[Full-Disclosure] GNATS (The GNU bug-tracking system) multiple buffer overflow vulnerabilities.

======================================== INetCop Security Advisory 2003-0x82-018 ======================================== Title: GNATS The GNU bug-tracking system multiple buffer overflow vulnerabilities. 0x01. Description About: GNATS is a portable incident/bug report/help request-tracking syste...

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...

MantisBT Detection

MantisBT, an open source bug tracking application written in PHP and using a MySQL back-end, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11652; scriptversion"1.26"; scriptsetattributeattribute:"pluginmodificationdate",...

BitchX: Crash when channel modes change

On May 7th 2003, we recieved a bug report through our tracking system which noted a crash problem with BitchX for all versions up to 1.0c20cvs. Certain mode changes would cause BitchX to core consistantly. This problem was resolved in less than 24 hours. The patch was commited to CVS by powuh...

Microsoft Biztalk Server DTA vulnerable to SQL injection

Security Advisory Name: Microsoft Biztalk Server Document Tracking and Admnistration vulnerable to SQL injection System Affected : BizTalk Server 2000 and BizTalk Server 2002 Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 05/05/03 Advisory Number: CC040302 Legal Notice: Thi...

CVE-2003-0208

Cross-site scripting XSS vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field...

CVE-2003-0208

CVE-2003-0208 describes an XSS vulnerability in Macromedia Flash ad user tracking, exploitable via the clickTAG field to inject arbitrary JavaScript. Affected component: Flash ad-tracking capability; root cause: input in clickTAG not properly sanitized. Impact (per provided metrics): partial inte...

CVE-2002-0809

Bugzilla 2.14 before 2.14.2 and 2.16 before 2.16rc2 mishandles URL-encoded field names generated by some browsers, causing certain fields to appear unset and resulting in removal of group permissions on bugs when buglist.cgi is used with the encoded field names. Affected components: Bugzilla bug ...

Bugzilla Software Detection

The remote web server is hosting Bugzilla, a web application for bug tracking and managing software development. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11462; scriptversion"1.26"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

Opera 7.0 - History Object Information Disclosure

Opera 7.0 - History Object Information Disclosure source: https://www.securityfocus.com/bid/6757/info An information disclosure weakness has been reported for Opera 7 browsers on the Microsoft Windows platform. The weakness is due to the way the history object exposes some properties. Specificall...

Opera 7.0 - History Object Information Disclosure

source: https://www.securityfocus.com/bid/6757/info An information disclosure weakness has been reported for Opera 7 browsers on the Microsoft Windows platform. The weakness is due to the way the history object exposes some properties. Specifically, the properties history.next and history.previou...

[SECURITY] [DSA 230-1] New bugzilla packages fix unauthorized data modification

-------------------------------------------------------------------------- Debian Security Advisory DSA 230-1 [email protected] http://www.debian.org/security/ Martin Schulze January 16th, 2003 http://www.debian.org/security/faq -...

CVE-2002-2055

Cross-site scripting XSS vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

PT-2002-2779 · Teekai · Teekai Tracking Online

Name of the Vulnerable Software and Affected Versions: TeeKai Tracking Online version 1.0 Description: The issue concerns the weak encryption of web usage statistics stored in the data/userlog/log.txt file. This weakness allows remote attackers to identify the IP addresses of visitors to the site...

CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunloa...

UDP Stress Tester - Denial of Service

UDP Stress Tester - Denial of Service include include include include include include include include include define shit "BLEAHD" timet elapsed; long sendcount = 0, kbs; void statsint signum kbs = sendcount6/time0-elapsed/1024; // i dont think this is right but... printf"\npid: %d, ran for %u...

[SECURITY] [DSA 161-1] New Mantis package fixes privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 161-1 [email protected] http://www.debian.org/security/ Martin Schulze September 4th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 161-1] New Mantis package fixes privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 161-1 [email protected] http://www.debian.org/security/ Martin Schulze September 4th, 2002 http://www.debian.org/security/faq -...

DSA-161 mantis - privilege escalation

Bulletin has no description...