SSHD-1 Logging Vulnerability

Crimelabs, Inc. www.crimelabs.net Security Note Crimelabs Security Note CLABS200101 Title: SSH-1 Brute Force Password Vulnerability Date: 5 February, 2001 Vendors: Any supported by SSH-1 Versions: At least ssh-1.2.27 and 1.2.30 Not Affected: OpenSSH Severity: Medium to High Author: Jose Nazario...

CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

CVE-2000-0498

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

CVE-2000-0498

The CVE-2000-0498 vulnerability affects Unify eWave ServletExec. A remote attacker could view the source code of a JSP program by requesting a URL that uses the JSP extension in uppercase. Connected sources confirm the affected product and the exact attack vector; PT-2000-1436 notes no informatio...

PHP Security Advisory - Apache Module bugs

Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...

Огромная дыра в Interbase

В базу вкомпилян универсальный пароль доступа, дающий удаленный доступ с административными привелегиями. Всвязи с тем что Inprise Borland открыл сорсы пароль теперь известе всем желающим в текстовом виде...

CVE-2000-1114

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...

ProFTPD 1.2.0(rc2) (memory leakage example) Exploit

Exploit for unknown platform in category dos / poc =================================================== ProFTPD 1.2.0rc2 memory leakage example Exploit =================================================== / | Proftpd DoS | by Piotr Zurawski email protected | This source is just an example of memory...

commercial products and security [ + new bug ]

-- Standard disclaimer applies. This post reflects my personal beliefs and -- oppinions only, and I am speaking as a private person. These statements -- are not related to my eployer, don't have to be true, and are subject to -- futher investigation and consultation with your software vendor only...

CVE-2000-1114

The CVE-2000-1114 vulnerability affects Unify ServletExec AS v3.0C. A flaw in the HTTP handling allows remote attackers to read JSP source code by sending an HTTP request that ends with certain characters (e.g., ".", "+", or "%20"). This can expose source contents and partial confidentiality leak...

Linux xsoldier-0.96 exploit (Red Hat 6.2)

Exploit for linux platform in category local exploits ========================================= Linux xsoldier-0.96 exploit Red Hat 6.2 ========================================= include include define NOP 0x90 define BUFSIZE 4408 define OFFSET 0 define RANGE 20 unsigned char blah =...

CVE-2000-1052

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet...

Exploit Code for File Input field advisory.

I have coded an exploit example for the "File Upload via Form" vulnerability recently mentioned by Microsoft Security. Here's the source for it well, most of the source. If you would like the whole source, email me. I'll send it as an attachment. --------------snip------------------ !script...

Проблема с Ultraseek

Используя URL типа http://target:8765/index.html/ можно получить исходный текст документов...

CSA-200012.txt

CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Date£º Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ¡¡¡¡- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...

Security Advisory(CSA-200012)

CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Dateёє Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ЎЎЎЎ- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...

Inktomi Search Software 3.0 - Source Disclosure

source: https://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/somefile.html/ will return the source to...

CVE-2000-1052

The CVE-2000-1052 entry concerns Allaire JRun 2.3 server. Affected component: SSIFilter servlet. Root cause: remote attackers can directly invoke the SSIFilter servlet to obtain source code for executable content, leading to partial confidentiality impact. The public description states exposure o...