Lucene search
+L

1791 matches found

securityvulns
securityvulns
added 2001/01/16 12:0 a.m.46 views

PHP Security Advisory - Apache Module bugs

Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2000/11/29 12:0 a.m.14 views

BFTPd - vsprintf() Format Strings

BFTPd - vsprintf Format Strings / Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/11/08 12:0 a.m.94 views

Explanation Authentix Input Validation Error

Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/10/16 12:0 a.m.30 views

Security issue with Compaq Easy Access Keyboard software

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Compaq's Easy Access Keyboard software version 1.3 contains a bug which could allow a privilege escalation on the local machine or domain. I have confirmed the bug running the Easy Access Keyboard software on Windows 2000 Professional SP1, but I suspe...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2000/10/10 12:0 a.m.25 views

boa.server.txt

ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/10/09 12:0 a.m.55 views

Vulnerability in BOA web server v0.94.8.2

ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/09/26 12:0 a.m.37 views

Format strings: bug #1: BSD-lpr

Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...

Exploits0
securityvulns
securityvulns
added 2000/08/17 12:0 a.m.52 views

Microsoft refuses to fix a security bug in Windows 2000

Microsoft refuses to fix a security bug in Windows 2000 Eugene Kalinin Medical Informatics Laboratory Moscow, Russia Aug 16, 2000 Yesterday Microsoft refused to fix a security problem in Windows 2000 RPC service. The bug in RPC service allows an attacker to put a Windows 2000 server out of servic...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/07/04 12:0 a.m.25 views

Kerberos security vulnerability in SSH-1.2.27

I am writing to report a security bug in SSH 1.2.27. SOFTWARE AFFECTED: SSH 1.2.27 with Kerberos authentication support compiled in i.e. "configure --with-kerberos5". I have contacted SSH Communicators Security http://www.ssh.com about this, and they have just released ssh-1.2.28, which fixes thi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/07/03 12:0 a.m.34 views

Linux news 3.07.00

WU-FTPD 2.6.1 Вышла новая версия популярного FTP сервера WU-FTPD - WU-FTPD 2.6.1. В данной версии появилась поддержка virtual passwd/virtual shadow как в BeroFTPD. Кроме того пофиксен серьезный security баг, благодаря которому пользователь мог получить права root-а. Также пофиксен баг с возможной...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2000/06/27 12:0 a.m.35 views

glftpd.privpath.txt

Glftpd 1.18 till 1.21b8 current beta have a serious problem with the privpath directives.... It will probably be fixed in the comming 1.21b9 but i have included a quick fix in this one to prevent exploits of this bug. Thanx for Hoopy for the quick fix glftpd dev team. Problem: When you know the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/06/15 12:0 a.m.34 views

smartftp.txt

I found a bug in the SmartFTP-D Server which will give an attacker full access to the server, if he has the right to write files on the server. For every user, the program is checking if a special Userfile exists Sample: Username=hacker & Userfile=hacker.FTPUser. If it exists, the configuration,...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/06/15 12:0 a.m.24 views

SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit

I found a bug in the SmartFTP-D Server which will give an attacker full access to the server, if he has the right to write files on the server. For every user, the program is checking if a special Userfile exists Sample: Username=hacker & Userfile=hacker.FTPUser. If it exists, the configuration,...

Exploits0
securityvulns
securityvulns
added 2000/05/03 12:0 a.m.109 views

Security Bug in Jana HTTP Server

Hello Bugtraqers, I found a directory travelling bug again, this time in JANA HTTP Server software available as freeware from http://www.jana-server.ocm.de . Here is a copy of the mail I sended to the author. eAX -------------------------------------------- Hello Thomas, I got your proxy/perver...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2000/03/22 12:0 a.m.51 views

Security bug in Apache project: Jakarta Tomcat

The Apache project: Jakarta Tomcat contains a serius security bug. Tomcat is used together with the Apache web server to serve Java Server Pages and Java servlets. Summary from the Tomcat development team advisory is posted below: Advisory: Delivered with Tomcat is an example jsp/source.jsp that...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2000/02/09 12:0 a.m.51 views

zeus.null.txt

This morning Zeus Technology Limited was informed of a serious security bug in the Zeus Webserver by 'The Relay Group' http://relaygroup.com. This document describes the scope of the problem and its solution. Versions affected ----------------- Zeus 3.1.x / 3.3.x Severity -------- High- this bug...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/01/23 12:0 a.m.35 views

omnis.txt

I'm not sure of the complete extent of applications written in Omnis, but from what I understand, it's a multi-platform Rapid Application Development environment. Essentially, from what I understand having no personal experience with the product, you create one program in Omnis, and it's portable...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/09/21 12:0 a.m.53 views

glibc_exploit.txt

Subject: Linux glibc 2.1.x / wu-ftpd =2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x To: [email protected] First of all, something less or more personal - sorry to all [email protected] people for this post. I'm really angry, as this stuff become well-known without my knowledge... so, only a...

Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.36 views

openbsdreadv.txt

Date: Mon, 27 Jul 1998 12:26:36 +0100 BST From: [email protected] To: [email protected] X-Send-Pr-Version: 3.97 Subject: kernel/549: Any user can panic OpenBSD machine Sender: [email protected] Number: 549 Category: kernel Synopsis: readv with -ve block size panics kernel Confidential: yes...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.32 views

dpec-course-passwds.txt

Date: Fri, 15 Jan 1999 21:45:24 -0700 From: Joel Knight To: [email protected] Subject: DPEC Online Courseware DPEC's www.dpec.com Online Courseware has a nasty bug in it that allows anyone to change anyone elses password without knowing what their current password is. This is NOT limited to...

7.4AI score
Exploits0
Rows per page
Query Builder