Trillian 0.6351/0.7x - Identd Buffer Overflow

// source: https://www.securityfocus.com/bid/5733/info Trillian ships with an ident server to facilitate connections to IRC servers that require an ident response before allowing access. A buffer overflow condition exists in the Trillian ident server, which may potentially be exploited to cause a...

CVE-2002-0409

orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter...

KF Web Server version 1.0.2 shows file and directory content

KF Web Server version 1.0.2 shows file and directory content .oO Overview Oo. KF Web Server version 1.0.2 shows file and directory content Discovered on 2002, July, 2nd Vendor: KeyFocus http://www.keyfocus.net/kfws/ KF Web Server 1.0.2 is a free personal web server available for Windows...

XSS in Slashcode

There is a nasty Cross Site ScriptingXSS vuln in Slashcode. This was used a day or so go on slashdot.org and resulted in most of the site being taken down for an hour or so. The maintainers of slashcode have patched the problem in CVS but have not even mentioned it anywhere that I can find. This...

[AP] YaBB Cross-Site Scripting vulnerability

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: methodic [email protected] release date: 06/21/2002 homepage: http://sec.angrypacket.com advisory...

Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure

source: https://www.securityfocus.com/bid/4877/info Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are request...

Apache Tomcat 3.2.33.2.4 - Example Files Web Root Full Path Disclosure

Apache Tomcat 3.2.33.2.4 - Example Files Web Root Full Path Disclosure source: https://www.securityfocus.com/bid/4877/info Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example...

Matu FTP 1.74 - Client Buffer Overflow

Matu FTP 1.74 - Client Buffer Overflow source: https://www.securityfocus.com/bid/4572/info An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a Matu FTP client. If,upon user connection, a FTP server '220' response is of excessive length, a...

move_uploaded_file breaks safe_mode restrictions in PHP

Hey Its possible to circumvent probadly spelled wrong PHP safemode restrictions by using moveuploadedfile. You take this nasty script and you have domain whatever.com and your directory path is /domains/whatever.com/ ? $file = $HTTPPOSTFILES'file''name'; $type = $HTTPPOSTFILES'file''type'; $size ...

wwwthreads-5.5.txt

---------- Forwarded message ---------- Date: 30 Jan 2002 22:12:17 -0000 From: Root Extractor To: [email protected] Subject: WWWThreads, UBBThreads Security Hole in upload system WWWThreads, UBBThreads Security Hole in upload system Author: RootExtractor, CompuMe [email protected],...

[ WWWThreads, UBBThreads ] Security Hole in upload system

WWWThreads, UBBThreads Security Hole in upload system Author: RootExtractor, CompuMe [email protected], [email protected] I. Details II. Vulnerable ver's III. Example, Xploit IV. Solution Details : ..: config.inc.php :.. ------------------------- snip ------------------------------ //...

sniffit-exp1.txt

/ Remote overflow in sniffit.0.3.7.beta tested on slackware 7.1 found/coded by g463 -18th january 2002- The vulnerability is triggered when the option -L is called from the command line with 'normmail' ie : ./sniffit -c ./sampleconfigfile -L normmail It calls a piece of code where the buffer is...

Brian Dorricott MAILTO 1.0.7-9 - Unauthorized Mail Server Use

Brian Dorricott MAILTO 1.0.7-9 - Unauthorized Mail Server Use source: https://www.securityfocus.com/bid/3669/info MAILTO is a program maintained by Brian Dorricott. It enables web servers to allow forms to be converted into mail messages that can be sent to numerous recipients. An issue exists in...

Microsoft Internet Explorer 5.5/6.0 - Spoofable File Extensions

source: https://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmless file type file in the Download...

CVE-2001-0535

Example applications Exampleapps in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" CGI.Host variable in 1 the "Web Publish" example script, and ...

CVE-2001-0535

Example applications Exampleapps in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" CGI.Host variable in 1 the "Web Publish" example script, and ...

directorymanager bug

Directory Manager Execute Command !BUG! Version Affected : Directory Manager 0.9 Directory Manager is a directory manager ; i realy don't know what he does. it has a serious security flaw, which allows any person to execute commands on attacked system as webserver-user. From editimage.php : if !$...

ISSalert: ISS Advisory: Remote Vulnerabilities in Macromedia ColdFusion Example Applications

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security...

PHP local DoS: self-fetching throught HTTP

PHP scripting allows "opening" files througth HTTP: $file=fopen"http://host/page.html","r"; If script opening itself throught HTTP, it will result in DoS attack: as much as possible HTTP connections and great number of executing PHP scripts. Timeout settings are useless. Possible solutions: -...

Debian 2.2 /usr/bin/pileup - Local Privilege Escalation

/ pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09c, offset: 0, align: 0. How many voices 1 to 9 Starti...