Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense

Positive Technologies Security Advisory http://www.ptsecurity.com Title: DoS-attack in VisNetic ActiveDefense Date: March, 10 2003 Severity: High Application: VisNetic ActiveDefense 1.3.1 and early Platform: Windows 95/98/ME/NT/2000/XP Vendor Status: Notified, patched I. DESCRIPTION -------------...

CrossSite Scripting @ Snitz Forums 2000

Description: The BadWord-Script-Filter can be tricked by adding the Tab-Char 0x09 into the script command. This may lead to CrossSite-Scripting. Exploit: imgjav asc ript:alert28document.cookie29/img Vendor: Has been contacted on 15. April. Patch: Available at...

MacOS X DirectoryService Privilege Escalation (a041003-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: MacOS X DirectoryService Privilege Escalation and DoS Attack Release Date: 04/10/2003 Application: /usr/sbin/DirectoryService Platform: MacOS X 10.2.4 and below Severity: Local users can ga...

Microsoft Security Bulletin MS00-084: Patch Available for 'Indexing Services Cross Site Scripting' Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- - - ----------------------------------------------------------------- Title: Patch Available for 'Indexing Services Cross Site Scripting' Vulnerability Released: 02 November 2000 Revised: 09 April 2003 version 2.0 Software: Microsoft Indexing Services for Window...

Vignette Story Server sensitive information disclosure (a040703-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Vignette Story Server sensitive information disclosure Release Date: 04/07/2003 Application: Vignette Story Server v4.1, 6 Platform: Windows / Unix Severity: A remote user can extract sessi...

HP Tru64 UNIX "dxchpwd" contains buffer overflow

Overview The Hewlett Packard Tru64 "dxchpwd" command contains a locally exploitable buffer overflow. Description The Hewlett Packard Tru64 operating system contains a command, known as "dxchpwd," that allows users to change passwords. This program is vulnerable to a buffer overflow. --- Impact Th...

Sun ONE (iPlanet) Application Server Connector Module Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Sun ONE iPlanet Application Server Connector Module Overflow Release Date: 03/13/2003 Application: SunONE iPlanet Application Server 6.x Platform: Microsoft Windows NT 4.0/2000 Severity:...

Critical: Red Hat Security Advisory: : Updated sendmail packages fix critical security issues

Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. These packages also fix a security bug if sendmail is configured to use smrsh. Sendmail is a widely used Mail Transport Agent MTA which is...

WebChat (PHP)

Informations : °°°°°°°°°°°°°° Version : 0.77 Website : http://www.webdev.ro Problem : File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° defines.php : ----------------------------------------------- ? if !isset$WEBCHATPATH $WEBCHATPATH = './'; include $WEBCHATPATH.'dbmysql.php'; include...

Myguestbook (PHP)

Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS - admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = SCRIPT, e-mail = SCRIPT or message = /textareaSCRIPT SCRIPT will be executed on index.php,...

IndyNews - PhpNuke module: several problems

IndyNews is a PhpNuke add-on that allows users to include media files images, documents and so on to articles. While I was playing with the module, I've found several problems. 1 function delMediaFile Anybody is able to delete any media attached to already approved articles. 2 function manageMedi...

PHPMyPub (PHP)

Informations : °°°°°°°°°°°°°° Website : http://phpmypub.free.fr Version : 1.2.0 Problem : Admin access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/index.php : ------------------------------------------------------------------------ ... $auth = $HTTPCOOKIEVARS"adminpub"; if !$auth if $formulaire...

MS03-001: Unchecked buffer in Locate Service (810833)

The Microsoft Locate service is a name server that maps logical names to network-specific names. There is a security vulnerability in this server that allows an attacker to execute arbitrary code in it by sending a specially crafted packet to it. C Tenable Network Security, Inc...

PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters

Overview A locally exploitable buffer overflow exists in PC-cillin. Description Trend Micro describes PC-cillin as follows:Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use...

Anyone can read all XOOPS private messages

www.phpsecure.org advisory. In french : http://www.phpsecure.org/?zone=pComment&d=101 By valdeux Publiacted on december, 13th 2002 As most part of PHP CMS, XOOPS allows users to send and receive Private Messages PMs, that are saved on the DataBase. We found how all messages are readable. And sure...

Pine MUA contains buffer overflow in addr_list_string()

Overview Pine is a mail user agent MUA written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Description Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addrliststring function...

NetScreen Secure Command Shell (SCS) denial-of-service vulnerability

Overview The Secure Command Shell service on NetScreen firewall products contains a remotely exploitable denial-of-service vulnerability. Description Firewall products from NetScreen Technologies, Inc. include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SCS...

Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL

Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...

NOCC: XSS

NOCC: XSS PROGRAM: NOCC VENDOR: Olivier Cahagne et al. HOMEPAGE: http://nocc.sourceforge.net/ VULNERABLE VERSIONS: 0.9.5, possibly others IMMUNE VERSIONS: 0.9.5 with my patch applied SEVERITY: high LOGIN REQUIRED: no DESCRIPTION: "NOCC is a simple and fast Web-based e-mail reader which can handle...

Microsoft Security Bulletin MS02-061: Elevation of Privilege in SQL Server Web Tasks (Q316333)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Elevation of Privilege in SQL Server Web Tasks Q316333 Released: 16 October 2002 Software: Microsoft SQL Server 7.0 and 2000 Impact: Elevation of privilege Max Risk: Critical Bulleti...