2083 matches found
CVE-2001-1519
RunAs runas.exe in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to...
CVE-2001-1518
RunAs runas.exe in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service RunAs hang by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the...
PT-2001-2604 · Microsoft · Windows 2000
Name of the Vulnerable Software and Affected Versions: Windows 2000 Description: The issue allows local users to create a spoofed named pipe when the RunAs service is stopped, then capture cleartext usernames and passwords when clients connect to the service. The vendor disputes this issue, sayin...
[Exim] Potential security problem
From: Philip Hazel [email protected] To: [email protected], [email protected] Subject: Exim Potential security problem X-BeenThere: [email protected] Date: Wed, 19 Dec 2001 14:35:41 +0000 GMT Important. Please read. Amongst other things, Exim 3.34 and Exim 3.952 alpha for Exim 4, which ...
Microsoft Windows Server 2000 - RunAs Service Named Pipe Hijacking
Microsoft Windows Server 2000 - RunAs Service Named Pipe Hijacking // source: https://www.securityfocus.com/bid/3185/info The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an...
Microsoft Windows Server 2000 - RunAs Service Named Pipe Hijacking
// source: https://www.securityfocus.com/bid/3185/info The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an icon, then selecting 'Run as...' from the context menu. When the...
Microsoft Windows Server 2000 - RunAs Service Denial of Service
// source: https://www.securityfocus.com/bid/3291/info The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an icon, then selecting 'Run as...' from the context menu. When the...
Microsoft Windows Server 2000 - RunAs Service Denial of Service
Microsoft Windows Server 2000 - RunAs Service Denial of Service // source: https://www.securityfocus.com/bid/3291/info The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an...
OpenBSD 2.x/3.0 - User Mode Return Value Denial of Service
// source: https://www.securityfocus.com/bid/3612/info OpenBSD is a freely available implementation of the BSD Operating System. It is based on the NetBSD implementation. Under some conditions, an application launched by a regular user on the system can cause a system crash. When an application o...
Проблемы со службой RunAs в Windows 2000 (privelege escalation)
Атакующий может подменить именованый канал службы чтобы перехватить логин и пароль пользователя. Кроме того, после выполнения приложения не производится очистка буфера памяти, что позволяет получить доступ к конфеденциальным данным. Имеется возможность DoS...
PT-2001-1056 · Mit · Krb5-Configs +5
Name of the Vulnerable Software and Affected Versions: krb5-workstation versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-devel versions 1.1.1 through 1.2.2 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2 Description: The issue affects...
CVE-2001-0349
CVE-2001-0349 affects Microsoft Windows 2000, specifically the Telnet Service. The Telnet Service creates named pipes to share data between session handlers, using an algorithm to name pipes that is easily predictable, and it does not properly verify the pipe names. If a local attacker with acces...
PALS Library System "show files" Vulnerability and remote command execution
Name: PALS Library System "show files" Vulnerability and remote command executiom. Date: 02.02.2001 About: This script is derived from an idea originated at St.Olaf College to provide a www interface to the PALS Library System. This idea was then worked on at Georgia State University. This versio...
Дырка в Infobot
Стандартная ошибка перл - нефильтруется '|' в команде calc...
vlock vulnerability in RedHat 7.0
I've tried to lock all virtual consoles in RedHat 7.0 using vlock, which is delivered with this release of RedHat. If user root locks all consoles - it's no problem, but if normal user locks consoles then anybody can unlock without typing a password. Try to use it in the following way: 1. logon a...
CVE-2000-0737
The CVE-2000-0737 entry describes a vulnerability in the Windows 2000 Service Control Manager (SCM) where SCM creates predictable named pipes for system services. This behavior can be abused by a local user with console access to impersonate services and gain administrator privileges. The impact ...
Security Bulletin (MS00-053)
Microsoft Security Bulletin MS00-053 - -------------------------------------- Patch Available for "Service Control Manager Named Pipe Impersonation" Vulnerability Originally posted: August 02, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsof...
Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
It was possible to obtain the browse list of the remote Windows system by sending a request to the LANMAN pipe. The browse list is the list of the nearest Windows systems of the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10397; scriptversion"1.42";...
CVE-1999-0163
CVE-1999-0163 affects older Sendmail versions. An attacker could use a pipe character to execute root commands, enabling local privilege escalation. Affected data shows multiple advisories citing Sendmail with this pipe-based command execution, including references to specific package versions (e...
rxvt.sh
There is a major security hole in rxvt, a terminal emulator for X, when it is run on systems suid root, as is required on many configurations in order to write to the utmp file. It is obvious from the code that this program was not written to be run suid root, its a pity that sysadmins that insta...