MS03-010: Microsoft Windows RPC Endpoint Manager Malformed Packet DoS (331953) (intrusive check)

MS Windows RPC service RPCSS crashes trying to dereference a NULL pointer when it receives a certain malformed request. All MS RPC-based services i.e. a large part of MS Windows 2000+ running on the target machine are rendered inoperable. %NASLMINLEVEL 70300 Test "Spike 2.7" MS RPC Services NULL...

IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL DoS

The remote web server crashes when an URL ending with %2E is requested. An attacker may use this flaw to cause the server crash continually. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderson nb: domain no longer exists Added BugtraqID and CAN...

Resin MS-DOS Device Request Path Disclosure

Resin will reveal the physical path of the webroot when asked for a special DOS device, e.g. lpt9.xtp An attacker may use this flaw to gain further knowledge about the remote filesystem layout. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderson...

WU-IMAP 2000.287(1-2) - Remote Overflow

WU-IMAP 2000.2871-2 - Remote Overflow / 7350owex- x86/linux WU-IMAP 2000.2871-2 remote exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to thir...

solaris lpd thing

I'm going through a rough period in my life -- I don't know what to do. Attached below is a shitty remote that I leaked to the kids last year. Now is a good time to submit it to Bugtraq. It's incredibly lame code, but why not get it working, and then go hack some stuff... Originally it was writte...

KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS

-------------------------------------------------------------------- Title: Microsoft Distributed Transaction Coordinator DoS BUG-ID: 2002015 Released: 19th Apr 2002 -------------------------------------------------------------------- Problem: ======== A flaw in the way MSDTC handles malformed...

OpenBSD ftp Exploit (teso)

Exploit for bsd platform in category local exploits ========================== OpenBSD ftp Exploit teso ========================== / 7350-crocodile - x86/OpenBSD ftp exploit by lorian and scut / TESO=20 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO...

OSX remote root

I have seen mention of nidump being used local to an OSX box to take root... I have found that with the use of "tags" it is also a remote root. I have not notified apple due to the fact that they did nothing about the original local exploit. Any machine with a "network" nidomain is vulnerable. It...

squid DoS

Dear All, I'd like to inform about a DoS bug I recently found in SQUID regarding handling of mkdir-only PUT requests - please look at http://www.squid-cache.org/bugs/showbug.cgi?id=233 for more info. From my testing, it applies both to Squid 2.3 and 2.4 series. Tested on RedHat 6.2 and 7.1. This...

SnapStream PVS 1.2 - Plaintext Password

source: https://www.securityfocus.com/bid/3101/info Snapstream Personal Video Station is an application for Microsoft Windows which allows users to record video output on their PC and view it at a later time, locally or via an HTTP interface. The Snapstream PVS web interface runs on port 8129. Th...

IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit

Exploit for irix platform in category local exploits ======================================================================= IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/lib/print/netprint Local Exploit ======================================================================= !/bin/sh copyright LAST STAGE ...

cgiCentral WebStore 400 - Administrator Authentication Bypass

cgiCentral WebStore 400 - Administrator Authentication Bypass source: https://www.securityfocus.com/bid/2860/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. A vulnerability exists in Webstore which may allow attackers to obtain administrati...

PHP < 4.0.4 IMAP Module imap_open() Function Overflow

A version of PHP that is older than 4.0.4 is installed on this host. There is a buffer overflow condition in the IMAP module of this version that could allow an attacker to execute arbitrary commands with the privileges of the web server, if this server is serving a webmail interface. %NASLMINLEV...

Administrivia &amp; AOL IM Advisory

At least another author of security bulletins decided to go a similar route as Microsoft did with their email security notices. Last week @Stake, the company that acquired the L0pht, posted to the list a security notice that consisted of a title, affected products, a link to their web advisory an...

Re: Новости 20 ноября 2000 г.

Проблемы с WinVNC Опубликовано: 20 ноября 2000 г. Источник: BUGTRAQ Тип: локальная Опасность: 5 Описание: Создаваемый ключ в реестре содержит пароли администрирования и позволяет редактирование пользователем. Продукты: WinVNC 3.3 Документы: Gossi The Dog, WinVNC 3.3.x,...

MS Windows IIS Unicode Remote Transversal Bug (3)

Exploit for unknown platform in category remote exploits ================================================= MS Windows IIS Unicode Remote Transversal Bug 3 ================================================= !/usr/bin/perl IIS 4.0/5.0 Unicode Exploit Checks for each script that has been posted on th...

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (7)

!/usr/bin/perl IIS 4.0/5.0 Unicode Exploit Checks for each script that has been posted on the BugTraq Lis Shouts to bighawkthats for help, datagram, Ghost Rider, The Duke, p4, kript0n and others Since It Uses fork, you gotta keep up with whats happening. Or Just Let it run and it will log sites i...

RobTex Viking Server 1.0.6 Build 355 - Remote Buffer Overflow

RobTex Viking Server 1.0.6 Build 355 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1614/info A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data...

Microsoft IIS 4.05.0 - Source Fragment Disclosure

Microsoft IIS 4.05.0 - Source Fragment Disclosure source: https://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp or .asa, .ini, e...

ms00-019.info.txt

In usual tradition, little information is to be had about the "Virtualized UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough to submit an extra post to Bugtraq to give Adam Coyne credit. Anyways, for those of you interested in the problem, making a request for a file with a...