277 matches found
SX-20000620-1
FSC Internet / SecureXpert Labs SecureXpert Labs Advisory SX-20000620-1 - Denial of Service vulnerability in Microsoft Windows 2000 Telnet Server Summary Microsoft Windows 2000 Server is supplied with a Telnet server for remote console access. A Denial of Service vulnerability exists in this serv...
X 11.03.3.33.3.43.3.53.3.64.0 - libX11 _XAsyncReply() Stack Corruption
X 11.03.3.33.3.43.3.53.3.64.0 - libX11 XAsyncReply Stack Corruption // source: https://www.securityfocus.com/bid/1408/info A vulnerability exists in the XAsyncReply function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed...
Дырка в Web-counter'e counterfiglet
Вызов system с непроверяемым на shell-метасимволы вводом пользователя позволяют выполнить любое приложение на сервере, например http://web-server/cgi-bin/counterfiglet/nc/f=;echo;w;uname20-a;id...
Caldera OpenLinux 2.3 - rpm_query CGI
Caldera OpenLinux 2.3 - rpmquery CGI source: https://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and...
Microsoft Internet Explorer 455.55.0.1 - external.NavigateAndFind() Cross-Frame
Microsoft Internet Explorer 455.55.0.1 - external.NavigateAndFind Cross-Frame Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet...
Admiral Systems EmailClub 1.0.0.5 - Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/801/info Certain versions of EmailClub, a mail server package by Admiral Systems Inc. are vulnerable to a remote buffer overflow. This overflow is exploitable via EmailClub's POP3 server which fails to perform proper bounds checking on the 'From:' head...
Antelope Software W4-Server 2.6 aWin32 - Cgitest.exe Remote Buffer Overflow
Antelope Software W4-Server 2.6 aWin32 - Cgitest.exe Remote Buffer Overflow // source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform...
etype eserv 2.50 - Directory Traversal
source: https://www.securityfocus.com/bid/773/info Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings ...
iusr_bug.txt
Internet User Bug Security Hole -kon. I've recently found a bug in NT 4 Server w/ IIS that allows the internet user IUSRCOMPUTER to change any user's password, including the administrators, leading to total server compromise. How it's done: The attacker must have access to the NT Server's web...
netscape.find.txt
Date: Mon, 8 Mar 1999 19:48:05 +0200 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator find vulnerabilities There is a design flaw in Netscape Communicator 4.5 Win95, 4.08 WinNT I guess all 4.x version are vulnerable which allows the following security exploits: Readin...
Computalynx CMail 2.3 - Web File Access
Computalynx CMail 2.3 - Web File Access / source: https://www.securityfocus.com/bid/281/info A vulnerability in Computalynx's CMail allows remote malicious users to steal local files. Compulynx's CMail is a Win32 mail server program. One of its features is allowing users to access their email wit...
CVE-1999-0468
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component...
WebCom datakommunikation Guestbook 0.1 - 'wguest.exe' Arbitrary File Access
source: https://www.securityfocus.com/bid/2024/info The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook undetermined at the time of writing are vulnerable to an attack allowing an intruder to retrieve the conten...
WebCom datakommunikation Guestbook 0.1 - rguest.exe Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - rguest.exe Arbitrary File Access source: https://www.securityfocus.com/bid/2024/info The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook undetermined at the time of writi...
Dan Bernstein QMail 1.0 3 - RCPT Denial of Service (1)
source: https://www.securityfocus.com/bid/2237/info qmail is an e-mail server package developed by Dan Bernstein. The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field RCPT, qmail will stop responding. This behaviour is due to th...
Microsoft IIS 2.03.0 - Appended Dot Script Source Disclosure
Microsoft IIS 2.03.0 - Appended Dot Script Source Disclosure source: https://www.securityfocus.com/bid/2074/info Microsoft Internet Information Server IIS is a popular web server, providing support for a variety of scripting languages, including ASP active server pages. IIS 2.0 and 3.0 suffer fro...
CVE-1999-0173
FormMail CGI program can be used by web servers other than the host server that the program resides on...