CVE-2001-1035

Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post...

Roxen security alert: URL decoding vulnerable

Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...

CVE-2001-1118

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL...

Декодирование паролей в Sambar (password decoding)

пароли хранятся в обратимом виде и могут быть декодированы...

Sambar Server all versions password decoding

Topic: Sambar Server all versions password decoding Author: 3APA3A SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com Released: 24 July 2001 Credits:...

SECURITY.NNOV: Sambar Server all versions password decoding

Hello, Topic: Sambar Server all versions password decoding Author: 3APA3A [email protected] SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com...

Слабый алгоритм шифрования в Crypt-PW (weak encryption)

Шифрованный парль легко декодируется...

sa2001_02.txt

NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system...

Дырка в IIS (double decoding directory traversal)

Путь к CGI-программе декодируется дважды, что позволяет обойти проверку на обратный путь в директориях...

Advisory CA-2001-12

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-12 Superfluous Decoding Vulnerability in IIS Original release date: May 15, 2001 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Microsoft IIS Overview A serious...

IIS decodes filenames superfluously after applying security checks

Overview Microsoft IIS decodes filenames after applying security checks, allowing an attacker to execute commands. Description To accomodate complex URIs, RFC 2396 specifies a means to encode arbitrary octets using hexadecimal characters and the percent sign %. Quoting from RFC 2396: An escaped...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (7)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 7 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (1)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 1 // source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request...

Дырка в tcpdump

Переполнение буфера при декодировании AFS...

format string in ssl dump

Sorry if this has already got posted. Seeweed found this in ssldump the other day. The follwoing text is from his website http://dropwire.dhs.org/seeweed/: SSLDUMP is a program witch is simallar to tcpdump, but also adds encryption to its network debugging procedures..It captures traffic then...

PassWD 1.2 - Weak Encryption

// source: https://www.securityfocus.com/bid/1300/info PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file which resides in the PassWD...

MacOS_encryption.txt

Subject: MacOS system encryption algorithm To: [email protected] The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on Users & Group...

MacOS_encryption_algorithm.txt

Subject: MacOS system encryption algorithm 3 To: [email protected] Sometime ago, Dawid adix Adamski sent to bugtraq the encryption algorithm in MacOS personal AppleShare server he found. I have been researching a little on this subject, and I've found his code fails when decoding the firs...

Apple Mac OS 8 8.6 - Weak Password Encryption

source: https://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on Users & Groups configuration, but i...

Apple Mac OS 8 8.6 - Weak Password Encryption

Apple Mac OS 8 8.6 - Weak Password Encryption source: https://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and...