CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability

Core Security Technologies Advisory http://www.coresecurity.com NetMeeting Directory Traversal Vulnerability Date Published: 2003-07-02 Last Update: 2003-07-02 Advisory ID: CORE-2003-0305-04 Bugtraq ID: 7931 CVE Name: None currently assigned. Title: NetMeeting Directory Traversal Vulnerability...

Active Directory Stack Overflow

Advisory ID Internal CORE-2003-0305-03 Date Published: 2003-07-02 Last Update: 2004-04-21 Advisory ID: CORE-2003-0305-03 Bugtraq ID: 7930 CVE Name: CAN-2003-0663 Title: Active Directory Stack Overflow Class: Boundary Error Condition, Denial of Service Remotely Exploitable: Yes Locally Exploitable...

Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1

hello bugtraq, From MSDN: ---cut--- DWORD GetPrivateProfileSection LPCTSTR lpAppName, LPTSTR lpReturnedString, DWORD nSize, LPCTSTR lpFileName ; skip nSize in Size of the buffer pointed to by the lpReturnedString parameter, in TCHARs. Windows 95/98/Me: The maximum buffer size is 32,767 characters...

Kerio Personal Firewall 2.1.4 - Remote Code Execution

Kerio Personal Firewall 2.1.4 - Remote Code Execution / Kerio Personal Firewall v2.1.4 remote code execution exploit Tested on Windows XP with SP1 In order to exploit, for ease of mind, set the firewall to permit all traffic, or allow a connection to port 44334 from your testing unix shell ip. It...

CVE-2002-1030

Technical details (affected components, root cause, impact, remediation) are not publicly available in the provided documents. Monitor for updates.

Immunity Canvas: SAMBA_NTTRANS

Name| sambanttrans ---|--- CVE| CVE-2003-0085 Exploit Pack| CANVAS Description| sambanttrans Notes| References: http://www.samba.org/samba/whatsnew/samba-2.2.8.html CVE Name: CVE-2003-0085 VENDOR: Samba Development Notes: WARNING! This exploit can get you more than one shell-listener because of t...

MS02-040 / MS03-033: Unchecked buffer in MDAC Function (326573 / 823718)

The remote Microsoft Data Access Component MDAC server is vulnerable to a flaw that could allow an attacker to execute arbitrary code on this host, provided he can load and execute a database query on this server. C Tenable Network Security, Inc. MS03-033 supercedes MS02-040 Note: The fix for thi...

Immunity Canvas: MS03_001

Name| ms03001 ---|--- CVE| CVE-2003-0003 Exploit Pack| CANVAS Description| Microsoft Windows RPC Locator Overflow Notes| CVE Name: CVE-2003-0003 VENDOR: Microsoft MSADV: MS03-001 VersionsAffected: Repeatability: References: http://www.microsoft.com/technet/security/Bulletin/MS03-001.mspx CVE Url:...

DSquare Exploit Pack: D2SEC_DOMINOR5

Name| d2secdominor5 ---|--- CVE| CAN-2002-1624 Exploit Pack| D2ExploitPack Description| IBM Lotus Domino HTTP Authentication Logging Stack Overflow Notes|...

Unchecked buffer in PC-cillin

---------------------------------------------------------------------------- - Texonet Security Advisory 20021210 ---------------------------------------------------------------------------- - Advisory ID : TEXONET-20021210 Authors : Joel Soderberg and Christer Oberg [email protected] Issue...

Multiple incorrect permissions in QNX.

TOPIC: Multiple incorrect permissions in QNX. ADVISORY NR: 200202 DATE: Nov 13 2002 VULNERABILITY FOUND BY: 1; One Semicolon CONTACT INFORMATION: http://www.4os.org [email protected] STATUS: QNX Software Systems Ltd was contacted on November 11, 2002. I received prompt replies and was assured that this w...

Microsoft Windows 2000 SNMP service leaks memory when querying printer objects if spooler service is stopped

Overview A memory leak exists in the Windows 2000 SNMP service. Under a specific precondition, it can result in a remote denial-of-service vulnerability. Description If the SNMP service is running on a Windows 2000 server, and the 'Print Spooler' service is not running, repeatedly using SNMP...

CVE-2002-1030

Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service crash via a flood of data and connections...

Immunity Canvas: SAVANT

Name| savant ---|--- CVE| CVE-2002-1120 Exploit Pack| CANVAS Description| savant Notes| CVE Name: CVE-2002-1120 VENDOR: Savant VersionsAffected: Savant 3.1 Repeatability: This is a one shot exploit. CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1120 CVSS: 7.5...

Immunity Canvas: MSSQLRESOLVESTACK

Name| mssqlresolvestack ---|--- CVE| CVE-2002-1123 Exploit Pack| CANVAS Description| MSSQL Resolver Stack Overflow MS02-056 Notes| CVE Name: CVE-2002-1123 VENDOR: Microsoft Notes: Exit me with ExitProcess, not exitthread MSRC: http://www.microsoft.com/technet/security/bulletin/ms02-056.asp MSADV:...

Immunity Canvas: MSSQLHELLO

Name| mssqlhello ---|--- CVE| CVE-2002-1123 Exploit Pack| CANVAS Description| MSSQL Hello Stack Overflow MS02-056 Notes| References: 'http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2', 'http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2',...

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...

Microsoft Windows SMB Registry : XP Service Pack Detection

Nessus was able to determine the Service Pack version of the Windows XP system by reading the following registry key : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion This script was written by Georges Dagousset Modified by David Maciejak to add check for Service Pack 2 See the Nessu...

Microsoft Internet Explorer 6 - URI Handler Restriction Circumvention

Microsoft Internet Explorer 6 - URI Handler Restriction Circumvention source: https://www.securityfocus.com/bid/5730/info Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers such as file:// and res://. It has been demonstrated in the past that these URI...

Microsoft Internet Explorer 6 - URI Handler Restriction Circumvention

source: https://www.securityfocus.com/bid/5730/info Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers such as file:// and res://. It has been demonstrated in the past that these URI handlers could be abused and incorporated into different types of attack...