8517 matches found
Trend Micro OfficeScan ATXCONSOLE.OCX ActiveX控件格式串处理漏洞
Trend Micro OfficeScan是一种针对整个网段的分布式杀毒软件。 Trend Micro OfficeScan企业版的管理控制台ActiveX控件ATXCONSOLE.OCX没有正确地处理格式串,返回给管理控制台的远程客户端安装名称搜索的特制格式串可能允许访问进程栈。如果成功利用的话,这可能允许用户在运行ActiveX管理控制台的系统上执行任意代码。 Trend Micro OfficeScan Corporate Edition 7.3 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
HP-UX 11i (swask) Format String Local Root Exploit
No description provided by source. / HP-UX swask format string local root exploit ============================================ HP-UX 'swask' contains an exploitable format string vulnerability. The 'swask' utility is installed setuid root by default. Specifically the vulnerability is in the...
QK SMTP远程栈溢出漏洞
QK SMTP Server是一款SMTP(简单邮件传输协议)服务器软件。 QK SMTP Server在处理用户命令参数时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 QK SMTP Server在处理传送给“RCPT TO:”命令的参数时存在栈溢出漏洞,远程攻击者可以通过向服务器发送超长参数导致执行任意指令。 QKSoft QK SMTP 3.1.0 Beta QKSoft QK SMTP 3.0.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.qksoft.com/ /...
Debian DSA-1199-1 : webmin - multiple vulnerabilities
Several vulnerabilities have been identified in webmin, a web-based administration toolkit. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-3912 A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service...
GLSA-200610-12 : Apache mod_tcl: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200610-12 Apache modtcl: Format string vulnerability Sparfell discovered format string errors in calls to the setvar function in tclcmds.c and tclcore.c. Impact : A remote attacker could exploit the vulnerability to execute...
Half Life (rcon) Remote Buffer Overflow Exploit
No description provided by source. / SDI HalfLife rcon remote exploit for linux x86 portuguese exploit remoto para o buffer overflow do rcon no halflife Tamandua Sekure Labs Sao Paulo - Porto Alegre, Brazil by Thiago Zaninotti c0nd0r [email protected] Gustavo Scotti csh [email protected] Proof of...
HP-UX 11i - 'swask' Format String Privilege Escalation
/ HP-UX swask format string local root exploit ============================================ HP-UX 'swask' contains an exploitable format string vulnerability. The 'swask' utility is installed setuid root by default. Specifically the vulnerability is in the handling of the "-s" optional arguement...
Winmail Mail Server 2.3 Remote Format String Exploit
No description provided by source. / Magic Winmail Server 2.3Build 0402 Remote Format string exploit. Coded by ThreaT. This one take advantage of a format bug in the SMTP protocol not pop3 for execute a malicious command on a vulnerable system usage : mwmxploit Target IP command to execute remote...
LPRng (RedHat 7.0) lpd Remote Root Format String Exploit
No description provided by source. / Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the...
Apache mod_tcl: Format string vulnerability
Background Apache modtcl is a TCL interpreting module for the Apache 2.x web server. Description Sparfell discovered format string errors in calls to the setvar function in tclcmds.c and tclcore.c. Impact A remote attacker could exploit the vulnerability to execute arbitrary code with the rights ...
HP-UX 11i (swask) Format String Local Root Exploit
Exploit for hp-ux platform in category local exploits ================================================== HP-UX 11i swask Format String Local Root Exploit ================================================== / HP-UX swask format string local root exploit ============================================...
HP-UX 11i - swask Format String Privilege Escalation
HP-UX 11i - swask Format String Privilege Escalation / HP-UX swask format string local root exploit ============================================ HP-UX 'swask' contains an exploitable format string vulnerability. The 'swask' utility is installed setuid root by default. Specifically the vulnerabili...
QK SMTP 3.01 - RCPT TO Remote Denial of Service
QK SMTP 3.01 - RCPT TO Remote Denial of Service / ============================================================= 0-day RCPT TO DoS Exploit for QK SMTP version 3.01 and lower. ============================================================= Exploit affects a format string error in the RCPT TO command ...
QK SMTP <= 3.01 (RCPT TO) Remote Denial of Service Exploit
No description provided by source. / ============================================================= 0-day RCPT TO DoS Exploit for QK SMTP version 3.01 and lower. ============================================================= Exploit affects a format string error in the RCPT TO command in which the...
CVE-2006-4154
Format string vulnerability in the modtcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a setvar function call in 1 tclcmds.c and 2 tclcore.c...
CVE-2006-4154
CVE-2006-4154 describes a format-string vulnerability in the Apache mod_tcl module (version 1.0 for Apache 2.x). The root cause is format string handling in calls to set_var (in tcl_cmds.c and tcl_core.c), allowing a remote attacker to execute arbitrary code with the httpd process privileges. Aff...
CVE-2006-4154
Format string vulnerability in the modtcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a setvar function call in 1 tclcmds.c and 2 tclcore.c...
Apache web server mod_tcl security vulnerability
Server format string vulnerabilities with HTTP request header names...
[VulnWatch] iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability
Apache HTTP Server modtcl setvar Format String Vulnerability iDefense Security Advisory 10.13.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 13, 2006 I. BACKGROUND The modtcl module for the Apache httpd v2.x is a scripting module that allows a TCL developer to create server side...
Debian DSA-967-1 : elog - several vulnerabilities
Several security problems have been found in elog, an electronic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-4439 'GroundZero Security' discovered that elog insufficiently checks the size of a buffer used for processing...