1697 matches found
Working Resources BadBlue 1.7.x2.x - Unauthorized HTS Access
Working Resources BadBlue 1.7.x2.x - Unauthorized HTS Access source: https://www.securityfocus.com/bid/7638/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access to administrative functions. It is possible to bypass BadBlue security checks when...
Drag And Zip File Name Handling Overflow
The remote host is running Drag And Zip - a file compression utility. There is a flaw in this program which may allow a remote attacker to execute arbitrary code on this host. To exploit this flaw, an attacker would need to craft a special Zip file and send it to a user on this host. Then, the us...
Info-ZIP UnZip 5.50 - Encoded Character Hostile Destination Path
Info-ZIP UnZip 5.50 - Encoded Character Hostile Destination Path source: https://www.securityfocus.com/bid/7550/info Info-ZIP UnZip contains a vulnerability during the handling of pathnames for archived files. Specifically, when certain encoded characters are inserted into '../' directory travers...
ListProc 8.2.9 - Catmail ULISTPROC_UMASK Buffer Overflow
source: https://www.securityfocus.com/bid/7533/info ListProc catmail has been reported prone to a buffer overflow vulnerability when handling a ULISTPROCUMASK environment variable of excessive length. The issue is likely due to a lack of sufficient bounds checking performed when copying the...
KDE Konqueror 3.0.3 - Malformed HTML Page Denial of Service
KDE Konqueror 3.0.3 - Malformed HTML Page Denial of Service source: https://www.securityfocus.com/bid/7486/info KDE Konqueror has been reported prone to a denial of service vulnerability when rendering a HTML page that contains malformed data. Although unconfirmed, code execution may be possible...
Sendmail <= 8.12.8 prescan() BSD Remote Root Exploit
No description provided by source. / Sendmail 8.12.8 prescan PROOF OF CONCEPT exploit by bysin This is to prove that the bug in sendmail 8.12.8 and below is vulnerable. On sucessful POC exploitation the program should crash with the following: Program received signal SIGSEGV, Segmentation fault...
Qpopper 4.0.x - 'poppassd' Privilege Escalation
/ Title: Qpopper v4.0.x poppassd local root exploit. Exploit code: 0x82-Local.Qp0ppa55d.c -- ./0x82-Local.Qp0ppa55d -u x82 -p mypasswd Qpopper v4.0.x poppassd local root exploit. by Xpl017Elz / include include include include define BUFSZ 0x82 define DPOPPASS "/usr/local/bin/poppassd" define DNAM...
MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
-----BEGIN PGP SIGNED MESSAGE----- Damage Hacking Group security advisory www.dhgroup.org Product: MDaemon SMTP/POP/IMAP server =v.6.0.7 Authors: Alt-N Technologies www.mdaemon.com Vulnerability: remote DoS via POP3 service Overview----------------------------------------------------- - From...
Exploit for PoPToP PPTP server
hello bugtraq, Here is an exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up ...
SETI@home Clients - Remote Buffer Overflow
SETI@home Clients - Remote Buffer Overflow / Seti@Home exploit by zillionatsafemode.org 2003/01/07 Credits for the vulnerability go to: SkyLined http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Seti@home Use this exploit in combination with a DNS spoofing utility such as the one provide...
CVE-2003-0147
...
CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server...
Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
NGSSoftware Insight Security Research Advisory Name: Oracle TZOFFSET Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: http://www.oracle.com Author: Mark...
myphpPagetool (php)
Informations : °°°°°°°°°°°°°° Version : 0.4.3-1 Website : http://myphppagetool.sourceforge.net/ Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php, help4.php, help5.php, help6.php, help7.php, help8.php and help9.p...
WinRAR 2.903.03.10 - Archive File Extension Buffer Overrun
WinRAR 2.903.03.10 - Archive File Extension Buffer Overrun source: https://www.securityfocus.com/bid/6664/info A vulnerability has been discovered in WinRAR. The problem occurs when the affected application opens an archive containing a file with an overly long file extension. It has been reporte...
Xynph FTP Server 1.0 - Directory Traversal
Xynph FTP Server 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/6587/info A problem with the handling of input has been reported in Xynph FTP Server. Under some circumstances, it may be possible for a remote user to escape the FTP root directory using relative path notation...
BRS Webweaver 1.0 1 - MKDir Directory Traversal
BRS Webweaver 1.0 1 - MKDir Directory Traversal source: https://www.securityfocus.com/bid/6585/info WebWeaver's FTP component has a flaw which can permit a remote user to create directories outside the FTP root. By executing the mkdir command on an ftp server with dot-dot-slash ..\ directory...
[SECURITY] [DSA 219-1] New dhcpcd packages fix remote command execution vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 219-1 [email protected] http://www.debian.org/security/ Martin Schulze December 31st, 2002 http://www.debian.org/security/faq -...
CVE-2002-1656
X-News xnews 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie...