Vulnerabilities in Informix Webdriver

Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it. Otherwise, webdriver will...

Дырка в oidldapd in из Oracle 8.1.7

Классическое переполнение буфера позволяет локальному пользователю получить привилегии root. Кроме того лог-файл создается без проверки символьных линков в открытой на запись директории...

vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7

This Feature seems to be new with oidldapd in OID 2.1.1.1/8.1.7 i couldnt reproduce with oidldapd in OID 2.0.6.3 and seems to be very dangerous. Look at this. In my system occurs the next: my ORACLEHOME=/work/oracle8ir3 oracle@dimoniet bin$ cd /work/oracle8ir3/ldaplog oracle@dimoniet log$ ls -alc...

Дырка в STM из HP-UX

Сождается лог-файл без проверки символьных линков...

HP-UX 10.20 - registrar Local Arbitrary File Read

HP-UX 10.20 - registrar Local Arbitrary File Read source: https://www.securityfocus.com/bid/1919/info The registrar service that ships with version 10.20 possibly others of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. T...

Samba 2.0.7 - SWAT Logfile Permissions

Samba 2.0.7 - SWAT Logfile Permissions source: https://www.securityfocus.com/bid/1874/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is...

Samba 2.0.7 - SWAT Logfile Permissions

source: https://www.securityfocus.com/bid/1874/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager ...

webactive.txt

Application: ITAfrica's WEBactive version 1.00 Problem Type: Denial of Service Author: [email protected] Platforms: Windows 95/NT Vendor Status: Not Informed, Project discontinuedI think Download URL: ftp://ftp.mira.net/mirrors/winsock-l/Windows95/Daemons/HTTPD/activ100.zip Product...

CVE-2000-0402

CVE-2000-0402 concerns Information Disclosure in Microsoft SQL Server 7.0: the sa password is stored in plaintext in a log file (sqlsp.log) readable by any user. This vulnerability is described as the "SQL Server 7.0 Service Pack Password" issue. Public references in the provided documents point ...

Дырка в BRU Backup

имя лог-файла определяется переменной среды окружения $ BRUEXECLOG=/etc/passwd, что позволяет переписать любой файл в системе, т.к. приложение suid root...

BRU Vulnerability

BRU backup software Vulnerability: Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system. Exploitation: $ BRUEXECLOG=/etc/passwd $ export BRUEXECLOG $ bru -V ' comsec::0:0::/:/bin/sh ' $...

Проблема с паролем администратора в MS SQL 7

После установки SP1 или 2 при использовании смешанного режима авторизации пароль администратора в открытом тексте попадает в файл TEMPsqlsp.log...

CVE-2000-0402

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...

CVE-1999-0961

HPUX sysdiag contains a local privilege escalation where an unprivileged user can gain root via a symlink attack during log file creation. The Root Cause is a symlink handling vulnerability in the log file creation path. Affected software is HP-UX sysdiag (no specific version ranges provided in t...

netsurfer.txt

Software: Netsurfer for UNIX version? Platforms: UNIX various ISPs Problem: Any local user can obtain passwords and credit card numbers by elsewhere A problem exists in Netsufer's, Inc. Netsurfer software see www.netsurfer.com that allows the average local user anyone in the user group to obtain...

CVE-1999-0596

A Windows NT log file has an inappropriate maximum size or retention period...

CVE-1999-0596

CVE-1999-0596 concerns Windows NT where a log file is governed by an inappropriate maximum size or retention period. Documents confirm the affected software is Windows NT and that the underlying issue is misconfigured log file handling, but do not specify affected build versions, exploit details,...

CVE-1999-1562

gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in 1 the log window, or 2 in a log file...

nobo-DoS.txt

Date: Thu, 4 Feb 1999 16:52:00 -0500 From: Andrew J. Gavin To: [email protected] Subject: NOBO denial of service As reported by [email protected] approximately a week ago, nobo a back orifice scanning detector has a buffer overflow problem that will crash the program remotely. Sending a UDP packe...

sims-sds.txt

Date: Fri, 25 Dec 1998 19:51:56 PST From: Dana Jones Reply-To: Bugtraq List To: [email protected] Subject: Vulnerability SIMS 3.x Sun Internet Mail Server and SDS 1.x & 3.1 Sun LDAP Directory services vulnerability. /var/opt/SUNWconn/ldap/log/slapd.log is used to log ldap connects/operations. ...