[SECURITY] [DSA 596-2] New sudo packages removes debug output

-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 596-2] New sudo packages removes debug output

-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...

TIPS MailPost append Parameter XSS

TIPS MailPost, a web application used for emailing HTML form data to a third party, is installed on the remote host. The version of MailPost hosted on the remote web server has a cross-site scripting vulnerability in the 'append' variable of mailpost.exe when debug mode is enabled. Debug mode is...

MailPost vulnerable to cross-site scripting in the 'append' variable passed to the file as part of an HTTP GET request

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack via the 'append' variable. The 'append variable is passed as part ...

MailPost discloses sensitive system information when operating in debug mode

Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...

CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...

IP Protocols Scan

This plugin detects the protocols understood by the remote IP stack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid14788; scriptversion"1.27"; scriptsetattributeattribute:"pluginmodificationdate",...

FreeBSD : courier-imap -- format string vulnerability in debug mode (26)

The following package needs to be updated: courier-imap %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg616cf823f48b11d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

RPC debug_svc Service In Use

Binary data 1052.prm...

Sendmail < 8.6.8 Long Debug Local Overflow

Binary data 2016.prm...

Sendmail ResrictQueueRun Debug Information Disclosure

Binary data 2027.prm...

courier-imap -- format string vulnerability in debug mode

An iDEFENSE security advisory describes a format string vulnerability that could be exploited when Courier-IMAP is run in debug mode DEBUGLOGIN set...

NETGEAR DG834G unauthorized access

It's possible to switch router to debug mode with unauthorized root access...

NETGEAR DG834G SPECIAL FEATURES

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....

netgearDG834G.txt

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....

Sun Solaris patches may cause passwords to be logged in clear text

Overview Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text. Description Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in thes...

CVE-2003-0812

Stack-based buffer overflow in a logging function for Windows Workstation Service WKSSVC.DLL allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file "NetSetup.LOG", as demonstrated using the NetAddAlternateComputerName API...

MS Windows XP Workstation Service Remote Exploit (MS03-049)

漏洞描述：Microsoft DCE/RPC服务可以提供网络管理功能，这些功能提供管理用户帐户和网络资源管理的功能。部分网络管理功能在Windows目录下的"debug"子目录会生成调试日志文件。Microsoft Workstation服务在处理日志记录时缺少充分的边界缓冲区检查，远程攻击者可以利用这个漏洞提供超长参数触发缓冲区溢出，以SYSTEM权限在系统上执行任意指令。 日志功能中使用vsprintf在日志文件中生成字符串，日志文件名为"NetSetup.LOG"，其保存在Windows "debug"目录中。...

[Full-Disclosure] Cutenews 1.3 information disclosure

.oO Overview Oo. Cutenews 1.3 information disclosure Discovered on 2003, July, 12th Vendor: CutePHP Cutenews is a powerful and easy for using news management system that use flat files to store its database. It supports comments and archives, search function, image uploading, backup function, IP...

CuteNews 1.3 - Debug Query Information Disclosure

source: https://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a...