zeroobug.txt

======================================== INetCop Security Advisory 2002-0x82-004 ======================================== Title: Remote Buffer Overflow vulnerability in Zeroo HTTP Server. 0x01. Description Zeroo HTTP Server is simple and fast webserver. Many overflow bugs exist innumerably to...

CVE-2002-1211

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...

CVE-2001-1343

CVE-2001-1343 affects WebStore 400/400CS 4.14 via ws_mail.cgi. The vulnerability allows remote authenticated WebStore administrators to execute arbitrary code by supplying shell metacharacters in the kill parameter. The CVSS metrics indicate network access with low attack complexity and no authen...

CVE-2001-1511

JRun 3.0 and 3.1 running on JRun Web Server JWS and IIS allows remote attackers to read arbitrary JavaServer Pages JSP source code via a request URL containing the source filename ending in 1 "jsp%00" or 2 "js%2570"...

Buffer overflow in Python code

Hi, I've found buffer overflow in Python 2.1.1 source code. Maybe there're many others The buffer overflow is in the file traceback.c in the directory Python of the Python source code. Simply there's a sprintf done in this way: sprintflinebuf,FMT,filename,lineno,name What cause the overflow is th...

Xircom REX6000 PDA Password Retrieval

Security Advisory TITLE : XIRCOM REX6000 PDA Password Retrieval REVISION : 1 CLASS : Password Retrieval VENDOR : Xircom now Intel CREDIT : Daniel Jonsson [email protected] STATUS : PLATFORMS : VULNERABLE : Xircom REX6000 MicroPDA CREATED : 2001-11-23 LAST UPDATED : 2001-11-23 VENDOR CONTACT : No...

IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure

IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as a .html or .jsp page -- by attaching an '/' to the end of a URL. %NASLMINLEVEL 70300 This script was written by Felix Huber Script audit and contributions from Carmichael...

CVE-2001-0778

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space %20...

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...

CVE-1999-1251

Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service...

suid scotty / ntping overflow

here is the offending code and the attached letter has the general information for this issue. in /home/d0tslash/scotty-2.1.0/tnm/ntping/ntping.c char hname; / hostname / ... else char tmp 512; struct hostent hp; strcpy tmp, hname; ifdef HAVERES / try to spend no longer than some seconds: /...

CVE-1999-0923

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls...

BEA's WebLogic force handlers show code vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...

BEA WebLogic JSP showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic ---------------------------------------------------------------------- FS Advisory ID: FS-061200-2-BEA Release Date: June 12, 2000 Product: WebLogic Vendor: BEA Systems http://www.beasys.com...

IBM WebSphere JSP showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere Application Server ---------------------------------------------------------------------- FS Advisory ID: FS-061200-3-IBM Release Date: June 12, 2000 Product: WebSphere Application Server Vendo...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

CVE-1999-0278

Microsoft IIS ASP::$DATA ASP Source Disclosure: remote attackers can obtain ASP source by appending '::$DATA' to the URL. Affected: IIS hosting ASP scripts. Root cause: information disclosure via URL handling in IIS. Exploitation details: not provided in the supplied documents. Remediation: no pa...

ircn.txt

Date: Thu, 23 Jul 1998 22:57:46 +0000 From: Benoit Lefebvre Subject: Re: Backdoor in ircN, popular mIRC script. The bug is not only in ircN It is in mIRC. The problem is $calc.. ircN is just one of the script who use $calc to check the ping delay eg: on 1:CTCPREPLY:PING: echo -a Ping reply:...

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011599)

A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Security Update for Microsoft SharePoint Server 2019 Core (KB5002650) farm-deployment

A security vulnerability exists in Microsoft SharePoint Server 2019 Core that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...