YaBB 9.11.2000 - search.pl Arbitrary Command Execution

YaBB 9.11.2000 - search.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input...

YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input which arguments a call to open. A malicious user could...

Samba 2.0.7 SWAT vulnerabilities

the original writeup can be found at http://www.uberhax0r.net/miah/swat along with all the code mentioned in this advisory The program swat included in the samba distribution allows username and password bruteforcing. An attacker can easily generate userlists and then bruteforce their passwords...

Kootenay Web Inc whois 1.0 - Remote Command Execution

Kootenay Web Inc whois 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/1883/info whois is a utility used to find general information and technical details about registered domain names. A vulnerability exists in Kootenay Web Inc's Whois release v.1.9, a web interface to...

Kootenay Web Inc whois 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/1883/info whois is a utility used to find general information and technical details about registered domain names. A vulnerability exists in Kootenay Web Inc's Whois release v.1.9, a web interface to whois running on a linux server. Due to a failure to...

Simple Web Counter swc ctr Parameter Remote Overflow

The CGI 'swc' Simple Web Counter is present and vulnerable to a buffer overflow when issued a too long value to the 'ctr=' argument. An attacker may use this flaw to gain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael...

HP-UX FTP Daemon PASS Command Remote Format String

The remote ftp server does not sanitize properly the argument of the PASS command it receives for anonymous accesses. It may be possible for a remote attacker to gain shell access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

cvsweb: remote shell for cvs committers

Cvsweb 1.80 contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvswe...

Qpopper 2.53 remote problem, user can gain gid=mail

b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y 5 Advisory Name: Remote shell via Qpopper2.53 Date: 5/23/00 Application: Qpopper 2.53 for NIX Vendor: Qualcomm Incorporated WWW: www.qualcomm.com Severity: can give users remote shell with gid=mail. Author: prizm [email protected]...

Переполнение буфера в WU-IMAPD

Переполнение буфера в команде list "" buffer после авторизации пользователя. Пользователь не сможет повысить привелегии, но это позволяет пользователю имеющему только почтовый доступ получить шел-доступ к машине...

another WU imapd buffer overflow

Hi, While doing code security audit, I discovered another buffer overflow in imapd. This time security flaw exist in standard rfc 1064 COPY command: OK mail IMAP4rev1 v12.264 server ready login siva9 secret OK LOGIN completed select inbox 2 EXISTS 0 RECENT OK UIDVALIDITY 956162550 UID validity...

imapd4r1 v12.264

Newest RH: OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...yes, a lot of 'A's ; Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? sigh Privledges seems to be dropped, but, anyway, it's nice way to get...

UoW IMAPd Server 10.23412.264 - LSUB Buffer Overflow (Metasploit)

UoW IMAPd Server 10.23412.264 - LSUB Buffer Overflow Metasploit source: https://www.securityfocus.com/bid/1110/info A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes...

RedHat Linux 6.0 - Single User Mode Authentication

RedHat Linux 6.0 - Single User Mode Authentication source: https://www.securityfocus.com/bid/1005/info A vulnerability exists in the manner in which RedHat Linux 6.0 protects the obtaining of a shell by booting single user mode. RedHat will prompt for the root password upon entering single user...

sshd.locked-accts.txt

NAME sshd-restricted-users-incorrect-configuration AUTHOR Marc SCHAEFER Andreas Trottmann THANKS OpenBSD security team VERSION $Id: sshd-restricted-users-incorrect-configuration,v 1.2 2000/01/25 10:27:56 schaefer Exp $ ABSTRACT In some cases where a system must be configured so that specific user...

Qpopper < 3.0.2 LIST Command Local Overflow

There is a vulnerability in the Qpopper 3.0b package that allows users with a valid account to gain a shell on the system C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10197; scriptversion"1.31"; scriptcvsdate"Date: 2018/07/25 18:58:04"; scriptcveid"CVE-2000-0096";...

Mini SQL CGI content-length Field Remote Overflow

The mini-sql program comes with the w3-msql CGI which is vulnerable to a buffer overflow. An attacker may use it to gain a shell on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10296; scriptversion"1.40"; scriptcveid"CVE-2000-0012"...

Sun Solaris 7.0 - rpc.ttdbserver Denial of Service

Sun Solaris 7.0 - rpc.ttdbserver Denial of Service // source: https://www.securityfocus.com/bid/811/info It is possible to crash rpc.ttdbserver by using the old tddbserver buffer overflow exploit. This problem is caused by a NULL pointer being dereferenced when rpc function 15 is called with...

ETL Delegate 5.9.x6.0.x - Remote Buffer Overflow

ETL Delegate 5.9.x6.0.x - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/808/info The Delegate proxy server from ElectroTechnical Laboratory has numerous several hundred, according to the orignal poster unchecked buffers that could be exploited to remotely compromise the...

ETL Delegate 5.9.x/6.0.x - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/808/info The Delegate proxy server from ElectroTechnical Laboratory has numerous several hundred, according to the orignal poster unchecked buffers that could be exploited to remotely compromise the server. / delefate.c delegate 5.9.x - 6.0.x remote...