DSA-496 eterm - missing input sanitising

Bulletin has no description...

Chatman 1.5.1 RC1 - Broadcast Crash

Chatman 1.5.1 RC1 - Broadcast Crash / by Luigi Auriemma / include include include ifdef WIN32 include include include void stderrvoid char error; switchWSAGetLastError case 10004: error = "Interrupted system call"; break; case 10009: error = "Bad file number"; break; case 10013: error = "Permissi...

CVE-2002-1143

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using 1 INCLUDETEXT or 2 INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates...

Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions

Overview Some DNS servers respond with an inappropriate error message if queried for nonexistent AAAA records, which can lead to possible denial of service. Description Some DNS servers respond with a "Name Error" response code NXDOMAIN, RCODE 3 instead of "No Error" RCODE 0 when queried for a...

CVE-2001-1013

Apache on Red Hat Linux with the UserDir directive enabled is affected by CVE-2001-1013. The vulnerability arises because the web server generates different error codes depending on whether a username exists and a public_html directory is present, versus when the username does not exist. This beh...

DayDream BBS buffer overflows

There are a few changes in the Daydream BBS change log that I thought were worth mentioning: 2001-12-29 Hannu Lyytinen [email protected] text file control codes MC, TF and RA were vulnerable to buffer overflow attack. Although there are no known exploits, an attacker could run arbitrary code on...

CVE-2001-1207

Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes 1 MC, 2 TF, or 3 RA...

CVE-2001-0408

CVE-2001-0408 affects Vim (gvim); a crafted file containing VIM control codes can cause arbitrary commands to execute when opening the file. The root cause is Vim interpreting embedded control codes, enabled by the status line option in .vimrc, allowing code execution as the user. Mandrake adviso...

CVE-2001-0408

vim aka gvim processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes...

Apache UserDir Directive Username Enumeration

When configured with the 'UserDir' option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home. For instance, by default, requesting /root/ displays the HTML contents from /root/publichtml/. If the username requested does not...

CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

implementation problem in Microsoft LDAP?

Hello, I have been looking at the microsoft LDAP service error codes responses and when I'm not authenticated anonymous I can know if an object exists or not. I would like to know if this is an implementation problem. Problem 1: Here we have a log of the saucer program an ldap client as you can...

[RHSA-2001:008-02] Updated vim packages available

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated vim packages available Advisory ID: RHSA-2001:008-02 Issue date: 2001-01-29 Updated on: 2001-03-21 Product: Red Hat Linux Keywords: vim vim-enhanced stl status line Cros...

Samba Web Administration Tool (SWAT) Error Message Username Enumeration

The remote SWAT server replies with different error codes when it is issued a bad user name or a bad password. An attacker may use this flaw to obtain the list of user names of the remote host by a brute-force attack. As SWAT does not log login attempts, an attacker may use this flaw even more...

Wingate 4.1 Beta A vulnerability

================================================================= Blue Panda Vulnerability Announcement: Wingate 4.1 Beta A 16/10/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================= Problem: ========= The logfile servic...

CVE-2000-0081

The CVE-2000-0081 entry concerns Hotmail and the improper filtering of JavaScript code in a user’s mailbox. The vulnerability lets a remote attacker execute JavaScript by bypassing filters with hexadecimal encoding of the javascript: protocol (for example jAvascript). Affected product is Hotmail;...

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths...

ultraseek.remote.txt

USSR & eEye DS Present: Infoseek Ultraseek 3.1 Remote Buffer Overflow USSR Advisory Code: 20 eEye DS Advisory Code: AD19991215 Release Date: December 15, 1999 Systems Affected: Infoseek Ultraseek 2.1 to 3.1 and possibly others. The Opener: T1 Internet Connection: $1,000/month Dell PowerEdge 4350...

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths...

GNU GNU bash 1.14 - Path Embedded Code Execution

GNU GNU bash 1.14 - Path Embedded Code Execution source: https://www.securityfocus.com/bid/119/info A vulnerability in bash may allow inadvertently running commands embedded in the path to the currently working directory. If an unsuspecting user enters a directory created by some malicious user...