[COVERT-2000-06] Initialized Data Overflow in Xlock

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Network Associates, Inc. COVERT Labs Security Advisory May 29, 2000 Initialized Data Overflow in Xlock COVERT-2000-06 o Synopsis An implementation vulnerability in xlock allows global variables in the initialized data section of memory to be...

Netopia R-series Routers 4.6.2 - Modifying SNMP Tables

Netopia R-series Routers 4.6.2 - Modifying SNMP Tables source: https://www.securityfocus.com/bid/1177/info All R-series platforms with firmware between 4.3.8 and 4.6.2 inclusive allow users who already have access to the router to modify SNMP tables which they should not be able to access. The...

Netopia R-series Routers 4.6.2 - Modifying SNMP Tables

source: https://www.securityfocus.com/bid/1177/info All R-series platforms with firmware between 4.3.8 and 4.6.2 inclusive allow users who already have access to the router to modify SNMP tables which they should not be able to access. The router has a command-line mode that is reached by typing...

CVE-2000-0186

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument...

GeoCel WindMail 3.0 - Remote File Read

GeoCel WindMail 3.0 - Remote File Read source: https://www.securityfocus.com/bid/1073/info WindMail is a command-line mailer that can be integrated with perl cgi applications to create form-mail capability for a website. WindMail 3.0 and possibly previous versions can be used to retrieve any asci...

GeoCel WindMail 3.0 - Remote File Read

source: https://www.securityfocus.com/bid/1073/info WindMail is a command-line mailer that can be integrated with perl cgi applications to create form-mail capability for a website. WindMail 3.0 and possibly previous versions can be used to retrieve any ascii file that the webserver has read acce...

CVE-2000-0186

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument...

CVE-1999-0817

CVE-1999-0817 affects the Lynx WWW client. The issue allows a remote attacker to specify command-line parameters that Lynx uses when invoking external programs to handle certain protocols (e.g., telnet). The underlying vulnerability is in how Lynx constructs/executes external command lines, enabl...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

CVE-1999-0960

The CVE-1999-0960 entry concerns the IRIX cdplayer component. The vulnerability allows local users to create directories in arbitrary locations via a command line option, indicating potential abuse of filesystem operations by manipulating the cdplayer’s command-line parameters. The available refe...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

CVE-1999-1334

Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via 1 long From: headers, 2 long Reply-To: headers, or 3 via a long -f filterfile command line argument...

sco_bof.txt

Subject: 19 SCO 5.0.5+Skunware98 buffer overflows To: [email protected] Greetings, After some light security auditing ; I've found approximately nineteen buffer overflows in various SCO 5.0.5+Skunkware98 programs. This was, by no means, a comprehensive audit of SCO's su/gids so I'm sure...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

PT-1999-1371 · Lynx · Lynx

Name of the Vulnerable Software and Affected Versions: Lynx WWW client affected versions not specified Description: The issue allows a remote attacker to specify command-line parameters that Lynx uses when calling external programs to handle certain protocols, such as telnet. Recommendations: At...

ksrt.accelerated-x.bof.txt

Date: Sat, 26 Jun 1999 15:40:54 -0400 From: "KSRT Contact Account" To: [email protected] Subject: KSRT 011: Accelerated-X KSRT Advisory 011 Date: June 25, 1999 ID : accelx-bo-011 Affected Program: Xi Graphics, Inc.'s Accelerated-X Server 4.x, 5.x and possibly earlier versions. Author: Jordan...

ePerl.txt

Date: Mon, 6 Jul 1998 22:39:24 -0300 From: Tiago Luz Pinto Subject: ePerl: bad handling of ISINDEX queries ePerl is an embedded Perl Interpreter for HTTP servers Description: Incorrect Handling of ISINDEX queries command line argument when ePerl runs as a nph-cgi/cgi. Cause: According with the...

Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (1)

source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services. It includes a component named RDS Remote Data Services. RDS allows remote access via the internet to database objects through IIS. Both are included i...

Xi Graphics Accelerated X 4.0.x5.0 - Local Buffer Overflow

Xi Graphics Accelerated X 4.0.x5.0 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/488/info Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow...

Xi Graphics Accelerated X 4.0.x/5.0 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/488/info Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow vulnerabilities. These vulnerabilities were found in the...