Multiple FTP Server quote stat Command Traversal Arbitrary Directory Access

The remote FTP server is vulnerable to a flaw that allows users to access files outside the FTP server root. An attacker may break out of his FTP jail by issuing the command : ftp quote stat ../ Some versions of VisNetic FTP Server and Titan FTP Server are known to be affected by this issue. C...

pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions

Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...

ActivCard password cache memory leakage

In December of the 2002 I was analysing the ActivCard product for a client. During the analysis I noticed that making a memory dump of the process "scardsrv" was possible to obtain the users stored staticaly in the card. This issue at first, could seem smaller, although in depth already it has a...

Vignette StoryServer TCL Server Crash Information Disclosure

The remote host is running Vignette StoryServer, a web interface to Vignette's Content Management suite. A flaw in this product may allow an attacker to extract information about the other users session and other sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Dat...

Apache vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition. Description The Apache HTTP Server is a very popular...

Sendmail < 8.12.9 NOCHAR Control Value prescan Overflow

The remote Sendmail server, according to its version number, may be vulnerable to a remote buffer overflow allowing remote users to gain root privileges. Sendmail versions from 5.79 to 8.12.8 are vulnerable. NOTE: manual patches do not change the version numbers. Vendors who have released patched...

Sun RPC XDR xdrmem_getbytes Function Remote Overflow

The RPC library has an integer overflow in the function xdrmemgetbytes. An attacker may use this flaw to execute arbitrary code on this host with the privileges your RPC programs are running with typically root, by sending a specially crafted request to them. Note that this issue affects Solaris,...

Thunderstone Software Texis Crafted Request Information Disclosure

The remote installation of Texis can be abused to disclose potentially sensitive information about the remote host, such as its internal IP address and the path to various components eg, cmd.exe. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Cisco IOS SSH Large Packet CPU Consumption DoS (CSCdw33027)

It is possible to make the remote IOS crash when sending it malformed SSH packets. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11381; scriptversion"1.26"; scriptcveid"CVE-2002-1024"; scriptbugtraqid5114; scriptnameenglish:"Cisco IOS SSH Large Packet CPU Consumption...

SunFTP GET Request Remote Overflow

Buffer overflow in SunFTP build 91 allows remote attackers to cause a denial of service or possibly execute arbitrary commands by sending more than 2100 characters to the server. This script was written by Xue Yong Zhi See the Nessus Scripts License for details Changes by Tenable: - Revised plugi...

Multiple Vendor NFS CD Command Arbitrary File/Directory Access

The remote NFS server allows users to use a 'cd ..' command to access other directories besides the NFS file system. An attacker may use this flaw to read every file on this host. C Tenable Network Security, Inc. This is the implementation of an oooold attack. include 'compat.inc' ; if descriptio...

Solaris mibiisa MIB Parsing Remote Overflow

The remote host is running mibiisa. There is a buffer overflow in older versions of this software, which may allow an attacker to gain a root shell on this host. Note that Nessus did not actually check for this vulnerability so this might be a false positive. C Tenable Network Security, Inc. XXXX...

Concurrent Versions System (CVS) server improperly deallocates memory

Overview A "double-free" vulnerability in the Concurrent Versions System CVS server could allow a remote attacker to execute arbitrary code or commands or cause a denial of service on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source...

[VSA0305] HLTV remote DoS

void.at Security Advisory VSA0305 HLTV offers the ability to have thousands of spectators watch online games on Half-Life-servers. Overview ======== By sending a specially crafted packet to the hltv-server, an attacker can cause the server to crash. Affected Versions ================= The one tha...

MS03-010: Microsoft Windows RPC Endpoint Manager Malformed Packet DoS (331953) (intrusive check)

MS Windows RPC service RPCSS crashes trying to dereference a NULL pointer when it receives a certain malformed request. All MS RPC-based services i.e. a large part of MS Windows 2000+ running on the target machine are rendered inoperable. %NASLMINLEVEL 70300 Test "Spike 2.7" MS RPC Services NULL...

DHTML Edit Control for IE5 allows local files to be uploaded to web server

Overview A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server. Description DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely...

HP Tru64 UNIX "ypmatch" contains buffer overflow (SSRT2277)

Overview The HP Tru64 UNIX implementation of "ypmatch" contains a locally exploitable buffer overflow. Description "ypmatch" is used to print the value of keys from an NIS map. A locally exploitable buffer overflow in ypmatch may permit a local attacker to gain elevated privileges and execute...

Cisco NTP ntpd readvar Variable Remote Overflow (CSCdt93866)

By sending a crafted NTP control packet, it is possible to trigger a buffer overflow in the NTP daemon. This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine. This vulnerability is documented as Cisco Bug ID...

Taskpads ActiveX Control incorrectly marked safe-for-scripting

Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...

Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow Release Date: 00/00/2002 Severity: High Remote code execution IWAMMACHINE Privilege Level Systems Affected: Microsoft Windows NT 4.0 Internet Information Services 4.0 Microsoft Windows 2000 Internet Information Services 5.0 Description: A...