Buffer overflow in awhttpd (Re: Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS))

Hello 3APA3A, OK, format string issue exists only in proposed patch... What about this issue: There are at least 2 buffer overflows with heap corruption, tpbuf can be up to 210 characters while getreqsi is malloc100. Of cause, target file should exist... tpbuf is base dir concatenated with 100...

SapporoWorks Black JumboDog 2.6.4/2.6.5 - HTTP Proxy Buffer Overflow

// source: https://www.securityfocus.com/bid/3858/info Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to an exploitable buffer overflow. The buffer overflow can be exploited by sending excessively long "expires", "if-modified-since", and "LastModified" strings containing executable code....

Aspupload installs exploitable scripts

Title: ASPUPLOAD Installs Exploitable Scripts By Default http://www.aspupload.com/ Author: Brett Moore [email protected] Systems Affected: Version 2.1 On Windows Version 3.0 Was Not Available For Testing Release Date: 30/11/2001 Vendor Contacted: 31/10/2001 Vendor Responded:31/10/2001...

Advisory CA-2001-31 Buffer Overflow in CDE Subprocess Control Service

CERT Advisory CA-2001-31 Buffer Overflow in CDE Subprocess Control Service Original release date: November 12, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Systems running CDE Overview There is a remotely exploitable buff...

SECURITY.NNOV: accessing cookies via ftp

Hello bugtraq, Article below describes a vulnerability that can be treated as either software vulnerability or specific server configuration problem depending on your point of view. Many servers on Internet are affected by this problem though. Topic: accessing cookies via ftp Affected Software: a...

store.cgi.txt

Hi conrades: I write about a vulnerability in /cgi-bin/Store/store.cgi -- This is part of a software that Key to the web http://www.keyweb.com use for her "e-comerce solutions". In her page you can find a list of posible webs with this vulnerability but you must be faster becouse can be early...

GroupWise 5.5 User Mailbox Authentication Vulnerability

Advisory ID Internal CORE-2001-0626 GroupWise 5.5 User Mailbox Authentication Vulnerability Core Security Advisory https://www.coresecurity.com Date Published: 2001-06-26 Advisory ID: CORE-2001-0626 Bugtraq ID: None currently assigned. CVE Name: None currently assigned. Title: GroupWise 5.5 User...

SECURITY.NNOV: Netscape 4.7x Messanger user information retrival

There are known bugs in Netscape which require information on user's files location. This bug is not serious one, but it allows to get this location. Topic : Netscape 4.7x user information retrival Author : 3APA3A [email protected] Affected software : Netscape 4.7x All Platforms Vendor :...

Netscape 4.7x information retrival

Author : 3APA3A Affected software : Netscape 4.7x All Platforms Vendor : Netscape IPlanet Risk : Low Remotely Exploitable : Yes Released : 30 May 2001 Vendor URL : http://www.netscape.com SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Background: Netscape Messanger uses internal...

Solaris /usr/bin/tip Vulnerability

Vulnerability in Solaris tip1 Date Published: March 27, 2001 Advisory ID: N/A Bugtraq ID: N/A CVE CAN: Non currently assigned. Title: Solaris tip1 Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerability Description: The tip...

Old getgrnam() Solaris 2.5 vulnerability

Hi Old versions of Solaris, 2.5/2.5.1 without patch contain an exploitable buffer overflow in getgrnam libc function. Sorry if this is already know, it seems an old problem but i failed searching it in the bugtraq archives. This vulnerability may be used in newgrp command. bye Pablo Sor...

Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error

Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Class: Unknown error Remotely Exploitable: Yes Locally Exploitable: Yes Risk: Medium Vendor status: Microsoft was notified on 7 December Vulnerability Description: MSTask.exe is an application that ships with the Windows NT 4...

DoS by SMTP AUTH command in IPSwitch IMail server

Dear folks, I found a kind of DoS to handle SMTP AUTH command in IPSwitch IMail server version 6.0.5. IPSwitch ships a product titled IMail, an email server for usage on NT servers serving SMTP, POP3, IMAP4, LDAP etc. It supports SMTP AUTH commands RFC2554 and several authenticate methods to...

Remote File Attachment Theft via comm.lycos.com,angelfire.com, eudoramail.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date Published: November 28, 2000 Title: Remote File Attachment Theft via comm.lycos.com,angelfire.com, eudoramail.com Class: Access Validation Error Remotely Exploitable: Yes Vulnerability Description: WebMail possibly WhoWhere.com software as...

sonata.teleconf.txt

Vulnerability Report For Voyant Technologies Sonata Conferencing product. Larry W. Cashdollar Vapid Labs Date Published: 10/31/2000 Advisory ID: 10132000-01 CVE CAN: None currently assigned. Title: Multiple Vulnerabilities found in Sonata teleconferencing Application. Class: Design Error Remotely...

CVE-2000-0835

search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter...

Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow

CORE SDI http://www.core-sdi.com Vulnerability Report For Microsoft Windows NT 4.0 Terminal Server GINA Date Published: 2000-11-08 Advisory ID: CORE-20001108 Bugtraq ID: 1924 CVE CAN: Non currently assigned. Title: Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow Class: Boundary Error...

Remotely exploitable buffer overflow in NAI's Distributed Sniffer Agent

Bugtraq. This 'advisory' details a number of problems with NAI's sniffer product. They have fixed the problems in current versions on the sly so I have foregone notifying the vendor. They saw fit to post an advisory on Microsoft's Netmon today so 'all is fair in love and war' at least MS had the...

[CORE SDI ADVISORY] Netscape servers Denial of Service

CORE SDI http://www.core-sdi.com Vulnerability Report For Netscape servers Denial of Service Date Published: 2000-10-31 Advisory ID: CORE-2000103102 Bugtraq ID: 1867 CVE CAN: Non currently assigned. Title: Netscape servers Denial of Service Class: Denial of Service Remotely Exploitable: Yes Local...

[CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug

CORE SDI http://www.core-sdi.com Vulnerability Report For iPlanet CMS and Netscape Directory Server Date Published: 2000-10-26 Advisory ID: CORE-2000-10-26 Bugtraq ID: 1839 CVE CAN: Non currently assigned. Title: Path traversal and administrator password in clear text vulnerabilities Class: Acces...