Linux Kernel 2.22.4 - procfs Stream redirection to Process Memory Privilege Escalation

Linux Kernel 2.22.4 - procfs Stream redirection to Process Memory Privilege Escalation / source: https://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. Under...

eperl -- Remote code execution

David Madison reports: ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by...

Microburst uDirectory 2.0 - Remote Command Execution

Microburst uDirectory 2.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the...

Microburst uDirectory 2.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software. !/usr/bin/perl -w management, e-commerce...

new advisory

---=== UkR security team - Advisory ===--- uStorekeepertm Online Shopping System - Runtime Script - 'arbitrary file retreival' vulnerability Date: 03.04.2001 Problem: input validation error. Vulnerable products: ustorekeeper.pl version 1.61 probably others, but not tested Product vendor: Microbur...

advisory

---=== UkR security team - Advisory no. 11 ===--- Anaconda Clipper - 'arbitrary file retreival' vulnerability Date: 27.03.2001 Problem: input validation error. Vulnerable products: Anaconda Clipper ver. 3.3 probably others, but not tested Product vendor: Anaconda / http://www.anaconda.net Comment...

IBM NetCommerce Security

hola friends, while i was participating on the openhack contest i found a couple of serious security-holes within ibm s so called "netcommerce" thing which seems to be a mixture of websphere, net.data, servlets, jsp s and db2? however..summary: class: input validation error remote: yes local: yes...

ISC BIND 4 contains input validation error in nslookupComplain()

Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a format string vulnerability in BIND 4.9.4 that may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer...

Input validation error in quikstore.cgi allows attackers to execute commands

Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...

Remote File Attachment Theft via comm.lycos.com,angelfire.com, eudoramail.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date Published: November 28, 2000 Title: Remote File Attachment Theft via comm.lycos.com,angelfire.com, eudoramail.com Class: Access Validation Error Remotely Exploitable: Yes Vulnerability Description: WebMail possibly WhoWhere.com software as...

gbook.cgi.txt

Bug Report 1. Name: gbook.cgi remote command execution vulnerability 2. Release Date: 2000.11.10 3. Affected Application: GBook - A web site guestbook By Bill Kendrick [email protected] http://zippy.sonoma.edu/kendrick/ 4. Author: [email protected] 5. Type: Input validation Error 6...

[hacksware] gbook.cgi remote command execution vulnerability

Bug Report 1. Name: gbook.cgi remote command execution vulnerability 2. Release Date: 2000.11.10 3. Affected Application: GBook - A web site guestbook By Bill Kendrick [email protected] http://zippy.sonoma.edu/kendrick/ 4. Author: [email protected] 5. Type: Input validation Error 6...

Explanation Authentix Input Validation Error

Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...

Format string input validation error in wu-ftpd site_exec() function

Overview A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd wu-ftpd software package. Sites running affected systems are advised to update their wu-ftpd software as soon as possible. A similar but distinct...

wu-ftpd advisory update

UPDATE: This announcement was first mailed out on 28-Sep-2000. It was later determined that incorrect 16-bit sums and 128-bit MD5 message digests were included in the announcement. The announcement below is identical to the one from yesterday, but it includes the correct verification data. We...

Unixware SCOhelp http server format string vulnerability

CORE SDI Inc. http://www.core-sdi.com Unixware SCOhelp http server format string vulnerability Date Published: 09/27/00 Advisory ID: CORE-092700 Bugtraq ID: 1717 CVE CAN: None currently assigned. Title: Unixware SCOhelp http server format string vulnerability Class: Input validation error Remotel...

UNIX locale format string vulnerability

CORE SDI http://www.core-sdi.com UNIX locale format string vulnerability Date Published: September 4th, 2000 early release Advisory ID: CORE-090400 Bugtraq ID: 1634 CVE CAN: None currently assigned. Title: UNIX locale format string vulnerability Class: Input Validation Error Remotely Exploitable:...

Vulnerability Report On IPSWITCH's IMail

Vulnerability Report On IPSWITCH's IMail Date Published: August 30 2000 Advisory ID: TS003 Bugtraq ID: http://www.securityfocus.com/bid/1617 CVE CAN: None at this time Title: IPSWITCH IMail File Attachment Vulnerability Class: Access Validation Error Remotely Exploitable: Yes Locally Exploitable:...

php-nuke bug

php-nuke bug by StarmanJones 22/08/00 Disclaimer: I am not responsible for whatever you do with the knowledge you get from reading this advisorie. I am not telling you to go and post messages on sites that use PHP-nuke. Recently there was an advisory on bugtraq about An access validation error th...

ultraboardv1.6

hola friends, found some interesting things in the "old" UltraBoard-Forum scripts UltraBoard V 1.6 class:Input Validation Error remote:Yes vulnerable:UltraBoard V1. vendor: www.ultrascripts.com || www.ub2k.com Description: By using the good old NullByte\000 its possible to open "any" file on the...