Microsoft Windows NT 4.02000 - Process Handle Local Privilege Escalation

Microsoft Windows NT 4.02000 - Process Handle Local Privilege Escalation source: https://www.securityfocus.com/bid/4287/info A vulnerability in Microsoft Windows 2000 and NT 4 could allow a user to gain SYSTEM-level privileges on the local host. The debugging subsystem, which is available to all...

Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation

source: https://www.securityfocus.com/bid/4287/info A vulnerability in Microsoft Windows 2000 and NT 4 could allow a user to gain SYSTEM-level privileges on the local host. The debugging subsystem, which is available to all users, may be used to create duplicate handles to a privileged process...

VulnCheck KEV: CVE-2002-0367

smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges...

FreeBSD-SA-02:08.exec

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:08 Security Advisory FreeBSD, Inc. Topic: race condition during exec may allow local root compromise Category: core Module: kernel Announced: 2002-01-24 Credits: Logan...

Проблемы с snmp в linksys (information leakage)

После обращения к комьюнити public устройство начинает посылать на запрашивающих хос snmp-trap'ы с отладочной информацией...

CVE-2001-0157

Palm OS 3.5.2 and earlier is affected by a debugging utility in the backdoor mode that lets an attacker with physical access bypass access restrictions and obtain passwords despite a lockout mechanism. The available sources do not specify a patch or remediation steps. Exploit specifics are not pr...

Потенциальная дырка в драйверах Windows NT/2000 (DbgPrint format string)

Во многих дрйверах ошибка форматной строки при вызови функции отладки...

SSH CRC-32 Compensation Attack Detector Vulnerability Exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is the exploit for the bug in file deattack.c in the portable version of openssh-2.2.0 and possible below. We need to know several numbers for it to work so it's very difficult to use the exploit on the wild. 1. We need to know is the EXACT...

Stunnel format bug

Macaroon Advisory Hi, ppl We have recently discovered a format bug in stunnel= 3.8 in which the log function calls directly the syslog with only two parameters: sysloglevel, text. It should be sysloglevel, "s", text. If a user can pass any string that is written to the log file, he can exploit th...

format string in ssl dump

Sorry if this has already got posted. Seeweed found this in ssldump the other day. The follwoing text is from his website http://dropwire.dhs.org/seeweed/: SSLDUMP is a program witch is simallar to tcpdump, but also adds encryption to its network debugging procedures..It captures traffic then...

Локальная дырка в OpenBSD

Ошибка в ядре системы позволяет "уронить" систему в режим отладки ядра, в котором можно проделывать любые действия...

CVE-2000-0430

The provided documents identify CVE-2000-0430 as a flaw in Cart32 where remote attackers can access sensitive debugging information by appending /expdate to the URL. Affected component: Cart32 (web/URL handling). Root cause: improper handling of URL paths leading to exposure of debugging data; im...

CVE-2000-0430

Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request...

format bug in agetty ??

util-linux-2.10h/login-utils agetty.c:244 ifdef DEBUGGING define debugs fprintfdbf,s; fflushdbf FILE dbf; else define debugs / nothing / endif agetty.c:281 ifdef DEBUGGING dbf = fopen"/dev/ttyp0", "w"; int i; fori = 1; i argc; i++ debugargvi; endif w/ -DDEBUGGING is bogus. -- Carlos E Gorges...

CVE-2000-0157

CVE-2000-0157 concerns NetBSD on VAX where a ptrace-based flaw lets local users gain privileges by modifying the PSL contents during debugging. The description identifies the affected vector as a local privilege escalation via the ptrace interface, but the provided documents do not specify a vend...

CVE-2000-0350

CVE-2000-0350 affects NetworkICE ICEcap up to version 2.0.23. The issue is a debugging feature that remains enabled, allowing a remote attacker to bypass weak authentication and post unencrypted events. Public sources in connected documents corroborate that ICEcap stores/receives alerts and can b...

CVE-2000-0350

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events...

CVE-2000-0430

Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request...

Cart32 3.0 - 'expdate' Administrative Information Disclosure

source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging page containing the server variables, the Cart32...

Cart32 3.0 - expdate Administrative Information Disclosure

Cart32 3.0 - expdate Administrative Information Disclosure source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging...