HP Tru64 UNIX "dxchpwd" contains buffer overflow

Overview The Hewlett Packard Tru64 "dxchpwd" command contains a locally exploitable buffer overflow. Description The Hewlett Packard Tru64 operating system contains a command, known as "dxchpwd," that allows users to change passwords. This program is vulnerable to a buffer overflow. --- Impact Th...

DEBIAN-CVE-2003-0102

Buffer overflow in tryelf in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header elfhdr.eshentsize...

Moderate: Red Hat Security Advisory: file security update

Updated file packages are available to close a buffer overflow vulnerability. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS The file command is used to identify a particular file according to the type of data contained by the file. The file...

Axis Communications Video Server 2.x - 'Command.cgi' File Creation

source: https://www.securityfocus.com/bid/6987/info It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command...

Linux-ATM LES 2.4 - Command Line Argument Buffer Overflow

Linux-ATM LES 2.4 - Command Line Argument Buffer Overflow // source: https://www.securityfocus.com/bid/7437/info The linux-atm 'les' executable has been reported prone to a buffer overflow vulnerability. This issue is due to a lack of sufficient bounds checking performed on data supplied via...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

CVE-2002-1375

The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response...

SCAN Associates Advisory: Molly 0.5 - Remote Command Execution

Molly 0.5 - Remote Command Execution Discovered By guejez of scan-associates.net About Molly: ------------------ quote from Molly homepage "Molly is a small, simple IRC bot that I use for intra-office communication. She will handle lunch menus, stock quotes, take polls and stuff like that." /quot...

Cooolsoft PowerFTP Server 2.x - Remote Denial of Service (2)

Cooolsoft PowerFTP Server 2.x - Remote Denial of Service 2 source: https://www.securityfocus.com/bid/5899/info PowerFTP server is a shareware ftp server available for the Microsoft Windows platform. It is distributed and maintained by Cooolsoft. It has been reported that PowerFTP server does not...

TRU64 /bin/chsh overflow

oops forgot one ... more soon. = /bin/chsh perl -e 'print "A" x 9000' Segmentation fault uname -a OSF1 alpha.snosoft.com V5.1 732 alpha ls -al /bin/chsh -rws--x--x 3 root bin 32944 Aug 24 2000 /bin/chsh dbx ./chsh core dbx version 5.1 Type 'help' for help. Core file created by program "chsh"...

LabVIEW Web Server DoS Vulnerability

... . ... . . .. .. .. . ... Title: LabVIEW Web Server DoS Vulnerability Date: 2002-04-22 Vendor: National Instruments Software: LabVIEW Web Server Versions: 5.1.1 - 6.1 Tested env: Windows 98, 2000; Linux. Impact: Malformed HTTP command crashes the LabVIEW Web Server, its LabVIEW application hos...

OpenBSD Local Root Compromise

ZOOM International Security Advisory OpenBSD local root compromise Systems affected: OpenBSD all version, OpenBSD Current prior April 8, 2002 Risk: High Date: April 11, 2002 Legal Notice: This advisory is copyright c ZOOM International. Disclaimer: Information contained in this advisory are...

Marcus S. Xenakis "directory.php" allows arbitrary code execution

------------------------------------------------------------ itcp advisory 3 [email protected] http://www.it-checkpoint.net/advisory/3.html March 10th, 2002 ------------------------------------------------------------ Marcus S. Xenakis "directory.php" allows arbitrary code execution...

CVE-1999-1057

CVE-1999-1057 affects VMS 4.0 through 5.3. The vulnerability arises from the ANALYZE/PROCESS_DUMP DCL command, enabling local users to gain privileges. Root cause: improper access control on the ANALYZE/PROCESS_DUMP DCL command. Impact: local privilege escalation (partial confidentiality/integrit...

CVE-2001-0697

NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service crash via an 'ls ..' command...

CVE-2001-0706

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service crash via a mkdir command that specifies a large number of sub-folders...

CVE-2001-0934

Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname...

Hexyn / Securax Advisory #15 - G6 FTP Full Installation Path

Hexyn / Securax Advisory 15 - G6 FTP Full Installation Path Topic: G6 FTP Full Installation Path Announced: 2001-02-17 Affects: G6 FTP Server up to version 2.0 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100...

Hexyn-sa-15.txt

Hexyn / Securax Advisory 15 - G6 FTP Full Installation Path Topic: G6 FTP Full Installation Path Announced: 2001-02-17 Affects: G6 FTP Server up to version 2.0 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100%...

Debian 2.2 Su.S.E 6.36.47.0 - man -l Format String

Debian 2.2 Su.S.E 6.36.47.0 - man -l Format String source: https://www.securityfocus.com/bid/2327/info man is the manual page viewing program, available with the Linux Operating System in this implementation. It is freely distributed and openly maintained. A problem with the man command may allow...