Novell NetMail HTTP基本认证超长用户名远程缓冲区溢出漏洞

Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。 Novell NetMail中默认绑定在TCP/89端口上的webadmin.exe进程处理用户认证请求存在栈溢出漏洞，远程攻击者可能利用此漏洞控制服务器s。 由于不安全的sprintf调用，如果在HTTP基本认证阶段发送了超过213字节的超长用户名，就会触发这个缓冲区溢出，导致执行任意指令。 Novell NetMail 3.52 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Samba SWAT HTTP Basic Auth base64 Overflow

The remote host is running SWAT - a web-based administration tool for Samba. There is a buffer overflow condition in the remote version of this software which might allow an attacker to execute arbitrary code on the remote host by sending a malformed authorization request or any malformed base64...

PT-2004-1606 · Apache · Apache Mod Ssl +1

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...