Qualcomm Eudora 5/6 - File Attachment Spoofing (2)

source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...

Qualcomm Eudora 56 - File Attachment Spoofing (2)

Qualcomm Eudora 56 - File Attachment Spoofing 2 source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing...

Qualcomm Eudora 5/6 - File Attachment Spoofing (1)

source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...

REFRESH: EUDORA MAIL 5.1.1

Tuesday, July 23, 2002 Trivial silent delivery and installation of an executable on a target computer. This can be accomplished with the default installation of the mail client Eudora 5.1.1: 'allow executables in HTML content' DISABLED 'use Microsoft viewer' ENABLED The manufacturer...

CORE-20020620: Inktomi Traffic Server Buffer Overflow

CORE SECURITY TECHNOLOGIES http://www.corest.com Vulnerability Report For Inktomi Traffic Server Date Published: 2002-07-02 Advisory ID: CORE-20020620 Bugtraq ID: 5098 CVE CAN: None currently assigned. Title: Inktomi Traffic Server trafficmanager local overflow. Class: Boundary error condition...

CVE-2001-1149

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service crash when a user selects an action for a malformed UPX packed executable file...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded stri...

ICQLite executable trojaning

Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Risk: Average Exploitable: Yes Remote: No I. Intro: ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges such as Power User to work, so, it's often used by...

TRU64 /usr/bin/passwd overflow

In light of the recent conversations on the non-executable stack I have decided to release some of the information I have been sitting on. alpha.snosoft.com uname -a OSF1 alpha.snosoft.com V5.1 732 alpha alpha.snosoft.com id uid=201dotslash gid=15users groups=0system alpha.snosoft.com ls -al...

[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability

---------------------------------------------------------------------- SNS Advisory No.51 Compaq Tru64 UNIX libc Buffer Overflow Vulnerability Problem first discovered: Sun, 18 Nov 2001 Published: Thu, 17 Apr 2002 ---------------------------------------------------------------------- Overview:...

DoS через специальные устройства в Domino (DOS DoS)

Обращение к CGI-файлу с именем содержащим название DOS-устройства и длинным расширением приводит к запуску cmd.exe...

HELP.dropper: IE6, OE6, Outlook...lookOut

Thursday, 28 March, 2002 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post or web site. This can be accomplished with the default installation of Internet Explorer 6.0, Outlook Express 6.0 and probably Outlook and...

Executable launch via Windows Medial Player from Microsoft Outlook/Outlook express

Via Windows Media file wma it's possible to open HTML file in local security zone, from html it's open chm, from chm - executable...

CVE-2001-1140

BadBlue Personal Edition v1.02 beta is affected by CVE-2001-1140, where remote attackers can read source code of executables by adding a null byte (%00) to the request. The vulnerability is exploitable over a network with low attack complexity and no authentication, causing partial confidentialit...

CVE-1999-1019

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable processd with a Trojan horse, facilitating a root or Administrator compromise...

Perl2Exe 1.0 95.0 26.0 - Code Obfuscation

Perl2Exe 1.0 95.0 26.0 - Code Obfuscation source: https://www.securityfocus.com/bid/6909/info Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectatio...

Perl2Exe 1.0 9/5.0 2/6.0 - Code Obfuscation

source: https://www.securityfocus.com/bid/6909/info Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectation that the source code will be concealed...

CVE-2002-0077

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable...

Buffer overflow vulnerability in pwck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility. Description The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section o...

locale_sol.txt

----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...