@stake Advisory: Windows Still Image Privilege Elevation (A090700 -1)

@stake Inc. www.atstake.com Security Advisory Advisory Name: Windows Still Image Privilege Elevation A090700-1 Release Date: 09/07/2000 Application: Still Image Service Platform: Windows 2000 Severity: A local user can elevate privileges to SYSTEM. Author: DilDog [email protected] Vendor Status:...

Security Bulletin (MS00-061)

Microsoft Security Bulletin MS00-061 - -------------------------------------- Patch Available for "Money Password" Vulnerability Originally posted: August 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Money. The vulnerability could...

Security Bulletin (MS00-060)

Microsoft Security Bulletin MS00-060 - -------------------------------------- Patch Available for "IIS Cross-Site Scripting" Vulnerabilities Originally posted: August 25, 2000 Summary ======= Microsoft has released a patch that eliminates security vulnerabilities in Microsoftr Internet Informatio...

php-nuke.txt

php-nuke bug by StarmanJones 22/08/00 Disclaimer: I am not responsible for whatever you do with the knowledge you get from reading this advisorie. I am not telling you to go and post messages on sites that use PHP-nuke. Recently there was an advisory on bugtraq about An access validation error th...

Account Manager CGI Vulnerability

Product: Account Manager Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password...

VIGILANTE-2000005.txt

Watchguard Firebox Authentication DoS Advisory Code: VIGILANTE-2000005 Release Date: August 15, 2000 Systems Affected: Tested on the newest version of the Watchguard Firebox II that was on the 22nd of June, but it is very likely that this bug exists in all prior versions that include the...

Security Bulletin (MS00-057)

Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...

Advisory CA-2000-16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-16 Microsoft 'IE Script'/Access/OBJECT Tag Vulnerability Original release date: August 11, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Internet Explorer 4.x, 5.x...

Security Bulletin (MS00-055)

Microsoft Security Bulletin MS00-055 - -------------------------------------- Patch Available for "Scriptlet Rendering" Vulnerability Originally Posted: August 09, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet Explorer. The...

[COVERT-2000-09] Windows NetBIOS Name Conflicts

Microsoft Security Bulletin MS00-047 - -------------------------------------- Patch Available for "NetBIOS Name Server Protocol Spoofing" Vulnerability Originally Posted: July 27, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in a protocol implemente...

AnalogX Proxy DoS

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory AnalogX Proxy DoS ---------------------------------------------------------------------- FS Advisory ID: FS-072500-7-ANA.txt Release Date: July 25, 2000 Product: Proxy Vendor: AnalogX http://www.analogx.com...

AnalogX Proxy 4.0 4 - Denial of Service

// source: https://www.securityfocus.com/bid/1504/info AnalogX Proxy is a simple proxy server that allows a user to connect a network of computers to the internet through the proxy gateway. Many of the services provided contain buffer overrun vulnerabilities that can allow an attacker to crash th...

Roxen security alert: Problems with URLs containing null characters.

Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: Directory listings in directories with index files In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc...

Security Bulletin (MS00-045)

Microsoft Security Bulletin MS00-045 - -------------------------------------- Patch Available for "Persistent Mail-Browser Link" Vulnerability Originally Posted: July 20, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability affecting Microsoftr Outlook...

[email protected]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Network Associates, Inc. COVERT Labs Security Advisory July 17, 2000 LISTSERV Web Archive Remote Overflow COVERT-2000-07 o Synopsis The L-Soft LISTSERV web archive wa,wa.exe component contains an unchecked buffer allowing remote execution of arbitrary...

Security Bulletin (MS00-043)

Microsoft Security Bulletin MS00-043 - -------------------------------------- Patch Available for "Malformed E-mail Header" Vulnerability Originally posted: July 18, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Outlookr and Outlook...

cvsweb: remote shell for cvs committers

Cvsweb 1.80 contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvswe...

BitchX /ignore bug

I don't know whether this is the right place to put it, but i'm going to anyway : Because of a simple /invite nickname sssssssss, BitchX will segfault and coredump. This is a small programming error, you can find a patch at this location: http://root66.org/karin/BitchX-bug-patch-3-juli-2000.tar.g...

ALERT: Bypassing Warnings For Invalid SSL Certificates In Internet Explorer

=====BEGIN-ACROS-REPORT===== ========================================================================= ACROS Security Problem Report 1999-12-15-1-PUB ------------------------------------------------------------------------- Bypassing Warnings For Invalid SSL Certificates In Internet Explorer...

Microsoft Windows Media Services 4.04.1 - Denial of Service (MS00-038)

Microsoft Windows Media Services 4.04.1 - Denial of Service MS00-038 // source: https://www.securityfocus.com/bid/1282/info Windows Media Encoder is part of Windows Media Services. It's purpose is to convert content into a suitable format for video or audio streaming through the Media Services. I...