313 matches found
Technical Details of BadBlue EXT.DLL Vulnerability
Several days ago, I reported a vulnerability in the EXT.DLL ISAPI of BadBlue. BadBlue 1.7.3 has now been released by the vendor Working Resources at http://www.badblue.com/down.htm for administrators to upgrade their systems. The vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS...
Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow
Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow // source: https://www.securityfocus.com/bid/5188/info The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to...
Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow
// source: https://www.securityfocus.com/bid/5188/info The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to construct applications which extend web server functionality...
CVE-2002-0623
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun"...
CVE-2002-0186
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."...
CVE-2002-0050
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data...
Microsoft SQLXML ISAPI filter vulnerable to buffer overflow via contenttype parameter
Overview A buffer overflow vulnerability exists in the Microsoft SQLXML Internet Services Application Programming Interface ISAPI extension for Internet Information Server IIS. This vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code with LocalSystem...
Microsoft SQL Server 2000 SQLXML buffer overflow
Buffer overflow in ISAPI filter and crossite scripting...
Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the HTR ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/5004/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML...
Microsoft IIS global.asa Remote Information Disclosure
This host is running the Microsoft IIS web server. This web server contains a configuration flaw that allows the retrieval of the global.asa file. This file may contain sensitive information such as database passwords, internal addresses, and web application configuration options. This...
Multiple bugs in ServletExec ISAPI
Physical path disclosure, directory traversal, DoS, buffer overflow...
NewAtlanta ServletExec/ISAPI 4.1 - File Disclosure
source: https://www.securityfocus.com/bid/4795/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI will disclose the contents of arbitrary files within the webroot directory by sending a request...
NewAtlanta ServletExecISAPI 4.1 JSPServlet - Denial of Service
NewAtlanta ServletExecISAPI 4.1 JSPServlet - Denial of Service // source: https://www.securityfocus.com/bid/4796/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. A denial of service condition occurs when the...
NewAtlanta ServletExecISAPI 4.1 - File Disclosure
NewAtlanta ServletExecISAPI 4.1 - File Disclosure source: https://www.securityfocus.com/bid/4795/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI will disclose the contents of arbitrary files...
ServletExec 4.1 / JRun ISAPI Multiple DoS
By sending an overly long request for a .jsp file, it is possible to crash the remote web server. This problem is known as the ServletExec / JRun ISAPI DoS. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and contributions from Carmichael Security Erik Anderson nb: domain n...
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible global.asa, for example. When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only...
CVE-2002-0071
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server IIS 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names...
SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net)
At long last, SPIKE is once again allowed to be public. This is the fuzzer creation kit I wrote that finds the .HTR and ISAPI overflow vulnerabilities discussed here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-018.asp and here:...
Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733)
There's a denial of service vulnerability on the remote host in the Front Page ISAPI filter. An attacker may use this flaw to prevent the remote service from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Thanks to: SPIKE v2.1 : MS02-018 supercedes : MS01-043, MS01-025,...