WU-FTPD < 2.6.2 PASV Command Format String Arbitrary Code Execution

Binary data 1809.prm...

PuTTY: Pre-authentication arbitrary code execution

Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...

Fedora Core 1 : subversion-0.32.1-2 (2004-127)

Stefan Esser discovered an issue in the date parsing routines in Subversion which allows a buffer overflow. An attacker could send malicious requests to a Subversion server either Apache-based using moddavsvn, or using the svnserve daemon and perform arbitrary execution of code. The Common...

MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315)

The remote host is subject to two vulnerabilities in the HTML Help and showHelp modules that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to set up a rogue website containing a malicious showHelp URL, and would need to lure a...

CVE-2004-2041

PHP remote file inclusion vulnerability in secureimgrender.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code...

mod_ssl ssl_util_uuencode_binary Remote Overflow

The remote host is using a version of modssl that is older than 2.8.18. This version is vulnerable to a flaw that could allow an attacker to disable the remote website remotely, or to execute arbitrary code on the remote host. Note that several Linux distributions patched the old version of this...

phpBBmod.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --====----====----====----====----====----====----====----====----====----===-- Product: phpBB modified by Przemo Version: v1.8 Vendor: http://przemo.org/phpBB2/ Discover by: Officerrr Vendor Response: Not contacted yet... Severity: Medium arbitary...

MS04-009: Vulnerability in Outlook could allow code execution (828040)

The remote host is running a version of outlook that could allow Internet Explorer to execute script code in the Local Machine zone and therefore let an attacker execute arbitrary programs on this host. To exploit this bug, an attacker would need to send an special HTML message to a user of this...

RhinoSoft Serv-U FTPd Server 3.x4.x5.x - MDTM Remote Overflow

RhinoSoft Serv-U FTPd Server 3.x4.x5.x - MDTM Remote Overflow / exservu.c - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit Copyright c SST 2004 All rights reserved. Public version BUG find by bkbll [email protected], cool! :ppPPppPPPpp :D code by Sam and 2004/01/07 Revise History...

Microsoft Windows - &#039;RPC DCOM2&#039; Remote (MS03-039)

/ RPCDCOM2.c ver1.1 copy by FLASHSKY flashsky at xfocus.org 2003.9.14 / include include include include include include unsigned char bindstr= 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,...

HTMLToNuke - Cross-Site Scripting

HTMLToNuke - Cross-Site Scripting source: https://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable...

University of Minnesota Gopherd 2.0.x/2.3/3.0.x - FTP Gateway Buffer Overflow

// source: https://www.securityfocus.com/bid/8167/info It has been reported that the FTP gateway component within the gopherd server is prone to a buffer overflow vulnerability. This vulnerability may be present due to a failure to perform bounds checking when processing long filenames returned...

Symantec Security Check RuFSI - ActiveX Control Buffer Overflow

source: https://www.securityfocus.com/bid/8008/info It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser...

LedNews 0.7 Post Script - Code Injection

LedNews 0.7 Post Script - Code Injection source: https://www.securityfocus.com/bid/7920/info It has been reported that LedNews does not properly filter input from news posts. Because of this, it may be possible for an attacker to steal authentication cookies or perform other nefarious activities...

[SECURITY] [DSA-321-1] New radiusd-cistron packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 321-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 13th, 2003 http://www.debian.org/security/faq -...

CVE-2003-0376

Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service crash and failed restart and possibly execute arbitrary code via an Attachment Converted argument with a large number of . dot characters...

zenTrack index.php Multiple Parameter Remote File Inclusion

It is possible to make the remote host include php files hosted on a third-party server using the version of zenTrack installed on the remote host. An attacker may use this flaw to inject arbitrary code and to gain a shell with the privileges of the web server on the affected host. %NASLMINLEVEL...

QuickTime < 6.1 URL Handling Overflow (Windows)

The remote version of the QuickTime player is vulnerable to a buffer overflow. To exploit it, an attacker would need a user of this host to visit a rogue webpage with a malformed link in it. He could then be able to execute arbitrary code with the rights of the user visiting the page. C Tenable...

moxftp.txt

I. BACKGROUND According to the vendor moxftp is a "Ftp shell under X Window System". /usr/ports/ftp/moxftp II. DESCRIPTION Insufficient bounds checking leads to execution of arbitrary code. III. ANALYSIS Upon parsing the '220 welcome to server' ftp banner a buffer can be overrun, allowing us to...

CVE-2002-2123

PHP remote file inclusion vulnerability in publishxpdocs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERYBASEDIR parameter...