CuteFTP 4.2 - Default Weak Password Encoding

source: https://www.securityfocus.com/bid/3233/info CuteFTP is a popular commercial FTP client for Microsoft Windows systems. CuteFTP v4.2and possibly earlier versions uses a weak system for encoding passwords for accounts on FTP sites. Passwords are stored in a file called 'sm.dat', and can be...

Microsoft IIS 4.05.06.0 - Internal IP AddressInternal Network Name Disclosure

Microsoft IIS 4.05.06.0 - Internal IP AddressInternal Network Name Disclosure source: https://www.securityfocus.com/bid/3159/info A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be...

CVE-2001-0524

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier...

php breaks safe mode

Laberatoire Contempt Date : 12/06/2001 Author : Joost Pol alias 'Nohican' [email protected] Impact : Minor in most cases. Subject : PHP safemode troubles. 1. PHP Version 4.0.5 breaks safe-mode. 1.0 - Description of the problem An extra 5th parameter was added to the mail command breaking safemode...

Citrix Nfuse 1.51 - Webroot Disclosure

source: https://www.securityfocus.com/bid/2956/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. It has been reported that a remote attacker can...

NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-03 Topic: Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability Release DateЈє 2001-6-25 CVE CAN ID : CAN-2001-0341 BUGTRAQ ID : 2841 Affected system: ================ Microsoft FrontPage 2000 Server Extensions - Microsoft IIS 4.0 - Microsoft IIS...

SSH authentication agent follows symlinks via a UNIX domain socket

Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. SNI. To more widely broadcast this...

Mysql 3.22.x3.23.x - Local Buffer Overflow

Mysql 3.22.x3.23.x - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2262/info MySQL is a widely used Open Source database tool. Versions of MySQL up to and including 3.23.30 are vulnerable to a buffer overflow attack. By supplying an excessively long string as an argument for ...

oops WWW Proxy Server Reverse DNS Response Overflow

The remote server appears to be running ooops WWW proxy server version 1.4.6 or older. Such versions are reportedly affected by a buffer overflow vulnerability. A remote attacker might exploit this vulnerability to crash the server or execute arbitrary commands on the remote system. C Tenable...

CVE-2000-0770

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability...

CVE-2000-0426

UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself...

Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/1220/info Several buffer overflow vulnerabilities exist in Kerberos 5 implmenetations due to buffer overflows in the Kerberos 4 compatability code. These include MIT Kerberos 5 releases 1.0.x, 1.1 and 1.1.1, MIT Kerberos 4 patch level 10 and, most...

Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution

/scripts/tools/ctss.idc is present. Input to the 'table' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL commands. If xpcmdshell is enabled, this could result in arbitrary command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-1999-0802

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon...

MS99-059: Microsoft SQL Server Crafted TCP Packet Remote DoS (uncredentialed check)

The remote Microsoft SQL server can be shut down when it is sent a TCP packet containing more than 2 NULLs. An attacker may use this problem to prevent it from being used by legitimate clients, thus threatening your business. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

DeleGate Multiple Function Remote Overflows

The version of the DeleGate proxy server has a remote buffer overflow vulnerability. This issue can be triggered by issuing the following command : whois://a b 1 AAAA..AAAAA A remote attacker could exploit this issue to cause a denial of or execute arbitrary code. There are reportedly hundreds of...

Caldera kdenetwork 1.1.1-1 Caldera OpenLinux 1.32.2 KDE KDE 1.11.1. RedHat Linux 6.0 - K-Mail File Creation

Caldera kdenetwork 1.1.1-1 Caldera OpenLinux 1.32.2 KDE KDE 1.11.1. RedHat Linux 6.0 - K-Mail File Creation // source: https://www.securityfocus.com/bid/300/info KMail is a mail user agent that comes with the kdenetwork package, part of the K Desktop Environment. A vulnerability in the way KMail...

CVE-1999-0194

Denial of service in in.comsat allows attackers to generate messages...

DUO-PSA-2017-003: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2017-003 Publication Date: 2018-02-27 Revision Date: 2018-02-27 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified a security flaw in a third-party library used in the Duo Network Gateway DNG which, under certain...

814078: Security Update (Microsoft Jscript version 5.1, Windows 2000)

A security issue has been identified that could allow an attacker to run programs on a computer running Microsoft® Windows®. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by installing this update...