7049 matches found
Buffer overflows in ircII-based clients
After seeing the BitchX "DoS" problem mentioned the n'th time already, I decided to finally audit ircII based clients to show some worse problems they have. I had been pretty sure for years that malicious servers can exploit them in multiple ways, and I think many others have known it as well. EP...
writesrv Service Detection
This service gives potential attackers information about who is connected and who isn't, easing social engineering attacks for example. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11222; scriptversion "$Revision: 1.12 $"; scriptcvsdate"$Date: 2011/03/11 21:52:41 $"...
Yet another plaintext attack to ZIP encryption scheme.
Introduction ------------ The ZIP format is one of the most widely used compresion/archival programs on computers systems, its use is even more extended on Windows plataform, with WinZIP program. Known Attacks ------------- The PKZIP encryption scheme have been proved to be weak in a lot of paper...
CVE-2002-0321
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service flooding attacks...
CVE-2002-0321
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service flooding attacks...
NetBSD 1.x - TalkD User Validation
NetBSD 1.x - TalkD User Validation source: https://www.securityfocus.com/bid/4419/info talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely. talkd does not perform adequate validation of users making talk...
CVE-2001-0563
CVE-2001-0563 affects ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier. The flaw allows a remote attacker to induce a denial of service by sending large strings (greater than 160,000 characters) to port 23. The available sources (NVD, CVE listings) corroborate the DoS impact but do not...
xtell 2.6.1 - User Status Remote Information Disclosure
source: https://www.securityfocus.com/bid/4196/info xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems. An information disclosure vulnerability has been...
AOL/AOL Instant Messenger Vulnerability
AOL/AOL Instant Messenger Vulnerability -------------------------------------------------------------------------------- Author: Robert Lyttle [email protected] Contributors: r0cky Release Date: 02.24.02 - 2:00 AM Disclaimer: http://www.sub-seven.com and/or Robert Lyttle is not responsible for...
xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
========================================================================== ======= xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability ======== ========================================================================== It is possible to trick xchat IRC clients 1.4.2, 1.4.3 into sending...
X-Chat 1.x - CTCP Ping Remote IRC Command Execution
X-Chat 1.x - CTCP Ping Remote IRC Command Execution source: https://www.securityfocus.com/bid/3830/info X-Chat is a graphical client for IRC. It requires the GTK+ toolkit, and is available for many Linux and Unix operating systems. If a CTCP ping request includes escaped newline characters and...
X-Chat 1.x - CTCP Ping Remote IRC Command Execution
source: https://www.securityfocus.com/bid/3830/info X-Chat is a graphical client for IRC. It requires the GTK+ toolkit, and is available for many Linux and Unix operating systems. If a CTCP ping request includes escaped newline characters and additional IRC commands, these commands may be execute...
Brian Dorricott MAILTO 1.0.7-9 - Unauthorized Mail Server Use
Brian Dorricott MAILTO 1.0.7-9 - Unauthorized Mail Server Use source: https://www.securityfocus.com/bid/3669/info MAILTO is a program maintained by Brian Dorricott. It enables web servers to allow forms to be converted into mail messages that can be sent to numerous recipients. An issue exists in...
Brian Dorricott MAILTO 1.0.7-9 - Unauthorized Mail Server Use
source: https://www.securityfocus.com/bid/3669/info MAILTO is a program maintained by Brian Dorricott. It enables web servers to allow forms to be converted into mail messages that can be sent to numerous recipients. An issue exists in MAILTO which could allow an attacker to send emails through a...
Microsoft Outlook Web Access (OWA) Anonymous Access
It is possible to browse the information of the OWA server by accessing as an anonymous user with the following URL: http://www.example.com/exchange/root.asp?acs=anon After this access, the anonymous user can search for valid users in the OWA server and can enumerate all users by accessing the...
CVE-2001-0563
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large 160000 character strings sent to port 23...
Olicom XLT-F XL 80 IM V5.5BL2 - Undocumented Community String
Olicom XLT-F XL 80 IM V5.5BL2 - Undocumented Community String source: https://www.securityfocus.com/bid/2802/info Olicom routers were previously manufactured and distributed by Olicom, a company now owned by Intel. Olicom routers provide a low-cost routing solution for small businesses. A problem...
Olicom XLT-F XL 80 IM V5.5BL2 - Undocumented Community String
source: https://www.securityfocus.com/bid/2802/info Olicom routers were previously manufactured and distributed by Olicom, a company now owned by Intel. Olicom routers provide a low-cost routing solution for small businesses. A problem with Olicom routers could allow unauthorized access to certai...
Microsoft Windows Messenger Service Social Engineering Weakness
The messenger service is running. This service allows NT users to send pop-up messages to each other. This service can be abused by anyone who can trick valid users into doing some actions that may harm their accounts or your network social engineering attack. C Tenable Network Security, Inc...
Microsoft Windows Alerter Service Social Engineering Weakness
The alerter service is running. This service allows NT users to send pop-up messages to each other. This service can be abused by an attacker who can trick valid users into doing some actions that may harm their accounts or your network social engineering attack C Tenable Network Security, Inc...