Microsoft Internet Explorer does not safely handle multiple file download requests

Overview A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system. Description When Internet Explorer IE follows a link to an executable file .exe, a dialog window is displayed that...

rpc.walld fails to properly validate messages before broadcasting to clients

Overview A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available. Description From the rpc.walld man page:The wall command reads the named file, or, if no filename appears, it reads the standard input until an...

bttlxeForum login.asp Multiple Field SQL Injection

The remote host is running bttlxeForum, a set of CGIs designed to run a forum-based web server on Windows. There is a SQL injection bug in the remote server that allowed Nessus to log in as 'administrator' by supplying the password 'or id=' in a POST request. A remote attacker may use this flaw t...

SRT2003-04-15-1029 - Progres BINPATHX overflow

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

Icecast vulnerable to buffer overflow via long GET request

Overview A remotely exploitable buffer overflow exists in Icecast. Description A remotely exploitable buffer overflow exists in Icecast. By sending on overly long GET request to the server, an attacker can execute arbitrary code with the privileges of the Icecast server, or cause the service to...

iPlanet Application Server Prefix Remote Overflow

The remote Sun ONE Application Server formerly known as iPlanet Application Server is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in GET /AppServerPrefix/long buffer An attacker may use this flaw to execute arbitrary code on this hos...

Cisco VPN 3000 Concentrator Malformed ISAKMP Packet Remote DoS (CSCdy38035)

According to its banner, the remote VPN concentrator is subject to an ISAKMP package processing vulnerability. Malformed or a very large number of ISAKMP packets might cause a reload of the concentrator. The vulnerability is aggravated if debug is turned on. This vulnerability is documented as...

gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences

Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...

Sun Solaris lockd(1M) daemon vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Solaris lockd1M daemon. Exploitation of this vulnerability may kill the lockd process. Description Sun Microsystems describes the lockd1M daemon as follows:The lockd utility is part of the NFS lock manager, which suppor...

Sun Solaris AUTH_DES authentication contains vulnerability allowing user to gain escalated privileges

Overview A remotely exploitable privilege escalation vulnerability exists in multiple versions of Solaris. Description RPC requests utilizing AUTHDES authentication can trigger a privilege escalation vulnerability in multiple versions of Solaris. For more details, please see Sun Alert ID 46944. -...

BEA WebLogic Server "ResourceAllocationException" exception may disclose user password

Overview A vulnerability in BEA's WebLogic Server may disclose sensitive information. Description From the BEA WebLogic Server 7.0 Overview:BEA WebLogic Server is a fully featured, standards-based application server providing the foundation on which an enterprise can build its applications. BEA...

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:It is possible to de-reference a NULL pointer for...

Apache discloses source code via POST requests to a location with WebDAV and CGI enabled

Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...

Microsoft Java implementation JDBC classes do not properly validate DLL requests

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM do not properly validate DLL requests, allowing a malicious applet to load and execute any DLL on the client system. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and XP. It is used...

Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check

Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...

HP Tru64 UNIX "dtsession" contains buffer overflow (SSRT2282)

Overview The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logou...

HP Tru64 UNIX "ping" contains locally exploitable vulnerability (SSRT2229)

Overview The HP Tru64 UNIX implementation of "ping" contains a locally exploitable vulnerability. Description "ping" is used to send ICMP echo requests to other hosts on the Internet. A locally exploitable vulnerability in "ping" may permit a local attacker to perform a denial-of-service attack o...

HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "csh" contains a locally exploitable buffer overflow. Description "csh" is used to invoke the C shell and interpret commands. A locally exploitable buffer overflow in "csh" may permit a local attacker to gain elevated privileges and execute arbitrary...

HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...

HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)

Overview The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow. Description "quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on ...