CVE-2000-0663

The registry entry for the Windows Shell executable Explorer.exe in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path"...

Проблемы в сервере Roxen

Используя нулевой символ 00 можно просматривать листинги директорий, получать содержимое исполняемых файлов и т.д...

CVE-2000-0342

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."...

CVE-2000-0342

CVE-2000-0342 (Eudora 4.x) describes a vulnerability where remote attackers can bypass the user warning for executable attachments (.exe, .com, .bat) by using a .lnk file that references the attachment, a.k.a. “Stealth Attachment.” The linked PT-2000-1308 entry confirms the affected software as E...

Vulnerability in Solaris ufsrestore

Hi, Reading RFP's great initiative on the disclosure policy http://www.wiretrip.net/rfp/policy.html , here is the scoop on a local root exploit I reported to Sun on May 18th. I received confirmation on the reception, stated I would disclose in three weeks and heard nothing since. I've had better...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (3)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow 3 // source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying ...

MICROSOFT SECURITY FLAW?

Saturday, May 13, 2000 MICROSOFT SECURITY FLAW? Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. 1. Using the following this can be accomplished with the default installation of Windows 95 and 98 and Internet...

CVE-2000-0325

The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability...

silent.delivery.txt

Saturday, May 13, 2000 MICROSOFT SECURITY FLAW? Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. 1. Using the following this can be accomplished with the default installation of Windows 95 and 98 and Internet...

Проблема с Eudora

Eudora считает исполняемыми только файлы с расширением .exe, .com и .bat, что позволяет прислать пользователю исполняемый файл, который будет запущен без предупреждения...

CVE-2000-0342

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."...

PT-2000-1308 · Qualcomm · Eudora

Name of the Vulnerable Software and Affected Versions: Eudora versions 4.x Description: The issue allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment. This is also known as "Stealth...

Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention

source: https://www.securityfocus.com/bid/1157/info A malicious email sender can circumvent warning messages that would normally display when a user attempts to view executable attachments in Eudora 4.2/4.3. Eudora does not prompt a user with the warning message if they are attempting to open a...

Solaris 2.67.0 - lp -d Option Buffer Overflow

Solaris 2.67.0 - lp -d Option Buffer Overflow // source: https://www.securityfocus.com/bid/1143/info A buffer overrun has been discovered in the lp program, as included with Sun's Solaris 7 operating system. By passing well crafted, machine executable code of sufficient length to the -d option of...

FrontPage 98Personal WebServer 1.0 Personal Web Server 2.0 - htimage.exe File Existence Disclosure

FrontPage 98Personal WebServer 1.0 Personal Web Server 2.0 - htimage.exe File Existence Disclosure source: https://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same...

FrontPage 97/98 - Server Image Mapper Buffer Overflow

source: https://www.securityfocus.com/bid/1117/info The htimage.exe and imagemap.exe files included with FrontPage handle server-side image mapping functions. Under normal operations, it would be passed a map name and a set of coordinates in the format http: //target/path/htimage.exe/mapname?x,y...

Переполнения буфера в Star Office

Многочисленные перепоолнения буфера при разборе документа позволяют "вставить" в документ исполняемый код...

Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - 'imwheel' (2)

// source: https://www.securityfocus.com/bid/1060/info A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string containing machine executable code...

RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (1)

/ source: https://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability A buffer overflow exists in the implementation of the 'man' program shipped with RedHat Linux, and other LInux...

Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution

source: https://www.securityfocus.com/bid/993/info The Windows Autorun feature was designed to allow an executable and an icon to be specified for any piece of removable media. Upon insertion, the icon would be displayed for the drive, and the executable would automatically run. This feature also...