6672 matches found
Microsoft Windows 9598NT 4.0 - autorun.inf Code Execution
Microsoft Windows 9598NT 4.0 - autorun.inf Code Execution source: https://www.securityfocus.com/bid/993/info The Windows Autorun feature was designed to allow an executable and an icon to be specified for any piece of removable media. Upon insertion, the icon would be displayed for the drive, and...
Kuang2 the Virus Detection
Kuang2 the Virus was found. Kuang2 the Virus is a program that infects all the executables on the system, as well as set up a server that allows the remote control of the computer. The client program allows files to be browsed, uploaded, downloaded, hidden, etc on the infected machine. The client...
CVE-1999-0354
This CVE (CVE-1999-0354) affects Internet Explorer 4.x/5.x when paired with Word 97, where a Word 97 template containing executable Visual Basic code can run arbitrary programs on the IE client without warning. The issue also applies to Outlook when viewing a malicious email. The underlying risk ...
CVE-1999-0527
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten...
Microsoft Systems Management Server 2.0 - Default Permissions
source: https://www.securityfocus.com/bid/945/info The default permissions applied to the directory containing the SMS Remote Control executable allow any user to replace the executable with any other executable. The new executable will run with System privileges after the next reboot. Replace...
Microsoft Systems Management Server 2.0 - Default Permissions
Microsoft Systems Management Server 2.0 - Default Permissions source: https://www.securityfocus.com/bid/945/info The default permissions applied to the directory containing the SMS Remote Control executable allow any user to replace the executable with any other executable. The new executable wil...
Microsoft Windows 95/98/NT 4.0 - Help File Backdoor
source: https://www.securityfocus.com/bid/868/info The help files for the Windows Help system .cnt, .hlp can be edited so that they run an arbitrary executable when selected by a user. The executable will run at the privelege level of the user. The .cnt files are like tables of contents that tell...
Microsoft Windows 9598NT 4.0 - Help File Backdoor
Microsoft Windows 9598NT 4.0 - Help File Backdoor source: https://www.securityfocus.com/bid/868/info The help files for the Windows Help system .cnt, .hlp can be edited so that they run an arbitrary executable when selected by a user. The executable will run at the privelege level of the user. Th...
Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service (2)
Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service 2 source: https://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will...
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2)
source: https://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will crash the "services" executable, which in turn, disables the ability for the...
SCO Open Server 5.0.5 - userOsa Symlink
SCO Open Server 5.0.5 - userOsa Symlink source: https://www.securityfocus.com/bid/701/info Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the th...
SCO Open Server 5.0.5 - 'userOsa' Symlink
source: https://www.securityfocus.com/bid/701/info Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the the /etc/sysadm.d/bin/userOsa executable...
RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/602/info The version of Vixie cron that ships with RedHat versions 4.2, 5.2 and 6.0 is vulnerable to a local buffer overflow attack. By utilizing the MAILTO environment variable, a buffer can be overflown in the cronpopen function, allowing an attacker...
digital-unix-4.0-bof.txt
Date: Mon, 25 Jan 1999 12:21:45 -0800 From: Lamont Granquist To: [email protected] Subject: Digital Unix 4.0 exploitable buffer overflows Previously Digital Unix has been relatively immune to buffer overflow attacks due to the lack of an executable stack in the 3.x versions. For the 4.0 versio...
aspads.txt
We've had a number of questions and possible solutions suggested in the past few hours, let me try and summarize. 1. Several people noted that enabling extensions with "::$DATA" added, i.e. ".asp::$DATA", would cause them to be executed instead of read. This does work, and is faster than removing...
icq-hidden-files.txt
Date: Fri, 1 Jan 1999 14:20:34 +1100 From: Justin Clift To: [email protected] Subject: Win32 ICQ 98a flaw Hello everyone, A while ago I found a flaw in ICQ which I believe to be fairly serious and asked whom to notify. Thanks for everyone's assistance in this. :- I notified Mirabilis and they...
defeat.solaris.nonexec.stack.txt
Hi, I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexecuserstack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described...
processdump.txt
Date: Tue, 15 Sep 1998 12:36:22 +0800 From: David Luyer Subject: Dump a mode --x--x--x binary on Linux 2.0.x The following file can be LDPRELOAD'ed against a mode 111 --x--x--x binary on Linux 2.0.x. It will dump the binary to a series of process-dump-... files in the current directory. The...
digital-unix4.0-asm-shell.txt
Date: Tue, 26 Jan 1999 15:18:08 -0500 From: Seth Michael McGann To: [email protected] Subject: Re: Digital Unix 4.0 exploitable buffer overflows On Mon, 25 Jan 1999, Lamont Granquist wrote: Previously Digital Unix has been relatively immune to buffer overflow attacks due to the lack of an...
Web Server /cgi-bin Shell Access
The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the HTTP daemon. %NASLMINLEV...