CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

Courier mail services: remotely exploitable buffer overflows

The Courier set of mail services use a common Unicode library. This library contains buffer overflows in the converters for two popular Japanese character encodings. These overflows may be remotely exploitable, triggered by a maliciously formatted email message that is later processed by one of t...

Microsoft Word Macro Buffer Overflow

Topic: Buffer overflow on Macro structure processing Vulnerable: Microsoft Office 97, Microsoft Office 2000 any service pack Not Vulnerable: Microsoft Office XP Description: During processing of document with embedded macros Microsoft Office family products are vulnerable to buffer overflow...

ISS RealSecure Server Sensor DoS

IF HTTPS request with invalid Unicode characters received service will shut down IIS service...

ISS Server Sensor Denial of Service

EnterEdge has discovered a Denial of Service condition in ISS RealSecure Server Sensor 7.0. The condition is present when running ISS's RealSecure Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid unicode characters via ssl, the server sensor will shut down the IIS service...

Microsoft Windows XP2000 - RunDLL32.exe Local Buffer Overflow

Microsoft Windows XP2000 - RunDLL32.exe Local Buffer Overflow source: https://www.securityfocus.com/bid/8114/info rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable applicati...

Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1

hello bugtraq, From MSDN: ---cut--- DWORD GetPrivateProfileSection LPCTSTR lpAppName, LPTSTR lpReturnedString, DWORD nSize, LPCTSTR lpFileName ; skip nSize in Size of the buffer pointed to by the lpReturnedString parameter, in TCHARs. Windows 95/98/Me: The maximum buffer size is 32,767 characters...

CVE-2002-0627

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests...

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

pWins Perl Web Server Directory Transversal Vulnerability

From www.sourceforge.net/projects/pwins: "pWins is a webserver-software based on perl and ruby not yet code. My aim is to make it fast, small and secure, supporting cgi perl, ruby and php scripts. It's easy to install and configurate!" versions: 0.2.5 and earlier, tested on Windows only...

Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL

Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...

Windows mplay32 buffer overflow

Microsoft is aware of the vulnerability. Since this successful remote exploitation of this vulnerability depends on other mitigating factors, Microsoft believes it is not worthy of a bulletin. This overflow will be fixed in XP service pack 1. I will explain my understanding of the vulnerability...

Microsoft SQL Server 2000 Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)

Microsoft SQL Server 2000 Microsoft Jet 4.0 Engine - Unicode Buffer Overflow PoC source: https://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with...

Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to execute attacker-supplied...

Microsoft IIS 5.0 - 'CodeBrws.asp' Source Code Disclosure

source: https://www.securityfocus.com/bid/4525/info Microsoft IIS 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts /IISSAMPLES directory. However, this script CodeBrws.asp does not adequately filter unicode representations of directory...

Abyss Webserver 1.0 Administration password file retrieval exploit

Abyss Web Server was just released April 3rd . The Web Server is vulnerable to retrieving the password file on the host's computer. An attacker can send a request to get the password file just by breaking WWWROOT using Unicode. heres a report i wrote NETCRA$H SECURITY REPORT Abyss Web Server 1.0...

Bypassing content filtering

There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filters, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename o...

IIS Unicode Strings

Some of unicodes ... collected by cd http://bastardo.de/ apache ; /MSADC/root.exe?/c+dir /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir...

CVE-2001-1157

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via 1 an extra leading and one or more characters before the SCRIPT tag, or 2 tags using Unicode...