1st Up Mail Server v4.1 Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1st Up Mail Server v4.1 Buffer Overflow Vulnerability USSR Advisory Code: USSR-2000058 Public Disclosure Date: December 25, 2000 Vendors Affected: Upland Ltd http://www.upland.co.uk/ Systems Affected: 1st Up Mail Server v4.1 Problem: The Ussr Team has...

Input validation error in quikstore.cgi allows attackers to execute commands

Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...

Check Point VPN-1FireWall-1 4.1 SP2 - Blocked Port Bypass

Check Point VPN-1FireWall-1 4.1 SP2 - Blocked Port Bypass / Summary A vulnerability exists in Check Point VPN-1/FireWall-1 4.1 SP2 that enables an attacker to establish connections to blocked TCP services through the firewall in certain configurations. We expect many deployed FireWall-1...

BOA Web Server 0.94.8.2 - Arbitrary File Access

BOA Web Server 0.94.8.2 - Arbitrary File Access ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt...

BOA Web Server 0.94.8.2 - Arbitrary File Access

ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...

ezmlm-cgi/ezmlm-idx-0.40 security advisory

Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....

Cisco 675 Denial of Service Attack

OK, since everyone is up-in-arms over vendor notification and their response times, here's an example of what happens if you give a vendor too -much- time. ----------------- Title : Cisco 675 Web Administration Denial of Service Device: Cisco 675 DSL Router Class : Denial of Service remote Vendor...

Security Bulletin (MS00-088)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-088 - -------------------------------------- Patch...

exchange.dos.txt

The following body of the e-mail message causes Microsoft Exchange 5.5 SP3 Internet Mail Service and Information Store to crash Refer to Microsoft Security Bulletin MS00-082 http://www.microsoft.com/technet/security/bulletin/ms00-082.asp. Patch is available here:...

hpux.10.20.644.txt

Problem: on HP-UX 10.20 you can change any file on the root partition to mode 644: $ uname -sr HP-UX B.10.20 $ cd /etc/opt/resmon/log $ mv registrar.log registrar.log.orig $ ls -l /.shhistory -rw------- 1 root sys 3316 Sep 20 15:22 /.shhistory $ ln /.shhistory registrar.log $ nc hpux.example.com...

Adobe Acrobat products have buffer overflow in the CIDFont /Registry and /Ordering entries

Overview By embedding malicious code in a Portable Document Format PDF file, an attacker can cause arbitrary code to execute on the victim's system. Description The Adobe Acrobat PDF file format facility for specifying fonts contains buffer overflows in the /Registry and /Ordering entries. Each o...

SystemWizard Launch ActiveX Control lacks authentication

Overview Description The SystemWizard "Launch" ActiveX Control may allow attackers to execute arbitrary commands on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...

SystemWizard Registry Object ActiveX Control lacks authentication

Overview Description The SystemWizard "Registry Object" ActiveX Control may allow attackers to modify the registry on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...

Ultraseek 3.1.x Remote DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ultraseek 3.1.x Remote DoS Vulnerability USSR Advisory Code: USSR-2000056 Public Disclosure Date: October 30, 2000 Vendors Affected: Ultraseek Corporation. http://www.ultraseek.com. Systems Affected: Ultraseek 3.1 Sun Solaris Ultraseek 3.1 Microsoft...

FWTK x-gw Security Advisory [GSA2000-01]

geekgang Security Advisory gsa2000-01 www.geekgang.co.uk © Copyright 2000 geekgang ID: geekgang GSA2000-01 01 v1.0 Topic: FWTK x-gw format bug Status: Release 26th October, 2000 Author: pre Credit: Pekka Savola found the potential problem in the code Abstract The x-gw X Windows gateway component ...

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

auction.weaver.txt

File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 -------------------------------------------------------------- Title: File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Author: Steve Christey [email protected] Date Published: October 16, 2000 Product Name: Auction Weaver...

Security Bulletin (MS00-076)

Microsoft Security Bulletin MS00-076 - -------------------------------------- Patch Available for "Cached Web Credentials" Vulnerability Originally posted: October 12, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet Explorer. Und...

boa.server.txt

ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...

Vulnerability in BOA web server v0.94.8.2

ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...