Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/7261/info It has been reported that passlogd does not properly handle some types of input. Because of this, an attacker may be able to gain unauthorized access to hosts running the vulnerable software. / Title: Remote Multiple Buffer Overflow...

NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NSFOCUS Security AdvisorySA2003-02 Topic: Solaris lpq Stack Buffer Overflow Vulnerability Release Date: 2003-3-31 CVE CAN ID: CAN-2003-0091 Affected system: =================== Sun Solaris 2.5.1 SPARC/x86 Sun Solaris 2.6 SPARC/x86 Sun Solaris 7...

ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow

source: https://www.securityfocus.com/bid/6658/info It has been reported that a buffer overflow in escputil exists. When supplied with excessively long arguments, it is possible to overwrite stack memory. escputil is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this...

TFTPD32 Buffer Overflow Vulnerability (Long filename)

Advisory available at: http://www.securiteam.com/windowsntfocus/6C00C2061A.html TFTPD32 Buffer Overflow Vulnerability Long filename ------------------------------------------------------- SUMMARY http://tftpd32.jounin.net TFTPD32 is a Freeware TFTP server for Windows 9x/NT/XP. It provides an...

ColdFusion Heap Overflow -continued

Hi all, I am attempting to write exploit code for the coldfusion heap overflow still. On advice from various on the secfocus list i have installed softice and located the exception handler in question. The handler code starts at 0x77f82b95 The code I am trying to manipulate is at 0x77f8e43b Mov...

Traceroute-nanog 6 - Local Buffer Overflow

Traceroute-nanog 6 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/6166/info A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. The overflow occurs in the 'getorigin' function in the...

PlanetDNS PlanetWeb 1.14 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/5988/info PlanetWeb is a commercially available web server integrated with dynamic DNS services. It is distributed by PlanetDNS, and available for Microsoft Operating Systems. PlanetWeb does not properly handle long requests. Due to insufficient bounds...

Microsoft Windows XP2000NT 4.0 - Help Facility ActiveX Control Buffer Overflow

Microsoft Windows XP2000NT 4.0 - Help Facility ActiveX Control Buffer Overflow // source: https://www.securityfocus.com/bid/5874/info The ActiveX control that provides much of the functionality for the Windows Help Center contains an unchecked buffer. Successful exploitation could result in...

Yet Another. Trillian 'JOIN' Overflow.

Discovered: ----------- 02 September 2002 By Me, Lance Fitz-Herbert aka phrizer. Vulnerable Applications: ------------------------ Tested On Trillian .73 and .74, But im guessing older versions are also vulnerable, and possibly version 1.0 Pro. Impact: ------- Low-High. This could possibly allow...

HP Tru64 UNIX "chfn" contains buffer overflow (SSRT2259)

Overview The HP Tru64 UNIX implementation of "chfn" contains a locally exploitable buffer overflow. Description A locally exploitable buffer overflow in "chfn" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --- Impact A local user may be...

HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "inc" contains a locally exploitable buffer overflow. Description "inc" is used to incorporate new mail. A locally exploitable buffer overflow in "inc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...

Netris 0.30.40.5 - Remote Memory Corruption

Netris 0.30.40.5 - Remote Memory Corruption // source: https://www.securityfocus.com/bid/5680/info Netris is prone to a remotely exploitable memory corruption issue. Netris is prone to a remotely exploitable memory corruption issue. An attacker may exploit this to execute arbitrary code with the...

Netris 0.3/0.4/0.5 - Remote Memory Corruption

// source: https://www.securityfocus.com/bid/5680/info Netris is prone to a remotely exploitable memory corruption issue. Netris is prone to a remotely exploitable memory corruption issue. An attacker may exploit this to execute arbitrary code with the privileges of the user invoking the vulnerab...

Canna SR_INIT Command Remote Overflow

The remote host is running Canna, a service that processes Japanese input and translates it from kana to kanji. It was possible to make the remote Canna server crash by sending a SRINIT command with a very long string. A remote attacker could use this to crash the service, or possibly execute...

GDAM123 0.933/0.942 - Filename Buffer Overflow

// source: https://www.securityfocus.com/bid/5578/info The GDAM123 command-line MP3 player is prone to a buffer overflow condition when handling overly long filenames. Under some circumstances, the player may be installed setuid root to allow unprivileged users to run the player if access to...

WorldView vulnerability on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: WorldView vulnerability Number: 20000803-01-P Date: August 21, 2002 Reference: SGI Security Advisory 20000803-01-A Reference: CVE CAN-2000-0704 - ----------------------- - --- Issue Specifics --- - ----------------------- This bullet...

SecureCRT 2.4/3.x/4.0 - SSH1 Identifier String Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/5287/info The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this issue via a malicious server. Exploiting this issue may allow an...

ymxp.txt

Yahoo! Messenger 5,0,0,1061 Buffer Overflow Exploit for Win XP Pro Intro: Proof of concept code for YM Buffer Overflow as discovered in: http://packetstorm.decepticons.org/advisories/misc/yahoo-im.txt Code flow: Overwrite EIP at 218 Point EIP to a "RET" in the memory "RET" jumps to beginning of...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded stri...

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow

source: https://www.securityfocus.com/bid/4689/info MDaemon is an integrated mail transport agent, webmail, and mail anti-virus package. It is available for Microsoft Windows operating systems. It may be possible for a remote user to take advantage of a buffer overflow in the MDaemon software...