PT-2001-1854 · Microsoft · Internet Explorer +2

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 6 and earlier Description: The issue allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-1999-1440

Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is...

OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER

We're examining resubmitting to bugtraq html.dropper now updated to in include an .exe http://www.securityfocus.com/bid/2260 - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default insta...

Outlook Express 6 - Attachment Security Bypass

Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...

CVE-2001-1149

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service crash when a user selects an action for a malformed UPX packed executable file...

Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass

source: https://www.securityfocus.com/bid/3097/info At least two SMTP gateway products have been identified which contain flaws in the handling of restricted filetypes as attachments. An attacker can insert extraneous characters in the filename extension of a hostile attachment. The affected...

CVE-2001-0398

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon...

HP Openview NNM6.1 ovactiond bin exploit

Hello, Summery: HP Openview NNM6.1 and earlier running on unix have a problem with the suid bin executable ovactiond. It allows for starting of any program by just sending a trap or event to the station running the daemon. Details: in the trapd.conf the following is defined by default NNM6.1: EVE...

CVE-2001-0398

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon...

Крупные дырки в Internet Explorer (vnd.ms.radio, MSScriptControl.ScriptControl)

Объект с URL типа vnd.ms.radio позволяет выполнить исполняемый файл указав его в качестве codebase. Объект MSScriptControl.ScriptControl позволяет обращение к локальным и удаленным файлам с привелегиями пользователя...

Security Bulletin MS01-020

Title: Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Date: 29 March 2001 Software: Microsoft Internet Explorer Impact: Run code of attacker's choice. Bulletin: MS01-020 Microsoft encourages customers to review the Security Bulletin at:...

SCO Open Server 5.0.6 - recon Buffer Overflow

source: https://www.securityfocus.com/bid/2560/info SCO OpenServer 5.0.6 and possibly earlier versions ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive applications. 'recon' contains a locally...

SCO Open Server 5.0.6 - recon Buffer Overflow

SCO Open Server 5.0.6 - recon Buffer Overflow source: https://www.securityfocus.com/bid/2560/info SCO OpenServer 5.0.6 and possibly earlier versions ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive...

feeble.you!dora.exploit

Sunday, March 18, 2001 Silent delivery and installation of an executable on a target computer. No client input other than opening an email using Eudora 5.02 - Sponsored Mode provided 'use Microsoft viewer' and 'allow executables in HTML content' are enabled. One wonders why they are there in the...

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require...

Tru64 UNIX 4.0g - '/usr/bin/at' Local Privilege Escalation

/ Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require modification, may require deletion, heh. Note: executablestack...

Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit

Exploit for tru64 platform in category local exploits ============================================== Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit ============================================== / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site:...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

Дырка в Lotus Notes (stored foms)

Внутрь письма можно вставить исполняемый код во внутреннем формате...