839 matches found
Privilege Escalation Vulnerability In phpBB 2.0.0
Privilege Escalation Vulnerability In phpBB 2.0.0 ------------------------------------------------- Rootsecure.net recently found a privilege escalation vulnerability in "phpBB 2.0.0" which allows any person with a "user" level account to escalate their privileges to that of "administrator" level...
@(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL.
//@ Mordred Labs advisory 0x0004 Release data: 20/08/02 Name: Two buffer overflows in PostgreSQL Versions affected: all versions Conditions: multibyte support Risk: average -- Description: I guess all of you already hear about the PostgreSQL. If not, try to visit...
mantisbt security flaw
Hi, Mantis is php/MySQL/web based bug tracking system, available at http://mantisbt.sourceforge.net/. It currently suffers from a classical PHP bad coding practice altough i would bet on distraction for this particular situation , that may result on remote command execution via a include file...
Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS
Author: Stan Bubrouski Date: August 4, 2002 Product: ArGoSoft Mail Server Pro Versions affected: 1.8.17 current and previous Severity: A malicious user or users could mount a DoS using mail forwarding and automatic responses to render the adminstrative console unresponsive and raise CPU usage to...
solaris lpd thing
I'm going through a rough period in my life -- I don't know what to do. Attached below is a shitty remote that I leaked to the kids last year. Now is a good time to submit it to Bugtraq. It's incredibly lame code, but why not get it working, and then go hack some stuff... Originally it was writte...
PostNuke Bugged
Hi everyone, this post is 4 weeks after the original information was made available to the developers, allowing time for many effected users to patch and also the developers to fix / check newer versions. --------- rookidd found another set of vulnerabilities in postnuke, this time in version 7.0...
Four More ScriptEase MiniWeb Server v0.95 DoS Attacks
The following are four more Server Denial of Service Attacks against ScriptEase MiniWeb Server 0.95. These attacks do not make the server point to an invalid memory address like the previous post. I believe the first two attacks I describe are internal server problems due to either coding errors ...
rsync <= 2.5.1 Remote Exploit (2)
No description provided by source. / 7350rsync - rsync include include include include include include include include include include define MAXPATHLEN 4096 define VERSION "@RSYNCD: 26\n" define PORT 873 define NULLOFFSET -48 define STARTNULLBRUTE -44 define ENDNULLBRUTE -56 define BRUTEBASE...
Cisco IOS and CatOS fail to properly validate ARP packets thereby overwriting device's MAC address in ARP table
Overview There is a denial-of-service vulnerability in specific versions of Cisco IOS or CatOS. Description A denial-of-service vulnerability exists in specific versions of Cisco IOS or CatOS. This vulnerability can cause the device to crash or become unavailable if specially crafted arp packets...
phpBB 1.4.2, Remote user is able to modify SQL query.
Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...
Sudo version 1.6.3p6 now available
Sudo version 1.6.3p6 is now available ftp sites listed at the end. This fixes a buffer overflow in sudo which is a potential security problem. I don't know of any exploits that currently exist but I suggest that you upgrade none the less. Sudo has a good track record wrt secure coding, but this o...
Postaci allows arbitrary SQL query execution
Popular webmail software Postaci ships with Debian lacks of checking for malicious SQL code in variables coming from user while deleting addressbook contacts, bookmarks and notes. This gives opportunity to malicious user to execute arbitrary SQL query. The problem affects Postaci if using...
Stack too ;) Re: [pkc] remote heap buffer overflow in oops
Uups..!.!.!.. another hole in oops-1.4.6. just a code fragment: / check if this is full name / if !strchrname, '.' if domainname0 / join / strcpychartmpname, name; strncatchartmpname, domainname, sizeoftmpname-strlenchartmpname -1 ; name=chartmpname; if result = lookupdnscachechartmpname, NULL, 0...
BFTPd 1.0.12 Remote Exploit
Exploit for linux platform in category remote exploits =========================== BFTPd 1.0.12 Remote Exploit =========================== / Creates a filname to exploit the bug in bftpd 1.0.12 Create the file, cwd in the shell directory and nlist the file directory. Coded by korty / include...
kernel_hide.txt
Subject: EuroHaCk stealth-code fwd To: [email protected] ---------- Forwarded message ---------- Date: Wed, 18 Aug 1999 18:56:09 +0200 From: Martin Markovitz Reply-To: [email protected] To: [email protected] Subject: EuroHaCk stealth-code hi, don't think that hiding modules is an...
remote_bof_cfingerd.txt
Subject: cfingerd 1.3.2 To: [email protected] Hi, there is a remote buffer over flow in cfingerd 1.3.2 in searchfake: int searchfakechar username char parsed80; bzeroparsed, 80; sscanfusername, "%^..%^\r\n\r\n", parsed; ... called from processusername, that is called from main: int mainint arg...
solaris.2.5.su.expect.txt
Date: Thu, 10 Jun 1999 14:13:06 -0500 From: Dr. Mudge To: [email protected] Subject: Solaris 2.5 /bin/su was: vulnerability in su/PAM in redhat The same sort of problem existed in solaris /bin/su on 2.5 and below. The comments in the quick proof of concept sploit below should explain further h...
BSD 2 CND 1 Sendmail 8.x FreeBSD 2.1.x HP-UX 10.x AIX 4 RedHat 4 - Sendmail Daemon
BSD 2 CND 1 Sendmail 8.x FreeBSD 2.1.x HP-UX 10.x AIX 4 RedHat 4 - Sendmail Daemon BSD/OS 2.1,Caldera Network Desktop 1.0,Eric Allman Sendmail = 8.8.2,FreeBSD 2.1.5/2.1.6,HP-UX = 10.20,AIX 4.2,RedHat 4.0 Sendmail Daemon Mode Vulnerability source: https://www.securityfocus.com/bid/716/info Sendmai...
CVE-2022-26418
...