DEBIAN-CVE-2005-1267

The bgpupdateprint function in tcpdump 3.x does not properly handle a -1 return value from the decodeprefix4 function, which allows remote attackers to cause a denial of service infinite loop via a crafted BGP packet...

CURL-CVE-2005-0490 Authentication Buffer Overflows

Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation and for an FTP server to overflow the client during krb4 negotiation. The announcement of this flaw w...

CVE-2005-0453

The bufferurldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 null character after the file extension...

Sendmail 'decode' Alias Arbitrary File Overwrite

Binary data 2026.prm...

[waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]

================================================================================ waraxe-2004-SA018 ================================================================================ Admin-level authentication bypass in phpnuke 6.x-7.2...

[waraxe-2004-SA#017 - User-level authentication bypass in phpnuke 6.x-7.2]

================================================================================ waraxe-2004-SA017 ================================================================================ User-level authentication bypass in phpnuke 6.x-7.2...

PT-2004-1236 · Gaim · Gaim

Name of the Vulnerable Software and Affected Versions: Gaim version 0.75 Description: The issue involves multiple buffer overflows that allow remote attackers to cause a denial of service and possibly execute arbitrary code. This can occur through various means, including octal encoding in yahoo...

Immunity Canvas: IIS_DOUBLEDECODE

Name| iisdoubledecode ---|--- CVE| CVE-2001-0333 Exploit Pack| CANVAS Description| iisdoubledecode MS01-026 Notes| CVE Name: CVE-2001-0333 VENDOR: Microsoft Notes: The IIS Double Decode module will automatically use tftp to get a MOSDEF node on the remote target. This will not work through a...

icadecrypt.c.txt

/ icadecrypt.c Decrypt stored Citrix ICA passwords in appsrv.ini. Dug Song / include include include include include int hexdecodechar src, uchar dst, int outsize char p, pe; uchar q, qe, ch, cl; pe = src + strlensrc; qe = dst + outsize; for p = src, q = dst; p = '0' && ch = 'a' && ch = '0' && cl...

CVE-1999-0096

CVE-1999-0096 concerns Sendmail where the decode alias mechanism can be abused to overwrite sensitive files. The connected documents provide concrete details: the issue arises from a misconfigured decode alias that pipes mail to a program, enabling arbitrary file overwrites on the remote server. ...

Ethereal 0.8.4/0.8.5/0.8.6 / tcpdump 3.4/3.5 alpha - DNS Decode (1)

// source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffers will attempt to decode DNS request and queries. However, d...

Ethereal 0.8.4/0.8.5/0.8.6 / tcpdump 3.4/3.5 alpha - DNS Decode (2)

source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffers will attempt to decode DNS request and queries. However, due ...

Ethereal 0.8.40.8.50.8.6 tcpdump 3.43.5 alpha - DNS Decode (1)

Ethereal 0.8.40.8.50.8.6 tcpdump 3.43.5 alpha - DNS Decode 1 // source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffe...