Eznet 3.5.0 - Remote Stack Overflow Universal

Eznet 3.5.0 - Remote Stack Overflow Universal !/usr/bin/perl -w COROMPUTER Crpt universal eZ v3.3 3 print "syntax: ".$0." \r\n"; exit; print "+ Connecting to ".$ARGV0."\t..."; my $sock = IO::Socket::INET-newProto='tcp', PeerAddr=$ARGV0, PeerPort="80"; if!$sock print "Error\r\n"; exit; print...

CVE-2003-0981

FreeScripts VisitorBook LE visitorbook.pl logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting XSS attacks...

CVE-2003-0980

CVE-2003-0980 is an XSS vulnerability in FreeScripts VisitorBook LE (visitorbook.pl). The issue permits remote attackers to inject arbitrary HTML or JavaScript via (1) the do parameter, (2) the user parameter from a host with a malicious reverse DNS name, and (3) quote marks or ampersands in othe...

Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect

The remote Citrix NFuse Webserver is vulnerable to a bug wherein any anonymous user can force the server to redirect to any arbitrary IP and Port. Among other things, this flaw can allow an external attacker to use the Citrix server as a rudimentary port scanner of either another network or the...

Pine <= 4.56 Remote Buffer Overflow Exploit

Exploit for linux platform in category remote exploits =========================================== Pine eip/ebp this can actually be "bruteforced" I didn't show this since this is a PoC and uses "exact offsets" All u do is supply multiple charsets and overwrite larger areas of memory This makes...

CVE-2003-0386

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

DEBIAN-CVE-2003-0386

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

Low: Red Hat Security Advisory: apache security update for Stronghold

Updated Apache packages are available which fix a security issue by preventing control characters from being written to the error log. The updated packages also include a minor bug fix for modproxy. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. T...

CVE-2003-0386

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

PT-2003-1047 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.6.1 and earlier Description: The issue allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address, when...

OpenSSH < 3.6.2 Reverse DNS Lookup Bypass

According to its banner, the remote host appears to be running OpenSSH-portable version 3.6.1 or older. There is a flaw in such version that could allow an attacker to bypass the access controls set by the administrator of this server. OpenSSH features a mechanism that can restrict the list of...

OpenSSH remote clent address restriction circumvention

Welkyn Security Advisory SA-2003060400 Synopsis: SSH "from=" and "user@hosts" restrictions spoofable via reverse DNS for numerically specified IP addresses. Issue Date: June 4, 2003 Software Affected: OpenSSH 3.6.1 and earlier Vendor notified: May 24, 2003. Vendor response: See workarounds, below...

IP address limitation protection bypass in OpenSSH

Only reverse resolution is checked, it allows to spoof record in reverse zone...

AdSubtract Proxy ACL Bypass Vulnerability

AdSubtract Proxy ACL Bypass Vulnerability URL http://www.lurhq.com/advisory20030604.html Release Date June 4, 2003 Author Joe Stewart About AdSubtract AdSubtract is one of the leading products in the banner-ad blocking software market. It is frequently bundled with modems from several leading...

Windows 2003/XP gethostbyaddr&#40;&#41; NULL pointer bug

If invalid CNAME in reverse lookup zone is specified, gethostbyaddr returns hostent structure with name pointer set to NULL...

Windows XP SP1 gethostbyaddr&#40;&#41; flow &#40;Re[3]: mirc32 6.0x crash when resolving dns.&#41;

Dear vulndev, It's definitely bug in Windows XP SP1, as it was supposed by Roland Postle [email protected] To reproduce it: 1. Created zone 1.168.192.in-addr.arpa and add record: 254 IN CNAME non.existant.name 2. Use test program attached 3. I did tests on Windows NT 4.0, Windows 2000 and Windows...

Exploit for PoPToP PPTP server

hello bugtraq, Here is an exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up ...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit

Exploit for linux platform in category remote exploits =========================================== PoPToP PPTP include include define uint8t char define uint16t WORD define uint32t DWORD char shellcode = "\x1a\x76\xa2\x41\x21\xf5\x1a\x43\xa2\x5a\x1a\x58\xd0\x1a\xce\x6b"...

PoPToP PPTP 1.1.4-b3 - Remote Command Execution

PoPToP PPTP 1.1.4-b3 - Remote Command Execution / exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a...

PoPToP PPTP 1.1.4-b3 - Remote Command Execution

/ exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up a reverse shell with...