PT-2004-3233 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000, XP, and possibly 2003 Description: The issue allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function,...

PT-2004-2909 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.4.25 and earlier Description: The issue is related to an integer overflow in the SCTP SOCKOPT DEBUG NAME SCTP socket option in socket.c. This overflow allows local users to execute arbitrary code via an optlen value of...

iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability

Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=175&type=vulnerabilities December 21, 2004 I. BACKGROUND HP-UX FTP Daemon is a service included in HP-UX that implements the File Transfer Protocol. II...

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure

Title: phpCMS = 1.2.1 Xss Vulnerability, Information disclosure Affects: - = 1.2.1 Effect: Cross Site Attack session hijacking, ... Id: cbsa-0006 Release Date: 2004/11/26 Author: Cyrille Barthelemy [email protected] -- 1. Introduction ------------------------ phpCMS is a content management...

[SECURITY] [DSA 596-2] New sudo packages removes debug output

-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 596-2] New sudo packages removes debug output

-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...

TIPS MailPost append Parameter XSS

TIPS MailPost, a web application used for emailing HTML form data to a third party, is installed on the remote host. The version of MailPost hosted on the remote web server has a cross-site scripting vulnerability in the 'append' variable of mailpost.exe when debug mode is enabled. Debug mode is...

MailPost vulnerable to cross-site scripting in the 'append' variable passed to the file as part of an HTTP GET request

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack via the 'append' variable. The 'append variable is passed as part ...

MailPost discloses sensitive system information when operating in debug mode

Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...

CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...

IP Protocols Scan

This plugin detects the protocols understood by the remote IP stack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid14788; scriptversion"1.27"; scriptsetattributeattribute:"pluginmodificationdate",...

FreeBSD : courier-imap -- format string vulnerability in debug mode (26)

The following package needs to be updated: courier-imap %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg616cf823f48b11d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

RPC debug_svc Service In Use

Binary data 1052.prm...

Sendmail < 8.6.8 Long Debug Local Overflow

Binary data 2016.prm...

Sendmail ResrictQueueRun Debug Information Disclosure

Binary data 2027.prm...

courier-imap -- format string vulnerability in debug mode

An iDEFENSE security advisory describes a format string vulnerability that could be exploited when Courier-IMAP is run in debug mode DEBUGLOGIN set...

NETGEAR DG834G unauthorized access

It's possible to switch router to debug mode with unauthorized root access...

NETGEAR DG834G SPECIAL FEATURES

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....