Hassan Consulting Shopping Cart 1.18 - Directory Traversal

source: https://www.securityfocus.com/bid/1777/info The $page variable in Hassan Consulting Shopping Cart does not properly check for insecure relative paths such as the double dot "..". Therefore, requesting the following URL will display the specified file:...

TalentSoft Web+ ClientMonitorserver 4.6 - Source Code Disclosure

TalentSoft Web+ ClientMonitorserver 4.6 - Source Code Disclosure source: https://www.securityfocus.com/bid/1722/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. Web+ can be used to display the source code of WML files residing on an NTFS...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (2)

source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (2)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

Security Advisory 2000-003

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-003 ================================= Topic: Exploitable Vulnerability in Xlockmore Version: NetBSD pkgsrc prior to 11th May 2000. Severity: xlock can be manipulated to print the shadow password information Abstract ======== The...

calendar.pl.vuln

Evening, I wouldnt normally post a small thing like this to bugtraq but i checked out cgi-resources.com and it seems to be damn popular so someone here may care. Oh yeah I notified Matt the vendor and he figured it wasnt really an issue. Oh well. Visit www.suid.kg/advisories/ for more crap like...

bugzilla.txt

Advisory: Unchecked systemblaat $var blaat call in Bugzilla 2.8 Root66 - ShellOracle - b0f By - [email protected] / Introduction / Bugzilla is a database for bugs. It let's people report bugs and assigns these bugs to the appropriate developers. Developer s can use bugzilla to keep a to-do...

Real Networks RealPlayer 67 - Location Buffer Overflow

Real Networks RealPlayer 67 - Location Buffer Overflow source: https://www.securityfocus.com/bid/1088/info Unchecked buffer code exists in the 'location' field of Real Networks RealPlayer versions 6.0 and 7.0. Requesting a URL containing a string consisting of 300 or more characters would cause t...

[SECURITY] New version of mtr released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman March 9, 2000 - ------------------------------------------------------------------------ Package: mtr Vulnerability type: possible...

Sun StarOffice 5.1 - Arbitrary File Read

source: https://www.securityfocus.com/bid/1040/info StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the...

win98-con.txt

New exploit found by the securax crew on 3/3/error for: windoze 98 maybe 95 too... not for NT4 or win2K When we looked at the new exploit for ie that uses the image c:/con/con http://www.zoomnet.net/quick/error/crash.html we experimented a bit with that unexisting path. We found that any program ...

PHP 3.0.13 - Safe_mode Failure

PHP 3.0.13 - Safemode Failure source: https://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developer...

Majordomo 1.94.41.94.5 - Local -C Parameter (2)

Majordomo 1.94.41.94.5 - Local -C Parameter 2 // source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of...

iis4.path.txt

Hello, There is another one way to retrieve a full path to local files in IIS4: If there is external CGI application configured for some file type and this application doesn't produce correct HTTP headers IIS generates an error with output of application both stdout and stderror. The problem is,...

[SECURITY] New version of amd fixes remote exploit, take 2

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman October 18, 1999 - ------------------------------------------------------------------------ The version of amd that was...

[SECURITY] New versions of INN fixes "news" exploit

re.Match object; span=1799, 2845, match=!--X-Head-of-Message--\nul\nliemTo/em:...

BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Remote Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/614/info There is a remotely exploitable buffer overflow condition in the amd daemon under several operating systems. Amd is a daemon that automatically mounts filesystems whenever a file or directory within that filesystem is accessed. Filesystems are...

ath0-2.sh

Script para utilizar como pacth e como exploit para o problema do +++ATH0 +++ath0.sh - By Nelson R A Brito - 01/01/99 http://www.angelfire.com/sd/stderr !/usr/bin/bash clear echo " +++ATH0 PATCH and EXPLOIT - By Nelson R A Brito" echo " " echo " " echo "Choose 1 to exploit or 2 to patch !" read...

dccsnoop.txt

http://www.rootshell.com/ Date: Wed, 10 Feb 1999 14:24:55 -0800 PST From: Gregory Taylor To: [email protected] Subject: Re: New Exploit - DCCsnoop.txt Discovered by Gregory Taylor Febuary 5th, 1999 It is possible to snoop a user's Linux connection through IRC.. DCC Sending the device files...

retina.vs.iis4-round2-the.exploit.txt

http://www.eeye.com/database/advisories/ad06081999/ad06081999-exploit.html Retina vs. IIS4, Round 2 - The Exploit We contemplated releasing this exploit and decided to do it. Here Is Why. We are a full disclosure security team, and we were not working under any non disclosure agreements with...