Software Insight Security Research Advisory #NISR29042003 - A classic stack based buffer overflow vulnerability exists in the Oracle database server that can be set up for exploitation by providing an overly long parameter for a connect string with the 'CREATE DATABASE LINK' query.
46721ac7a228404220a2a8e6b414e422Kerio Personal Firewall version 2.1.4 and below is vulnerable to a replay attack against the authenticated/encrypted channel for remote administration. A remotely exploitable buffer overflow also exists in the authentication process.
ceb1280aae97fde089c7bdcaf613b549INetCop Security Advisory #2003-0x82-016 - Qpopper v4.0.x poppassd, the utility that allows users to change their mail passwords, is setuid root and allows for a definable path to smbpasswd. In doing so, a local attacker can easily escalate to root privileges.
1fe324746bd8d394a8c6645cd4500341The code used in Microsoft Internet Explorer to parse web servers' HTTP
6878afb931fd5985c405d288d45fa042Secure Network Operations Advisory SRT2003-04-24-1532 - The Options Parsing Tool shared library is vulnerable to a buffer overflow. If a setuid application makes use of this shared library privilege escalation can occur.
592b58717877745e58131e754c44ead0NGSSoftware Insight Security Research Advisory NISR24042003 - There is an exploitable heap overflow vulnerability in Microsoft's ActiveX control, Plugin.ocx. By default, plugin.ocx is marked safe for scripting, and as such, if an IE user were to visit a malicious web page, the overflow could be triggered allowing for a remote compromise of the user's machine. Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1.
63f15558d91c060824426b7efab426e8Cisco Security Advisory: Cisco Catalyst software permits unauthorized access to the enable mode in the 7.5(1) release. Once initial access is granted, access can be obtained for the higher level "enable" mode without a password. This
ed65a75f9c215c3ed65426ae5f12726aA vulnerability in the Xeneo Web Server can be exploited by malicious attackers to cause a denial of service due to an error in the handling of requests including a malformed URL encoding representation of a character.
e9a7cdaa8ec20c1eb42295ccd3a1423bCisco Security Advisory - Cisco Secure ACS for Windows is vulnerable to a buffer overflow on the administration service which runs on TCP port 2002. Exploitation of this vulnerability results in a Denial of Service, and can potentially result in system administrator access. Cisco Secure ACS versions up to and including version 2.6.4 , 3.0.3, and 3.1.1 are affected by this vulnerability.
657c211471c31a5ea9d1f739db0a8ccdNext Generation advisory NGSEC-2003-5. YABBS, the popular BBS system for unix and Windows, has a vulnerability in the HttPush code that allows a remote attacker to inject evil code via its PHP language support.
8754ee0f7cea12d08dc7452ea9b42757A race condition exists in Windows XP Service Control Manager Service Shutdown Mechanism when a service shutdown is not correctly completed in a desired time period. Normal users can access open files which may end up with randomly cached data that could contain restricted data. Microsoft has not announce any plans to backport a patch but has announced that this issue will be addressed in Windows Server 2003.
eb39174497b5cc5bf4a16ca4ea561b22A vulnerability discovered in Macromedia Flash in the advertisement user tracking field allows a remote user to perform Cross Site Scripting attacks and retrieve session information.
c8d9b1ab28f9260eac894af9fc45db37Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.
876a06bd3f427e6075863d1a3273c0a5iDEFENSE Security Advisory 04.08.03 - Remote exploitation of a memory leak in the Apache 2.0 HTTP Server causes the characters. The web server allocates an eighty-byte buffer for each linefeed character without specifying an upper limit for allocation. Consequently, an attacker can remotely exhaust system resources by generating many requests containing these characters. Versions affected: < 2.0.45.
34e6e0b4960a7d8b536a6d8993b39727iDEFENSE Security Advisory 04.09.03 - A vulnerability exists in Microsoft's Internet Security and Acceleration Server that allows attackers to cause a denial-of-service condition by spoofing a specially crafted packet to the target system. Another impact of this vulnerability is the capability of a remote attacker to generate an infinite packet storm between two unpatched systems implementing ISA Server or MS Proxy 2.0 over the Internet.
dec41a1bffb0f5015532a4adf032ac04mIRC versions 6.03 and below has limited visibility during a DCC GET that allows for an attacker to spoof a legitimate file and instead send an executable that can lead to a compromise.
ca0209166c33153c7f1e0e257e309ca0UnitedLinux 1.0 ships with /usr/src/packages recursively set with full read, write, and execute permissions which makes way for planting of rogue source, ultimately leading to a full system compromise.
fb134881551c407f1bae209ed6c9540dAtstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.
662484e7b76fba6806769e9bc2dc8c29FreeBSD Security Advisory FreeBSD-SN-03:01 - Two different vulnerabilities in Samba have been recently identified by Sebastian Krahmer and Digital Defense, Inc. One is a race condition that could allow the overwriting of system files and the other is a buffer overflow that allows a remote attacker to gain root privileges.
2071622ae120fe2048feb35f9d51090bDigital Defense Inc. Security Advisory DDI-1013 - A buffer overflow exists in Samba which allows a remote attacker to gain root privileges due to a a StrnCpy() into a char array (fname) using a non-constant length (namelen). Versions affected: < Samba 2.2.8a, <= Samba 2.0.10, < Samba-TNG 0.3.2.
e0f525a208d63a7c8b82f12630936a1aSecure Network Operations Advisory 1106 - The AOLServer Proxy Daemon API contains exploitable syslog() calls in nspd/libnspd.a. This vulnerability is remotely exploitable.
02969fe5d4d15cf11897b8217c816ed0The 3Com 812 ADSL router will expose an internal computer's ports to an external computer once a connection between the two is established. Although 3Com denotes this as a feature, it inadvertently will leave a victim open to attack for up to 2 minutes.
bb597459da20167a11df734665f6ca46There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. This problem is not related to the recent ISS vulnerability announcement.
6170406f990dbfee8686ade4fe42531diDEFENSE Security Advisory 03.31.03 - An exploitable buffer overflow has been found in Apple Computer's QuickTime Player v5.x and 6.0 which allows the remote execution of arbitrary code via long quicktime:// URL's or the -u command line switch. Any remote attacker can compromise a target system if he or she can convince a user to load a specially crafted exploit URL. Upon successful exploitation, arbitrary code can be executed under the privileges of the user who launched QuickTime.
5fb446509c91a78be94b803952006a9fNSFOCUS Security Advisory SA2003-03 - A local heap overflow was found in Sun Solaris's CDE manager dtsession which allows local users to execute code as root by setting a long HOME environment variable. Solaris 2.6, 2.7, 2.8, and 2.9 is affected.
787dddea9119840ff82c75828ed17260
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed