Apache 1.x2.0.x - Chunked-Encoding Memory Corruption (1)

Apache 1.x2.0.x - Chunked-Encoding Memory Corruption 1 // source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretatio...

Apache 1.x2.0.x - Chunked-Encoding Memory Corruption (2)

Apache 1.x2.0.x - Chunked-Encoding Memory Corruption 2 // source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretatio...

Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (2)

// source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretation of an unsigned integer value. Consequently, several...

Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (1)

// source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretation of an unsigned integer value. Consequently, several...

Security Bulletin MS02-028: Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599)

---------------------------------------------------------------------- Title: Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise Q321599 Date: 12 June 2002 Software: Internet Information Server Impact: Run Code of Attacker's Choice Max Risk: Moderate Bulletin: MS02-028...

Oracle Reports Server Buffer Overflow (#NISR12062002B)

NGSSoftware Insight Security Research Advisory Name: Oracle 9iAS Reports Server Systems: All Severity: High Risk Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Advisory URL:...

Security Bulletin MS02-026: Unchecked Buffer in ASP.NET Worker Process (Q322289)

---------------------------------------------------------------------- Title: Unchecked Buffer in ASP.NET Worker Process Q322289 Date: 06 June 2002 Software: .NET Framework Impact: Denial of service, potentially run code of attacker's choice Max Risk: Moderate Bulletin: MS02-026 Microsoft...

RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)

Disturbing. Netscape sure must be in financial problems since they are selling out on their users security for a lousy $1000. I know for one that I personally will release any future Netscape advisories with full public disclosure and without prior Netscape notification. As a matter of fact, why...

IRIX syslogd vulnerability

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: IRIX syslogd vulnerability Number: 20020405-01-I Date: April 24, 2002 Reference: CAN-1999-0171 Reference: CVE-1999-0566 - ----------------------- - --- Issue Specifics --- - ----------------------- It's been reported that under certa...

WebTrends Reporting Center

NGSSoftware Insight Security Research Advisory Name: WebTrends Reporting Center 4.0d Systems Affected: WinNT, Win2K, XP Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: http://www.webtrends.com Author: Mark Litchfield [email protected] Advisory URL:...

KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun

-------------------------------------------------------------------- -=Microsoft IIS .htr ISAPI buffer overrun=- courtesy of KPMG Denmark BUG-ID: 2002010 CVE: CAN-2002-0071 Released: 11th Apr 2002 -------------------------------------------------------------------- Problem: ======== There is a...

Security Bulletin MS02-018 : Cumulative Patch for Internet Information Services (Q319733)

Title: Cumulative Patch for Internet Information Services Q319733 Date: 10 April 2002 Software: Microsoft Internet Information Server 4.0, Microsoft Internet Information Services 5.0, Microsoft Internet Information Services 5.1 Impact: Ten new vulnerabilities, the most serious of which could enab...

Fw: Multiple Vulnerabilties in Sambar Server

----- Original Message ----- From: NGSSoftware Insight Security Research Advisory NISR To: [email protected] Sent: Monday, April 01, 2002 12:07 PM Subject: Multiple Vulnerabilties in Sambar Server NGSSoftware Insight Security Research Advisory Name: Sambar Server 5.0 server.exe Systems...

MS02-006: Malformed SNMP Management Request Remote Overflow (314147)

A buffer overrun is present in the SNMP service on the remote host. By sending a malformed management request, an attacker could cause a denial of service and possibly cause code to run on the system in the LocalSystem context. C Tenable Network Security, Inc. include"compat.inc"; if description...

Phusion-web.txt

------oOo---------------- Phusion Webserver Directory Traversal, DoS Vulnerabilities and BufferOverrun, Released exploits Codes. ------oOo---------------- Phusion Webserver for Windows 9x/NT/2000 contains remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit...

Phusion-Webserver-v1.0-Bugs&Exploits-Remotes

------oOo---------------- Phusion Webserver Directory Traversal, DoS Vulnerabilities and BufferOverrun, Released exploits Codes. ------oOo---------------- Phusion Webserver for Windows 9x/NT/2000 contains remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit...

Microsoft Security Bulletin MS02-005

---------------------------------------------------------------------- Title: 11 February 2002 Cumulative Patch for Internet Explorer Date: 11 February 2002 Software: Internet Explorer Impact: Run Code of Attacker's Choice Max Risk: Critical Bulletin: MS02-005 Microsoft encourages customers...

Potential RealPlayer 8 Vulnerability

On January 17th, 2002, a security exploit affecting RealPlayer 8 was brought to the attention of RealNetworks. The specific exploit, commonly known as a "buffer overrun", could allow an attacker to run arbitrary code on a victim's machine. We have not yet received reports of anyone actually being...

Security Bulletin MS01-060

---------------------------------------------------------------------- Title: SQL Server Text Formatting Functions Contain unchecked Buffers Date: 20 December 2001 Software: Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 Impact: Run code of attacker's choice on server, denial of service...

Important: Red Hat Security Advisory: : Updated man package fixing GID security problems.

Updated man packages fixing a local GID man exploit and a potential GID man to root exploit, as well as a problem with the man paths of Red Hat Linux 5.x and 6.x. Users could gain access to the GID man by overrunning a buffer in the ultimatesource function. Users with GID man could get root acces...