7963 matches found
Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv
Heres some the results of my latenight audit on Tru64. Its too late for me to mess with Compaqs web site to get the security contact I am tired and don't care or something. If someone has TRU64 gdb binaries I would love them... its too late for me to be playing with the Tru64 ladebug also... get ...
Многочисленные ошибки в IMail
Можно получить несанкционирванный доступ к учетным записям других пользователей, различаются диагностические сообщения для неправильного иени пользователя и пароля, возможности DoS и т.д...
Утечка информации в mIRC (information leakage)
Ошибки реализации протокола DDC позволяют получить сведения о конфигурации пользователя...
DoS против SMTP в Exchange
Ошибка при обработке SMTP-команд...
CVE-2002-0048
Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server...
ОЧередные ошибки в CGI
No description provided...
Four More ScriptEase MiniWeb Server v0.95 DoS Attacks
The following are four more Server Denial of Service Attacks against ScriptEase MiniWeb Server 0.95. These attacks do not make the server point to an invalid memory address like the previous post. I believe the first two attacks I describe are internal server problems due to either coding errors ...
CVE-2002-0048
Summary: CVE-2002-0048 describes multiple signedness errors in rsync I/O functions that can allow a remote attacker to cause a denial of service or execute arbitrary code in rsync when used as client or daemon/server. Affected versions (from provided documents): rsync 2.4.6, 2.3.2, and other vers...
CVE-2002-0048
Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server...
Очередные ошибки в CGI
No description provided...
squirrelmail: squirrelspell plugin check_me.mod.php bug
In-Reply-To: [email protected] Squirrelspell v0.3.1 is know to be affected, vulnerability of other versions is unknown. The buggy code extraction: --------------------- // Define the command used to spellcheck the document. $sqspellcommand=$SQSPELLAPP...
Очередные ошибки в CGI
Недостаточная проверка ввода пользователя...
Очередные ошибки в CGI
No description provided...
Многочисленные ошибки perl в adstreamer (code execution)
Классические ошибки perl...
GOBBLES CGI MARATHON #003
PRODUCT AdStreamer http://www.sha-la-la.com/adstreamer/ DESCRIPTION This software have many an open call that can exploited with Perl tricks like ../, 00, |, etc. bash-2.05$ egrep 'open|system|exec|eval' .cgi addbanner.cgi: This script is apart of the Banner Manager system. It will add banners...
Перепобнения буфера и другие ошибки в Valicert (buffer overflow)
Многочисленные ошибки...
Выполнение команд через PGPMail (command execution)
Классические ошибки perl...
Переполнение буфера в pmake (buffer overflow)
Переполнение буфре, ошибки форматной строки в приложении suid root на некоторых платформах...
Очередные ошибки в CGI
Некомментируется символ перевода строки при вызове внешней команды...
CVE-2001-0894
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service memory exhaustion by generating a large number of SMTP errors, which forces the SMTP session log...