[SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink

----------------------------------------------------------------------- SNS Advisory No.37 HTTProtect allows attackers to change the protected file using a symlink Problem first discovered: Mon, 4 Jun 2001 Published: Wed, 18 Jul 2001...

FreeBSD-SA-01:42.signal

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:42 Security Advisory FreeBSD, Inc. Topic: signal handling during exec may allow local root compromise Category: core Module: kernel Announced: 2001-07-10 Revised:...

iPlanet Certificate Management Traversal Arbitrary File Access

It is possible to read arbitrary files on the remote server by prepending /ca/../../ in front on the file name. C Tenable Network Security, Inc. XXX might be redundant with plugin 10589 include"compat.inc"; ifdescription scriptid10683; scriptversion "1.25"; scriptcveid"CVE-2000-1075";...

Security Bulletin MS01-028

---------------------------------------------------------------------- Title: RTF document linked to template can run macros without warning Date: 21 May 2001 Software: Microsoft Word for Windows and Word for the Mac Impact: Run Macros without warning Bulletin: MS01-028 Microsoft encourages...

iPlanet - Netscape Enterprise Web Publisher Buffer Overflow

iPlanet – Netscape Enterprise Web Publisher Buffer Overflow Release Date: May 11, 2001 Severity: High Remote SYSTEM level code execution Systems Affected: Netscape Enterprise 4.1 and prior versions. Description: The Web Publisher feature in Netscape Enterprise 4.1 is vulnerable to a buffer...

Hexyn / Securax Advisory #17 - Bison FTP Server Directory Traversal

Hexyn / Securax Advisory 17 - Bison FTP Server Directory Traversal Topic: Bison FTP Server Directory Traversal Announced: 2001-02-17 Affects: Bison FTP Server version 4 Release 1 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE...

Hexyn / Securax Advisory #17 - Bison FTP Server Directory Traversal

Hexyn / Securax Advisory 16 - Ghetto FTP Server Directory Traversal Topic: Ghetto FTP Server Directory Traversal Announced: 2001-02-17 Affects: Ghetto FTP Server version 1.0 beta 1 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE...

Microsoft IIS 5.0 WebDAV Malformed PROPFIND Request Remote DoS

The remote version of the IIS web server contains a bug in its implementation of the WebDAV protocol that could allow an attacker to temporarily disable this service remotely. To exploit this flaw, an attacker would require the ability to send a malformed PROPFIND request to the remote host,...

Sun Solaris mailx contains buffer overflow via -F option

Overview A buffer overflow in the mailx program on Solaris systems can allow an intruder to execute code with the privileges of the mail group. Description A buffer overflow in the -F option of the mailx program on Solaris systems may allow an intruder to execute code with the privileges of the...

Microsoft Visual Studio VB-TSQL debugger object vbsdicli.exe contains buffer overflow via NewSPID method

Overview A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user. Description The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflo...

Hexyn-sa-17.txt

Hexyn / Securax Advisory 17 - Bison FTP Server Directory Traversal Topic: Bison FTP Server Directory Traversal Announced: 2001-02-17 Affects: Bison FTP Server version 4 Release 1 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE...

Hexyn-sa-16.TXT

Hexyn / Securax Advisory 16 - Ghetto FTP Server Directory Traversal Topic: Ghetto FTP Server Directory Traversal Announced: 2001-02-17 Affects: Ghetto FTP Server version 1.0 beta 1 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE...

Solaris ipcs vulnerability

Solaris ipcs vulnerability Release Date: April 11, 2001 Systems Affected: Solaris 7 x86 Other versions of Solaris are most likely affected also. Discovered by: Riley Hassell [email protected] Description: We have discovered a buffer overflow in the /usr/bin/i86/ipcs utility provided with Solaris 7...

FreeBSD-SA-01:31.ntpd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:31 Security Advisory FreeBSD, Inc. Topic: ntpd contains potential remote compromise Category: core/ports Module: ntpd Announced: 2001-04-06 Credits: Przemyslaw Frasunek...

Security Bulletin MS01-002

--------------------------------------------------------------------- Title: PowerPoint File Parsing Vulnerability Date: January 22, 2001 Software: PowerPoint 2000 Impact: Execution of Arbitrary Code Bulletin: MS01-002 Microsoft encourages customers to review the Security Bulletin at:...

iPlanet Directory Server Traversal Arbitrary File Access

There is a bug in the remote iPlanet web server that allows a user to read arbitrary files on the remote host. To exploit this flaw, an attacker needs to prepend '/../../' to the file name to read. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10589; scriptversion...

1st Up Mail Server v4.1 Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1st Up Mail Server v4.1 Buffer Overflow Vulnerability USSR Advisory Code: USSR-2000058 Public Disclosure Date: December 25, 2000 Vendors Affected: Upland Ltd http://www.upland.co.uk/ Systems Affected: 1st Up Mail Server v4.1 Problem: The Ussr Team has...

Input validation error in quikstore.cgi allows attackers to execute commands

Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...

BOA Web Server 0.94.8.2 - Arbitrary File Access

BOA Web Server 0.94.8.2 - Arbitrary File Access ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt...

Check Point VPN-1FireWall-1 4.1 SP2 - Blocked Port Bypass

Check Point VPN-1FireWall-1 4.1 SP2 - Blocked Port Bypass / Summary A vulnerability exists in Check Point VPN-1/FireWall-1 4.1 SP2 that enables an attacker to establish connections to blocked TCP services through the firewall in certain configurations. We expect many deployed FireWall-1...