[CommerceSQL] Remote File Read Vulnerability

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

[Full-Disclosure] sh-httpd `wildcard character' vulnerability

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

[NT] mIRC Buffer Overflow (irc:// Links)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

EMML.txt

Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML EternalMart Mailing List Manager Version : 1.32 ------------------------------------------------- Produit : EMGB EternalMart Guestbook Version : 1.1...

PHP-Nuke v 6.7 + Windows = File Upload

Informations : °°°°°°°°°°°°° Language : PHP Version : 6.7 Website : http://www.phpnuke.org Problem : File Upload PHP Code/Location : °°°°°°°°°°°°°°°°°°° modules/WebMail/mailattach.php :...

cafelog.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor: Cafelog Product: WordPress formerly b2 http://www.wordpress.org/ Vulnerable Versions: CVS versions before October 1, 2003 Vulnerability affects code inherited from b2, so all versions of wordpress released before CVS fix are affected and many...

MPlayer Security Advisory #01: Remotely exploitable buffer overflow

Severity: HIGH if playing ASX streaming content LOW if playing only normal files Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. MPlay...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "APPE" command

Overview It has been reported that a vulnerability exists in the processing of a "APPE" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command

Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...

myPHPNuke : Copy/Upload/Include Files

Informations : °°°°°°°°°°°°° Language : PHP Version : 1.8.87 Website : http://www.myphpnuke.com Problems : - Upload/Copy/Include Files PHP Code/Location : °°°°°°°°°°°°°°°°°°° gallery/displayCategory.php : ------------------------------------------ ... ?php include "$basepath/imageFunctions.php";...

MS03-039: Microsoft RPC Interface Buffer Overrun (824146) (uncredentialed check)

The remote host is running a version of Windows that has a flaw in its RPC interface, which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. An attacker or a worm could use it to gain the control of this host. Note that this is NOT the same bug as the one described in...

Microsoft Windows BR549.DLL ActiveX control contains vulnerability

Overview The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. Description Microsoft Security Bulletin MS03-032 briefly describes a vulnerability in the BR549.DLL...

ZH2003-21SA (security advisory): DcForum+ XSS Vulnerability

ZH2003-21SA security advisory: DcForum+ XSS Vulnerability Published: 10 august 2003 Released: 10 august 2003 Name: DcForum+ Affected Systems: 1.2 Issue: Remote attackers can inject XSS script Author: G00db0y zone-h org Vendor: http://www.dcscripts.com/dcforump.shtml Description Zone-h Security Te...

[SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS

Netfilter Core Team Security Advisory CVE: CAN-2003-0187 Subject: Netfilter / Connection Tracking Remote DoS Released: 01 Aug 2003 Effects: Any remote user may be able to DoS a machine with netfilter connection tracking when running a specific version of the Linux kernel. Estimated Severity: High...

Microsoft SQL Server DoS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server DoS Release Date: 07/23/2003 Application: Microsoft SQL Server 7, 2000, MSDE Platform: Windows NT/2000/XP Severity: Denial of Service Author: Andreas Junestam...

Windows NT 4.0 with IBM JVM Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Windows NT 4.0 with IBM JVM Denial of Service Release Date: 07/23/2003 Application: Any Java application, other applications are possible attack vectors. Platform: Java 2 Runtime Environmen...

[NEWS] Buffer Overflow in Netware Web Server PERL Handler

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security in Canada Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. We welcome ISPs, system...

Microsoft Windows Active Directory fails to handle long LDAP requests

Overview A flaw has been discovered in the way that Microsoft's Active Directory service handles large LDAP requests. This flaw could result in a denial-of-service vulnerability. Description The directory services provided by Microsoft's Active Directory are based on the Lightweight Directory...

Microsoft Windows 2000 SMTP service vulnerable to DoS when processing message with corrupted time stamp

Overview Some versions of Microsoft Windows 2000 feature an SMTP service for handling Internet email. A flaw in this SMTP service may result in a denial-of-service vulnerability. Description When a message with a corrupted time stamp is received by a vulnerable system, the SMTP service may stop...