CVE-1999-1019

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable processd with a Trojan horse, facilitating a root or Administrator compromise...

Perl2Exe 1.0 95.0 26.0 - Code Obfuscation

Perl2Exe 1.0 95.0 26.0 - Code Obfuscation source: https://www.securityfocus.com/bid/6909/info Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectatio...

Perl2Exe 1.0 9/5.0 2/6.0 - Code Obfuscation

source: https://www.securityfocus.com/bid/6909/info Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectation that the source code will be concealed...

CVE-2002-0077

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable...

Buffer overflow vulnerability in pwck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility. Description The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section o...

locale_sol.txt

----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...

PT-2001-1854 · Microsoft · Internet Explorer +2

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 6 and earlier Description: The issue allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-1999-1440

Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is...

OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER

We're examining resubmitting to bugtraq html.dropper now updated to in include an .exe http://www.securityfocus.com/bid/2260 - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default insta...

Outlook Express 6 - Attachment Security Bypass

Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...

CVE-2001-1149

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service crash when a user selects an action for a malformed UPX packed executable file...

Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass

source: https://www.securityfocus.com/bid/3097/info At least two SMTP gateway products have been identified which contain flaws in the handling of restricted filetypes as attachments. An attacker can insert extraneous characters in the filename extension of a hostile attachment. The affected...

CVE-2001-0398

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon...

HP Openview NNM6.1 ovactiond bin exploit

Hello, Summery: HP Openview NNM6.1 and earlier running on unix have a problem with the suid bin executable ovactiond. It allows for starting of any program by just sending a trap or event to the station running the daemon. Details: in the trapd.conf the following is defined by default NNM6.1: EVE...

CVE-2001-0398

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon...

Крупные дырки в Internet Explorer (vnd.ms.radio, MSScriptControl.ScriptControl)

Объект с URL типа vnd.ms.radio позволяет выполнить исполняемый файл указав его в качестве codebase. Объект MSScriptControl.ScriptControl позволяет обращение к локальным и удаленным файлам с привелегиями пользователя...

Security Bulletin MS01-020

Title: Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Date: 29 March 2001 Software: Microsoft Internet Explorer Impact: Run code of attacker's choice. Bulletin: MS01-020 Microsoft encourages customers to review the Security Bulletin at:...

SCO Open Server 5.0.6 - recon Buffer Overflow

source: https://www.securityfocus.com/bid/2560/info SCO OpenServer 5.0.6 and possibly earlier versions ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive applications. 'recon' contains a locally...

SCO Open Server 5.0.6 - recon Buffer Overflow

SCO Open Server 5.0.6 - recon Buffer Overflow source: https://www.securityfocus.com/bid/2560/info SCO OpenServer 5.0.6 and possibly earlier versions ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive...