[SNS Advisory No.28]InterScan VirusWall for NT remote configuration

SNS Advisory No.28 InterScan VirusWall for NT remote configuration Problem first discovered: Thu, 24 May 2001 Published: Thu, 31 May 2001 Last Updated: Thu, 31 May 2001 ---------------------------------------------------------------------- Overview -------- Trend Micro InterScan VirusWall for...

CVE-2001-0432

The vulnerability CVE-2001-0432 affects Trend Micro Interscan VirusWall 3.01 through its remote administration CGI interface. Multiple CGI programs may overflow when given crafted inputs, allowing remote attackers to execute arbitrary commands. OpenVAS/Nessus entries also describe unauthenticated...

ld.so fails to unset LD_PRELOAD before executing suid root programs

Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...

CVE-2001-0002

Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help .chm files to execute arbitrary programs...

CVE-2001-0135

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...

CVE-2001-0048

The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability...

Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability

Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability Jin Ho You, [email protected] 1 Discussion CrazyWWWBoardhttp://www.crazywwwboard.com is a web bulletin board program written in C/C++. Insufficient boundary checking exists in the qDecoder CGI library code which...

CVE-2000-0959

CVE-2000-0959 concerns glibc2/ld.so: the loader does not clear LD_DEBUG_OUTPUT and LD_DEBUG before invoking programs from a setuid context. This can enable a local attacker to exploit a symlink to overwrite arbitrary files. Concrete details exist in CERT/CC reports (Debian advisory) describing th...

CVE-2000-1005

The CVE-2000-1005 entry concerns directory traversal in eXtropia WebStore CGI scripts (html_web_store.cgi and web_store.cgi). An attacker can read arbitrary files by supplying a .. (dot dot) path in the page parameter, enabling remote file disclosure. The vulnerability is evidenced by multiple so...

CVE-2000-0824

The CVE-2000-0824 issue involves glibc 2.1.1 unsetenv(): when a variable appears twice in the environment, the value may not be properly removed, enabling a local attacker to influence setuid programs with duplicate variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) and potentially execute code as roo...

CVE-2000-0824

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...

Windows Media Player 7 and IE java vulnerability - executing arbitrary programs

Georgi Guninski security advisory 35, 2001 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs Systems affected: Windows Media Player 7 and IE Risk: High Date: 15 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it...

[RHSA-2001:001-05] glibc file read or write access local vulnerability

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: glibc file read or write access local vulnerability Advisory ID: RHSA-2001:001-05 Issue date: 2001-01-11 Updated on: 2001-01-11 Product: Red Hat Linux Keywords: glibc...

CVE-2000-1161

The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases...

CVE-2000-0959

glibc2 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack...

CVE-2000-1134

CVE-2000-1134 concerns multiple shells (tcsh, csh, sh, bash) that follow symlinks when processing here-documents (<

CVE-2000-0879

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services...

Solaris 2.6/7.0 /locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

Дырка в KW Whois (unparsed shell chars)

Вызов внешней программы со строкой введенной пользователем позволяет выполнить любое приложение на сервере...

CVE-2000-0680

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action...