FreeBSD 3.3 - angband Local Buffer Overflow

FreeBSD 3.3 - angband Local Buffer Overflow // source: https://www.securityfocus.com/bid/840/info The version angband shipped with FreeBSD 3.3-RELEASE is vulnerable to a local buffer overflow attack. Since it is setgid games, a compromise of files and directories owned by group games is possible....

SCO Unixware 7.0 - xlock(1) Username Local Buffer Overflow

SCO Unixware 7.0 - xlock1 Username Local Buffer Overflow // source: https://www.securityfocus.com/bid/825/info Certain versions of Unixware ship with a version of xlock which is vulnerable to a buffer overflow attack. The xlock1 program locks the local X display until a username and password are...

Microsoft SQL Server 7.0/7.0 SP1 - NULL Data Denial of Service

// source: https://www.securityfocus.com/bid/817/info If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data it will crash. The crash will generate an event in the log with ID 17055 "fatal exception EXCEPTIONACCESS VIOLATION". / sqldos.c -- a DoS attack agains MS...

Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the correct port must be specified and a...

BTD Studio Zom-Mail 1.0.9 - Remote Buffer Overflow

BTD Studio Zom-Mail 1.0.9 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/761/info In certain versions of the BTD Zom-Mail server there exists a buffer overflow which may be remotely exploitable by malicious users. The problem in question is in the handling of overly past 25...

Hughes Technologies Mini SQL (mSQL) 2.0.11 - w3-msql Remote Buffer Overflow

Hughes Technologies Mini SQL mSQL 2.0.11 - w3-msql Remote Buffer Overflow // source: https://www.securityfocus.com/bid/898/info w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be...

CVE-1999-0274

CVE-1999-0274 affects Windows NT DNS servers. The vulnerability arises when a malicious UDP/DNS response is sent that answers a query that was not issued, enabling a Denial of Service. Connected sources corroborate the issue as a DoS against Windows NT DNS servers via crafted packets. The documen...

proftpd.1.2.0pre6.txt

Tymm Twillman [email protected] Sent: Friday, September 17, 1999 2:15 PM Subject: proftpd 1.2.0pre6 patch Before I release the exploit, I'd like to give people a chance to fix the problem. Here's the patch. Note that there are other potential problems; I've been in contact with MacGyver and a...

Microsoft MSN Messenger Service 1.0 Setup BBS - ActiveX Control Buffer Overflow

source: https://www.securityfocus.com/bid/668/info There is a buffer overflow in the 4.71.0.10 version of the MSN Setup BBS ActiveX control setupbbs.ocx.. This ActiveX control is marked 'Safe for Scripting' . Arbitrary commands may be executed if the ActiveX control is run in a malicious manner...

libtermcap_xterm_exploit.txt

Subject: libtermcap xterm exploit To: [email protected] / libtermcap xterm exploit by m0f0 1999 it works for xterm/nxterm Tested Slackware 3.5, 3.6 / include define BUFSIZE 5000 define POSRET 2000 define POSSEP 3000 define RETADDR 0xbfffefef define EGG "/tmp/eggtermcap" // shellcode char...

Solaris 2.6 - Profiling File Creation

source: https://www.securityfocus.com/bid/659/info A vulnerability in the dynamic linkers while profiling a shared object allows local users to create arbitrary files in the system. It canno't be used to overwrite existing files. If the LDPROFILE environment variable is defined it instructs the...

linux_blind_tcp_spoof.txt

Subject: Linux blind TCP spoofing, act II + others To: [email protected] Hello, Thanks to libnids development, some features/bugs in Linux kernel were found. I notified kernel mantainers in May, but they didn't seem interested. 1. Blind TCP spoofing against 2.0.36/37 Let's label a Linux...

quake2-more-bof.txt

Date: Fri, 22 Jan 1999 19:48:26 +0100 From: Patrick Oonk To: [email protected] Subject: More Quake2 buffer overflows and nuisances This was forwarded to me by Roderick van Domburg, Quake II admin at GamePoint www.gamepoint.net ----- Forwarded message from Roderick 'GoG' van Domburg ----- From...

du.4.0e.var.perms.txt

Date: Sun, 4 Apr 1999 20:31:12 +0300 From: Harhalakis Stefanos To: [email protected] Subject: Digital Unix 4.0E /var permission On Digital Unix 4.0E with the latest patch kit aplied, after a new installation /var has g+w for group system. Anyone that can crack any account with gid==system may...

windows-FAT-recursion.txt

Windows FAT Filesystem Advisory It appears that Windows' FAT file system can be messed up by creating a long enough series of recursive directories. After a certain point is reached, directories cannot be deleted. Because each directory added to the file allocation takes up a certain amount of...

brain.ini

General Title=HTTP Miner Commands 1=GET /%%$RPT65,40,10%%.%%extention%% HTTP/1.0 ;2=GET /%%cgi-bin%%/%%passwordpath%%/%%passwordfile%%.%%extention%% HTTP/1.0 Variables cgi-bin=cgi-bin,cgi,bin,cgibin,data,dat,exec,apps,secure,hide, extention=htr,html,htx,asp,exe,xml,ini,txt,dat,dbf,lst,data,...

iis4.htr-2.pl

Re: Retina vs. IIS4, Round 2, KO Randal L. Schwartz [email protected] Tue, 15 Jun 1999 16:59:08 -0700 "Ryan" == Ryan R Permeh writes: Ryan !/usr/bin/perl Ryan props to the absu crew Ryan use Net::Telnet; Ryan for $i=2500;$i Ryan $obj=Net::Telnet-new Host = "$ARGV0",Port = 80; Ryan my $cmd =...

grandson-cuartango-msie.txt

The Gran-Son of Cuartango Hole Description Last variant of Cuartango Hole The second Microsoft's fix about the USP issue was also wrong. MS has fixed the problem only 24 hours after the problem was reported. Affected Software Internet Explorer 4 Status Reported to MS Dec 22 1998 Confirmed and fix...

bash.parse.txt

Date: Tue, 20 Apr 1999 21:25:47 -0400 From: Shadow To: [email protected] Subject: Bash Bug Figured while everyone was working with bash, I might as well make this one publicI apologize if this is old news, apparently it hasnt been fixed if so. If a user creates a directory with a command like...

Xi Graphics Accelerated X 4.0.x5.0 - Local Buffer Overflow

Xi Graphics Accelerated X 4.0.x5.0 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/488/info Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow...