Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1

hello bugtraq, From MSDN: ---cut--- DWORD GetPrivateProfileSection LPCTSTR lpAppName, LPTSTR lpReturnedString, DWORD nSize, LPCTSTR lpFileName ; skip nSize in Size of the buffer pointed to by the lpReturnedString parameter, in TCHARs. Windows 95/98/Me: The maximum buffer size is 32,767 characters...

CVE-2002-0627

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests...

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

pWins Perl Web Server Directory Transversal Vulnerability

From www.sourceforge.net/projects/pwins: "pWins is a webserver-software based on perl and ruby not yet code. My aim is to make it fast, small and secure, supporting cgi perl, ruby and php scripts. It's easy to install and configurate!" versions: 0.2.5 and earlier, tested on Windows only...

Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL

Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...

Windows mplay32 buffer overflow

Microsoft is aware of the vulnerability. Since this successful remote exploitation of this vulnerability depends on other mitigating factors, Microsoft believes it is not worthy of a bulletin. This overflow will be fixed in XP service pack 1. I will explain my understanding of the vulnerability...

Microsoft SQL Server 2000 Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)

Microsoft SQL Server 2000 Microsoft Jet 4.0 Engine - Unicode Buffer Overflow PoC source: https://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with...

Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to execute attacker-supplied...

Microsoft IIS 5.0 - 'CodeBrws.asp' Source Code Disclosure

source: https://www.securityfocus.com/bid/4525/info Microsoft IIS 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts /IISSAMPLES directory. However, this script CodeBrws.asp does not adequately filter unicode representations of directory...

Abyss Webserver 1.0 Administration password file retrieval exploit

Abyss Web Server was just released April 3rd . The Web Server is vulnerable to retrieving the password file on the host's computer. An attacker can send a request to get the password file just by breaking WWWROOT using Unicode. heres a report i wrote NETCRA$H SECURITY REPORT Abyss Web Server 1.0...

Bypassing content filtering

There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filters, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename o...

IIS Unicode Strings

Some of unicodes ... collected by cd http://bastardo.de/ apache ; /MSADC/root.exe?/c+dir /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir...

CVE-2001-1157

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via 1 an extra leading and one or more characters before the SCRIPT tag, or 2 tags using Unicode...

CVE-2001-1157

Baltimore Technologies WEBsweeper 4.0 and 4.02 are described as failing to properly filter Javascript from HTML pages, enabling remote bypass of the filter via (1) an extra leading

Another Sql Server 7 Buffer Overflow

Security Advisory Name : Another Sql Server 7 Buffer Overflow System Affected : Sql Server 7 all service packs and fixes, ver. 7.00.1021 Severity : High. Remote Exploit: Yes Author: Cesar Cerrudo. Date: 03/05/2002 Advisory Number: CC030202 Description : The extended stored procedure xpdirtree...

Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)

Dear, Advisory was originally posted in 1-3 2 weeks ago, so I think it's enough time passed to publish some details, because 4,5 have enough information to re-discover vulnerability. ERRor erroratpochtamt.ru discovered IE 5.5 and 6.0 in some cases crash on embed src="filename.AAAAAAAAAAlot of 'A'...

CVE-2001-0669

Various Intrusion Detection Systems IDS including 1 Cisco Secure Intrusion Detection System, 2 Cisco Catalyst 6000 Intrusion Detection System Module, 3 Dragon Sensor 4.x, 4 Snort before 1.8.1, 5 ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and 6 ISS RealSecure Server Sensor 5.5 and 6...

CVE-2001-0669

Various Intrusion Detection Systems IDS including 1 Cisco Secure Intrusion Detection System, 2 Cisco Catalyst 6000 Intrusion Detection System Module, 3 Dragon Sensor 4.x, 4 Snort before 1.8.1, 5 ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and 6 ISS RealSecure Server Sensor 5.5 and 6...

CVE-2001-0669

CVE-2001-0669 affects multiple IDS products (Cisco Secure IDS, Cisco Catalyst 6000 IDS Module, Dragon Sensor 4.x, Snort before 1.8.1, ISS RealSecure Network Sensor 5.x/6.x before XPU 3.2, and ISS RealSecure Server Sensor 5.5/6.0 for Windows) where an attacker can bypass HTTP attack detection by u...

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...