Fwd: Microsoft Word macro vulnerability advisory MS01-034

Hi, Within minutes of Microsoft posting the bulletin on their site, my mailbox was swamped with emails from people asking the same two questions. I am therefore forwarding the below email minus the sample document! to the BugTraq mailing list to reach a wide audience and answer the two questions ...

DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries

Overview Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Description RFC1035 DOMAIN NAMES, IMPLEMENTATION AND SPECIFICATION defines a mechanism for conserving bytes in a DNS query or reply packet by avoiding repetition of character strings "labels"...

HPUX / 800 models / Old-styled exploit for cue

Hi there, One of the major problems I see with admins/security nowadays is that admin don't secure their host : they install patches ...which is slightly different. It reminds me of this very old advisory which was issued by HP in 1997 !!! about /usr/bin/cue : In the "Workarounds/Solution" sectio...

Exim 3.x - Format String

Exim 3.x - Format String source: https://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. Exim is vulnerable to a locally exploitable format string attack which may compromise root access. The vulnerability exists only when the 'syntax checking...

Exim 3.x - Format String

source: https://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. Exim is vulnerable to a locally exploitable format string attack which may compromise root access. The vulnerability exists only when the 'syntax checking' mode is turned on, whic...

Vulnerability discovered in SpearHead NetGap

Background --------------- SpearHead's NetGAP™ appliance physically disconnects a company's network from the Internet. The product consists of two separate computers, an Untrusted CPU and a Trusted CPU, that are never directly connected at any given time. NetGap™ includes a content checking engin...

Netscape Enterprise Server 4.1 - HTTP Method Name Buffer Overflow

source: https://www.securityfocus.com/bid/6792/info It has been reported that iPlanet Web Server and Netscape Enterprise Server are prone to a remotely exploitable buffer overflow condition. This is due to insufficient bounds checking when handling HTTP requests. This condition is reportedly...

Internet Explorer incorrectly validates certificates when CRL checking is enabled

Overview Microsoft Internet Explorer IE fails to properly validate certificates when CRL checking is enabled. As a result, sensitive information may be exposed. Description Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One ver...

Innfeed Buffer Overflow

====================================================================== Defcom Labs Advisory def-2001-19 innfeed buffer overflow Author: Enrique A. Sanchez Montellano @defcom.com Author: Alex Hernandez [email protected] Release Date: 2001-04-18...

MDaemon IMAP Denial Of Service

Advisory Name:MDaemon IMAP Denial Of Service Discovered:23rd Of March 2001 Application:Alt-N Technologies MDaemon 3.5.6 - Other versions most likely prior to this Platform:Windows 2k,95/98/NT - others unknown Severity:Denial of service from application Credit:[email protected] Vendor Status:Unkno...

Buffer oveflow in FTPFS (linux kernel module)

FTPFS http://sourceforge.net/projects/ftpfs is a Linux kernel module, enhancing VFS with FTP volume mounting capabilities. However, it has insufficient bounds checking. If a user can enter mount options through a wrapper, he can take over the whole system, even with restricted capabilities. Here'...

Rob Malda ASCDC 0.3 - Local Buffer Overflow (2)

Rob Malda ASCDC 0.3 - Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2462/info ascdc is a program written for X by Rob Malda. It is designed to provide a graphical interface to cd changing on linux systems. A vulnerability in the program could allow elevated privileges on a...

Rob Malda ASCDC 0.3 - Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/2462/info ascdc is a program written for X by Rob Malda. It is designed to provide a graphical interface to cd changing on linux systems. A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due ...

Rob Malda ASCDC 0.3 - Local Buffer Overflow (1)

/ source: https://www.securityfocus.com/bid/2462/info ascdc is a program written for X by Rob Malda. It is designed to provide a graphical interface to cd changing on linux systems. A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due t...

sendtemp.pl Read Access to Files

Exploit for cgi platform in category web applications ================================ sendtemp.pl Read Access to Files ================================ !/usr/bin/perl -w sendtemp.pl: A part of the Amaya Web development server contains a file disclosure vulnerability, which allows remote, read...

datawizards ftpxq 2.0.93 - Directory Traversal

datawizards ftpxq 2.0.93 - Directory Traversal source: https://www.securityfocus.com/bid/2426/info FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies. A problem in the software could allow access to...

datawizards ftpxq 2.0.93 - Directory Traversal

source: https://www.securityfocus.com/bid/2426/info FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies. A problem in the software could allow access to restricted resources. Due to insufficient input...

CVE-2000-0974

GnuPG gpg 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection...

CVE-2001-1474

SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache...

Дырка в виртуальной машине Java клиента Lotus Notes

Дырка в виртулаьной машине позволяет проверять наличие файла на клиентской машине...