[Full-Disclosure] cPanel hardlink chown issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: cPanel Vendor URL: http://www.cpanel.net Author: Karol Wisek [email protected] Date: July 31, 2004 Issue: cPanel allows logged in users to change ownership of any file to their uid:gid. Description: cPanel is a next generation web hostin...

[Full-Disclosure] myServer 0.7 Directory Traversal Vulnerability

myServer 0.7 Directory Traversal Vulnerability .oO Overview Oo. myServer version 0.7 shows files and directories that reside outside the normal web root directory. Discovered on 2004, September 07th Vendor: Myserver http://www.myserverproject.net/forum/portal.php MyServer is a free, powerful web...

Microsoft Internet Explorer - Overly Trusted Location Cache

Microsoft Internet Explorer - Overly Trusted Location Cache Overly Trusted Location Variant Method Cache Vulnerability GO! This vulnerability seems to be unstable. For some reason, it crashes my internet explorer unless the exploit is executed onlo +ad and even then it crashes sometimes. var...

Mozilla 1.7 - External Protocol Handler

Mozilla 1.7 - External Protocol Handler source: https://www.securityfocus.com/bid/10681/info Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the...

IBM EGatherer 2.0 - ActiveX Control Dangerous Method

source: https://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a malicious website and may result i...

SMF SIZE Tag Script Injection Vulnerability

Advisory Name : SMF SIZE Tag Script Injection Vulnerability Release Date : May 3,2004 Application : Simple Machines Test On : SMF 1.0 Beta 5 Public Vendor URL : http://www.simplemachines.org/ Discover : Cheng Peng Suapplesoupatmsn.com Intro: The team that has brought you YaBB SE has moved on to...

MSWordPW.txt

Hi ... There are several vulnerabilities published/discussed regarding MS Word MS Office in general, however, 'tis is the most "no brainer" I've discovered ... Vulnerability: Password protected document that has "tracked changes, comments or forms" password protected Vulnerable: MS Word Win2K/XP...

iDEFENSE Security Advisory 02.27.04a: WinZip MIME Parsing Buffer Overflow Vulnerability

WinZip MIME Parsing Buffer Overflow Vulnerability iDEFENSE Security Advisory 02.27.04a: http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti es February 27, 2004 I. BACKGROUND WinZip is an archiving utility for the Microsoft Windows platform featuring built-in support for CAB...

BRS WebWeaver Webserver Cross Site Scripting Vulnerability

BRS WebWeaver Webserver Cross Site Scripting Vulnerability ================================================ Whatis: ===== BRS WebWeaver is a free personal web server that runs on the Windows platform. Version: ====== V 1.07 Exploiting: =======...

shatterCommCtrl.txt

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

sh-httpd.txt

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

Microsoft Word 97982002 - Malformed Document Denial of Service

Microsoft Word 97982002 - Malformed Document Denial of Service source: https://www.securityfocus.com/bid/8761/info It has been reported that Microsoft Word is prone to a vulnerability that may allow an attacker to crash the software. The problem occurs when an attacker modifies the memory structu...

Gauntlet Firewall for Unix 6.0 - SQL-GW Connection Denial of Service

source: https://www.securityfocus.com/bid/8683/info The Gauntlet Firewall SQL gateway sql-gw is prone to denial of service attacks. It is possible to trigger this condition by making multiple connections to the port which the service listens on. The service will need to be restarted to regain...

LSH 1.x - Remote Buffer Overflow (2)

LSH 1.x - Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/8655/info lsh has been reported prone to a remote buffer overflow vulnerability. The condition is reported to present itself in fairly restrictive circumstances, and has been reported to be exploitable...

man-db 2.4.1 - open_cat_stream() Local uidman

man-db 2.4.1 - opencatstream Local uidman !/bin/bash xmandb.sh: shell command file. man-dbv2.4.1-: local uid=man exploit. by: vade79/v9 v9 fakehalo deadpig org fakehalo opencatstream privileged call exploit. i've been conversing with the new man-db maintainer, and after the initial post sent to...

Trillian 0.74 Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc ============================================== Trillian 0.74 Remote Denial of Service Exploit ============================================== / -------------------------------------------- :::::::::::::::::: trillian 0.7d patch...

Netscape 7.02 Client Detection Tool plug-in buffer overrun

Advisory name ============= Netscape 7.02 Client Detection Tool plug-in buffer overrun Affected software ================= Netscape 7.02 for Windows Problem description =================== Netscape 7.02 and probably earlier versions contains Client Detection Tool plug-in that handles...

[Full-Disclosure] MacOSX - crash screensaver locked with password and get the desktop back

Hi all, three days ago i discovered a security issue, with the last MacOSX. there is a way to crash the screensaver locked with password and gain the desktop. how? - you ask. i don't know the exact amount of characters, only that if you leave a key pressed for 5 minutes or more and then hit the...

Internet Explorer >=5.0 : Buffer overflow

script wnd=open"about:blank","",""; wnd.moveToscreen.Width,screen.Height; WndDoc=wnd.document; WndDoc.open; WndDoc.clear; buffer=""; fori=1;i=127;i++buffer+="X"; buffer+="DigitalScream"; WndDoc.write"HR align='"+buffer+"'"; WndDoc.execCommand"SelectAll"; WndDoc.execCommand"Copy"; wnd.close; /scri...

Dune 0.6.7 - GET Remote Buffer Overrun

// source: https://www.securityfocus.com/bid/7945/info It has been reported that Dune is vulnerable to a remote boundary condition error when handling long requests. This could allow a remote attacker to execute arbitrary code on a vulnerable system. / dune0.6.7+-: remote buffer overflow exploit...