4971 matches found
Microsoft MCWNDX.OCX ActiveX buffer overflow
Microsoft MCWNDX.OCX ActiveX buffer overflow ================================================= PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW HOMEPAGE: www.microsoft.com VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to support multimedia programming. DESCRIPTION...
Microsoft Windows Media Services contains buffer overflow in "nsiislog.dll"
Overview Microsoft Windows Media Services provides streaming audio and video capabilities. A vulnerability in a component of this software could allow a remote attacker to compromise the server running it. Description According to Microsoft Security Bulletin MS03-022:Microsoft Windows Media...
MegaBrowser 0.71b - Multiple Vulnerabilities
MegaBrowser 0.71b - Multiple Vulnerabilities MegaBrowser Multiple Vulnerabilities Vendor: Quality Programming Corporation Product: MegaBrowser Version: = 0.71b Website: http://www.megabrowser.com BID: 7802 7803 Description: Megabrowser is a free standalone program that enables you to host website...
MegaBrowser < 0.71b - Multiple Vulnerabilities
MegaBrowser Multiple Vulnerabilities Vendor: Quality Programming Corporation Product: MegaBrowser Version: = 0.71b Website: http://www.megabrowser.com BID: 7802 7803 Description: Megabrowser is a free standalone program that enables you to host websites and FTP sites by utilizing its powerful...
Important: Red Hat Security Advisory: xinetd security update
Updated xinetd packages fix a security vulnerability and other bugs. Xinetd is a master server that is used to to accept service connection requests and start the appropriate servers. Because of a programming error, memory was allocated and never freed if a connection was refused for any reason. ...
OneOrZero Helpdesk 1.4 - install.php Administrative Access
OneOrZero Helpdesk 1.4 - install.php Administrative Access source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error i...
OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access
source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script. Reportedly a script does not...
CDRTools CDRecord 1.11/2.0 - Devname Format String
// source: https://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported that by harnessing an unsupported feature of the...
CDRTools CDRecord 1.112.0 - Devname Format String
CDRTools CDRecord 1.112.0 - Devname Format String // source: https://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported th...
Lib CGI 0.1 - Include Buffer Overflow
// source: https://www.securityfocus.com/bid/6264/info Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems. It has been reported that a buffer overflow exists in the Lib CGI development library. Due to improper bounds...
FreeNews 2.1 - Include Undefined Variable Command Execution
source: https://www.securityfocus.com/bid/6258/info FreeNews is a freely available, open source News software package. It is written in PHP, and designed for use on Unix and Linux operating systems. Programming errors in FreeNews could lead to the inclusion of arbitrary files on remote servers in...
Trillian 0.74 - IRC Raw Messages Denial of Service
Trillian 0.74 - IRC Raw Messages Denial of Service // source: https://www.securityfocus.com/bid/5775/info A vulnerability has been reported for Trillian. Reportedly, Trillian is prone to a denial of service condition when certain IRC raw messages are received by the client. This may be exploited ...
efstool.pl
!/usr/bin/perl Another efstool exploit $shell = "\x31\xc0\xb0\x17\x31\xdb\xcd\x80\x31\xc0\x50\x89". "\xe2\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89". "\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"; $ret =0xbfffe590; $buf = 3000; $egg = 2000; $nop = "\x90"; $offset = 0; if @ARGV == 1 $offset = $ARGV0;...
RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code
Incorrect integer overflow detection in C code A widely used method of detecting integer overflows results in undefined behavior according to the C standard. Who Should Read This Document This advisory deals with with details of the C programming language. It is targeted at C programmers. Systems...
codeblue.txt
TITLE: Pontential remote root in CodeBlue log scanner NAME: DEMI SEX GOD FROM HELL ADV 00001 DATE: YES, PLEASE MAIL ME IF YOU ARE FEMALE send pictures CRAZY TRACKING NUMBER THAT MAKES IT LOOK LIKE I HAVE SOME MASSIVE DATABASE OF JUAREZ: 7363A64B02 Props to dme@! Information ----------- you may...
Multiple bugs in OpenSSH ssh-keysign
Vulnerable to Kocher timing analysis attack, some programming errors...
iisfux0r.txt
/ iisfux0r.c - Microsoft IIS W3SVC Denial of Service, c Filip Maertens - PoC BUG-ID : 2002009 CVE : CAN-2002-0072 Advisory : Peter Grundle @ KPMG Dave Aitel @ AtStake This will bring down the Inetinfo.exe process, in which you create a Denial of Service condition on your webserver. Please, confir...
ROTOS Remote SNMP Attack Tool
Internet Security Systems Security Alert February 12, 2002 PROTOS Remote SNMP Attack Tool Synopsis: ISS X-Force has learned of a powerful SNMP Simple Network Management Protocol attack tool that may be circulating in the computer underground. The PROTOS SNMP stress-testing tool sends thousands of...
Обратный путь в директориях Comprehensive Web Programming API (directory traversal)
Метод GetRelativePath не проверяет относительные пути...
Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting
source: https://www.securityfocus.com/bid/3714/info Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl. Aktivate is prone to cross-site scripting attacks. It is possible to construct a link containing arbitrary script...