PHP-Nuke 5.6 - modules.php SQL Injection

PHP-Nuke 5.6 - modules.php SQL Injection source: https://www.securityfocus.com/bid/6088/info A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify...

CVE-2002-0478

The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings...

Two more exploitable holes in the trillian irc module

Sent the following advisory to trillian: Tue, 16 Jul 2002 16:49:19 -0400 EDT Submitted by : Josh [email protected], omega [email protected] on July 16th, 2002 Vulnerability : Format strings bug and buffer overflow in the IRC client of Trillian Tested On : Trillian v0.73,0.72 Remote : Yes Gree...

solaris 9 sparc rcp

hallo, freshly installed solaris 9 sparc. one more suid segfault: bash-2.05$ uname -a SunOS solaris9 5.9 Generic sun4u sparc SUNW,Ultra-510 bash-2.05$ ls -l /usr/sbin/static/rcp -r-sr-xr-x 1 root bin 787700 Apr 6 16:58 /usr/sbin/static/rcp bash-2.05$ /usr/sbin/static/rcp perl -e 'print "A" x 1000...

CVE-2002-0478

The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings...

CVE-2002-0239

Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the 1 -fn, 2 -hfb, or 3 -hfn argument...

MIT PGP Public Key Server 0.9.2/0.9.4 - Search String Remote Buffer Overflow

source: https://www.securityfocus.com/bid/4828/info The PGP Public Key Server is a freely available, open source software package distributed by MIT. It is designed for use on Linux and Unix operating systems. The PGP Public Key Server does not properly handle long search strings. Under some...

Progres Databse PROMSGS Format strings issue.

Well once again I have found yet another Progress database issue. The PROMSGS has been looked at one time already for buffer overflows. It was supposed to be fixed. I was poking around at it today and noticed these format strings issues... PROGRESS Version 9.1C as of Thu Jun 7 10:03:59 EDT 2001...

DoS против 3COM HomeConnect (buffer overflow)

Переполнение буфера при длинной строке запроса к Web-интерфейсу...

CVE-1999-1513

CVE-1999-1513 affects a 3Com SuperStack II hub running software version 2.10. The vulnerability centers on a read-only MIB object (.1.3.6.1.4.1.43.10.4.2) that exposes the entire table of community strings, potentially enabling unauthorized activities. The available public description confirms th...

%u encoding IDS bypass vulnerability

u encoding IDS bypass vulnerability Release Date: September 5, 2001 Severity: Medium Systems Affected: Cisco Secure Intrusion Detection System, formerly known as NetRanger, Sensor component. Cisco Catalyst 6000 Intrusion Detection System Module ISS RealSecure Network Sensor 5.x and 6.x before XPU...

CVE-2001-0247

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a sequence, as seen in 1 gopendir, 2 glstat, 3 gstat, and 4 the glob0 buffer as used in the glob functions glob2 and glob3...

"at" is vulnerable on Solaris 7 and 8

We found that "at" in Solaris is vulnerable on Solaris 7 and 8 The kind of bug is discussed on Bugtraqid:1634 -- Generally a program that needs to display a message to the user will obtain the proper language specific string from the database using the original message as the search key and...

CVE-1999-0784

Denial of service in Oracle TNSLSNR SQLNet Listener via a malformed string to the listener port, aka NERP...

Cisco IOS Software Multiple SNMP Community String Vulnerabilities

...

CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen...

ssldump 0.9 b1 - Format String

source: https://www.securityfocus.com/bid/2096/info ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code. The problem exists in the ssldump handling of format...

ssldump 0.9 b1 - Format String

ssldump 0.9 b1 - Format String source: https://www.securityfocus.com/bid/2096/info ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code. The problem exists in th...

Solaris locale Format Strings (noexec stack) Exploit

Exploit for solaris platform in category local exploits ==================================================== Solaris locale Format Strings noexec stack Exploit ==================================================== / exploit for locale subsystem format strings bug In Solaris with noexec stack. Test...

Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow

/ exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e 's/^.lib\0-9a-zA-Z\.so./-l\1/' usages: ./ex -h Thanks for Ivan Arce who found this bug...