[Full-Disclosure] Utility Manager - Failure to drop system privileges

======================================================================== = Utility Manager - Failure to drop system privileges = = MS Bulletin posted: April 13, 2004 = http://www.microsoft.com/technet/security/Bulletin/MS04-011.mspx = = Affected Software: = Microsoft Windows 2000 = = Public...

F-Secure BackWeb 6.31 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/10055/info A vulnerability has been reported in F-Secure BackWeb that may permit local attackers to gain system level privileges. The source of this vulnerability is that certain areas within the BackWeb interface permit arbitrary programs to be invoked...

HP Web JetAdmin vulnerabilities.

lo all: http://sh0dan.org/files/hpjadmadv.txt Fear the vi formatting. Product: HP Web JetAdmin Version 7.5.2546 Others that use this codebase assumed vulnerable Note: Only tested on the Windows Platform. Vulnerability: Denial of Service, Upload Any file to the filesystem to a known location, Writ...

Alt-N WebAdmin 2.0.x - USER Remote Buffer Overflow (1)

Alt-N WebAdmin 2.0.x - USER Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/8024/info Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM...

ISS Security Brief: Microsoft MDAC Remote Compromise Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief November 21, 2002 Microsoft MDAC Remote Compromise Vulnerability Synopsis: Microsoft has released a security bulletin detailing a vulnerability in Microsoft MDAC technology. MDAC or Microsoft Data Access Components is a...

All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)

All versions of Microsoft Internet Information Services, Remote buffer overflow SYSTEM Level Access Release Date: June 18, 2001 Severity: High Remote SYSTEM level code execution Systems Affected: Microsoft Windows NT 4.0 Internet Information Services 4.0 Microsoft Windows 2000 Internet Informatio...

Oracle Web Listener 4.0.x - for NT Batch File

Oracle Web Listener 4.0.x - for NT Batch File source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on t...

Oracle Web Listener 4.0.x - for NT Batch File

source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on the server, simply by appending '?&' and a...

Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Spoolss.exe DLL Insertion

Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Spoolss.exe DLL Insertion source: https://www.securityfocus.com/bid/769/info The spooler service spoolss.exe allows local users to add their own dll files and have the spooler run them at SYSTEM level. This could lead to privilege escalation all the wa...

Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Spoolss.exe' DLL Insertion

source: https://www.securityfocus.com/bid/769/info The spooler service spoolss.exe allows local users to add their own dll files and have the spooler run them at SYSTEM level. This could lead to privilege escalation all the way up to Administrator level. The problem is in the function...

Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)

source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services. It includes a component named RDS Remote Data Services. RDS allows remote access via the internet to database objects through IIS. Both are included i...

CVE-1999-1414

IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges...