Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation

Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation // source: https://www.securityfocus.com/bid/3190/info A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. / jim.c - I...

Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation

// source: https://www.securityfocus.com/bid/3190/info A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. / jim.c - IIS Server Side Include exploit by Indigo 2001 Usage: jim This...

Xvt 2.1 vulnerability

Package: xvt Version: 2.1 Problem type: Local root vulnerability Linux distribution: only tested on Debian ---- Introduction xvt is an X terminal-emulator that is designed to be more or less compatible with xterm while using much less swap space. It is mainly intended for use at sites which use...

OpenServer 5.0.55.0.6 HP-UX 1011 Solaris 2.67.08 - rpc.yppasswdd Buffer Overrun

OpenServer 5.0.55.0.6 HP-UX 1011 Solaris 2.67.08 - rpc.yppasswdd Buffer Overrun source: https://www.securityfocus.com/bid/2763/info The rpc.yppasswdd server is used to handle password change requests from yppasswd and modify the NIS password file. A buffer overrun vulnerability has been discovere...

OpenServer 5.0.5/5.0.6 / HP-UX 10/11 / Solaris 2.6/7.0/8 - rpc.yppasswdd Buffer Overrun

source: https://www.securityfocus.com/bid/2763/info The rpc.yppasswdd server is used to handle password change requests from yppasswd and modify the NIS password file. A buffer overrun vulnerability has been discovered in the rpc.yppasswdd utility distributed by multiple vendors. The problem occu...

Security Bulletin MS01-018

---------------------------------------------------------------------- Title: Visual Studio VB-TSQL Object Contains Unchecked Buffer Date: 27 March 2001 Software: Visual Studio 6.0 Enterprise Edition Impact: Run code of attacker's choice Bulletin: MS01-018 Microsoft encourages customers to review...

Security Advisory: Microsoft Outlook 2000 vCard Buffer Overrun (additional information) - Revised

-- Corsaire Limited Security Advisory -- Title: Microsoft Outlook 2000 vCard Buffer Overrun additional information - Revised Date: 01.03.01 Application: Outlook 2000, Outlook Express Environment: WinNT, Win2000 Author: Martin O'Neal [email protected] Audience: General distribution -- Scop...

Sudo 1.51.6 - Heap Corruption

Sudo 1.51.6 - Heap Corruption // source: https://www.securityfocus.com/bid/2829/info Sudo superuser do is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun conditio...

Sudo 1.5/1.6 - Heap Corruption

// source: https://www.securityfocus.com/bid/2829/info Sudo superuser do is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun condition exists in the logging...

CVE-2000-1088

CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...

Security Bulletin MS00-092

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------ Issue: Buffer overrun...

@stake Advisory: Windows 2000 .ASX Buffer Overrun (A112300-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Windows 2000 .ASX Buffer Overrun Release Date: 11/23/2000 Application: Microsoft Windows Explorer with Microsoft Media Player v6.xx and Microsoft Media Player v7.xx. Platform: Windows 2000 S...

Security Bulletin (MS00-090)

Microsoft Security Bulletin MS00-090 - -------------------------------------- Patch Available for ".ASX Buffer Overrun" and ".WMS Script Execution" Vulnerabilities Originally posted: November 22, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in...

Security Bulletin (MS00-085)

Microsoft Security Bulletin MS00-085 - -------------------------------------- Patch Available for "ActiveX Parameter Validation" Vulnerability Originally posted: November 2, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windows 2000. Th...

@stake Advisory: All-Mail buffer overrun vulnerability (A101200-2 )

The signature was botched on the first one. Please use this is possible. -weld -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: All-Mail buffer overrun vulnerability Release Date: 10/12/2000 Application: Nevis Systems All-Mail 1.1 Platform...

DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)

============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 13/06/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

WebSphere application server plugin issue & vendor fix

I've had the opportunity to work with IBM WebSphere application server for a few months now and, in the course of playing around with some buffer overrun testing, a potential issue came up. WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will service a particular request...

AnalogX Proxy 4.0 4 - Denial of Service

AnalogX Proxy 4.0 4 - Denial of Service // source: https://www.securityfocus.com/bid/1504/info AnalogX Proxy is a simple proxy server that allows a user to connect a network of computers to the internet through the proxy gateway. Many of the services provided contain buffer overrun vulnerabilitie...

AnalogX Proxy 4.0 4 - Denial of Service

// source: https://www.securityfocus.com/bid/1504/info AnalogX Proxy is a simple proxy server that allows a user to connect a network of computers to the internet through the proxy gateway. Many of the services provided contain buffer overrun vulnerabilities that can allow an attacker to crash th...

Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC

-----BEGIN PGP SIGNED MESSAGE----- MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC 2000-06-09 SUMMARY: A buffer overrun capable of creating a denial of service exists in implementations of Kerberos 4 KDC programs. This is IN ADDITION to the krbrdreq vulnerability that was previously...