Informations recovery passwords, DBHOST, DBUSER,... Exploits : - /imageview.php?uid=../function/passinfo.php or /imageview.php?uid=../function/baseinfo.php - Set cookies : "adminlogin","1"...