Open Source Security Tools : Practical Guide to Security Applications part 53 doc

FTP WFTP 2.41 rc11 multiple

DoS

CAN-2000-0647

FTP wu-ftpd buffer overflow CVE-1999-0368,

CVE-1999-0878, CVE-1999-0879, CVE-1999-0950

2242

FTP NiteServer FTP directory

traversal

6648

FTP SunFTP Buffer Overflow CVE-2000-0856 1638

FTP Windows Administrator

NULL FTP password

traversal

CAN-2001-0283

FTP Platinum FTP Server

FTP Solaris FTPd tells if a user

exists

2564

CVE-1999-0955

2241

FTP ProFTPd buffer overflow CAN-1999-0911 612

Directory Traversal

CVE-2001-0295 2444

FTP proftpd 1.2.0preN check CVE-1999-0368 2242

FTP BSD ftpd Single Byte

Buffer Overflow

CVE-2001-0053 2124

vulnerability FTP FTPd tells if a user exists

FTP ST FTP traversal 7674

FTP NB1300 router default

FTP account

7359

overflow

CVE-1999-0789 679

FTP Passwordless Zaurus FTP

server

5200

Expansion STAT Buffer Overflow

CAN-2001-0248 2552

vulnerability

CVE-2000-0699 1560

FTP NGC ActiveFTP Denial of

Service

7900

FTP rhosts in FTP root

FTP Serv-U path disclosure CAN-2000-0176,

CVE-1999-0838

1016, 859

vulnerability

CVE-1999-0880

FTP Broker FTP files listing CAN-2001-0450 301

FTP GuildFTPd Directory

Traversal

CAN-2001-0767 2789

FTP Ftp PASV denial of

service

CVE-1999-0079 271

FTP Guild FTPd tells if a given

file exists

CVE-2000-0640 1452

FTP bftpd chown overflow CAN-2001-0065,

CVE-2000-0943

2120

FTP MS FTPd DoS CVE-2002-0073,

CVE-2002-0073

4482

FTP Serv-U Directory traversal CVE-2001-0054 2052

FTP EFTP installation

directory disclosure

CAN-2001-1109 3333

FTP ftp ‘glob’ overflow CAN-2001-0247 2548

FTP proftpd mkdir buffer

overflow

CAN-1999-0911 612

FTP Ftp PASV on connect

crashes the FTP server

CVE-1999-0075

FTP EFTP tells if a given file

exists

CAN-2001-1109 3333

FTP Anonymous FTP enabled CAN-1999-0497

FTP wu-ftpd glob

vulner-ability (2)

CAN-2001-0935

Corruption

CAN-2001-0249, CVE-2001-0550

2550, 3581

FTP Generic FTP traversal CVE-2001-0680,

CAN-2001-1335, CAN-2001-0582

2618, 2786

FTP Debian proftpd 1.2.0 runs

as root

CVE-2001-0456

FTP wu-ftpd fb_realpath()

off-by-one overflow

CAN-2003-0466 8315

PASS Overflow

CVE-1999-0256

FTP EFTP carriage return DoS CVE-2000-0871 1677

FTP ftpd strtok() stack

overflow

CAN-2001-0325 2342

FTP Writeable FTP root CAN-1999-0527

FTP Linux FTP backdoor CAN-1999-0452

FTP proftpd 1.2.0rc2 format

string vuln

CVE-2001-0318

string

CVE-2001-0187 2296

FTP ftp USER, PASS or HELP

overflow

CAN-2000-0133, CVE-2000-0943, CAN-2002-0126, CVE-2000-0870, CVE-2000-1035, CVE-2000-1194, CAN-2000-1035

961, 1858, 3884,

7251, 7278, 7307

FTP ProFTPd pre6 buffer

overflow

CAN-1999-0911 612

FTP vxworks ftpd buffer

overflow

6297

FTP FTP Service Allows Any

Username FTP bftpd format string

vulner-ability FTP VisNetic and Titan FTP

Server traversal

7718

FTP vftpd buffer overflow CAN-1999-1058 818

MKD Buffer Overflow

CVE-2000-0131 966

FTP ftp writeable directories CAN-1999-0527

disclosure FTP ProFTPd ASCII upload

overflow

8679

FTP BSD ftpd setproctitle()

format string

CAN-2000-0574 1425

FTP Windows NT ftp ‘guest’

account

CAN-1999-0546

vulnerability

CVE-2000-0573, CVE-1999-0997

1387, 2240, 726

Gain a shell remotely /bin/login overflow

exploitation

CVE-2001-0797 3681

Gain a shell remotely SSH 3

Allowed-Authentication

4810

Gain a shell remotely MCMS : Buffer overflow

in Profile Service

CAN-2002-0620, CVE-2002-0621, CVE-2002-0622, CVE-2002-0623, CVE-2002-0050 Gain a shell remotely Multiple vulnerabilities in

CUPS

CAN-2002-1383, CAN-2002-1366, CAN-2002-1367, CAN-2002-1368, CAN-2002-1384, CAN-2002-1369, CAN-2002-1372 Gain a shell remotely rsh on finger output

Gain a shell remotely OpenSSL overflow via

invalid certificate passing

CAN-2003-0543, CAN-2003-0544, CAN-2003-0545

8732

Gain a shell remotely ipop2d buffer overflow CVE-1999-0920 283

Gain a shell remotely Omron WorldView Wnn

Overflow

CAN-2000-0704 1603

Gain a shell remotely Canna Overflow CVE-2000-0584 1445

Gain a shell remotely MailMax IMAP overflows

(2)

7327

Gain a shell remotely iWS shtml overflow CVE-2000-1077 1848

Gain a shell remotely Cyrus IMAP pre-login

buffer overrun Gain a shell remotely Shell Command

Execu-tion Vulnerability Gain a shell remotely libgtop_daemon format

string

CAN-2001-0927

Gain a shell remotely gnocatan multiple buffer

overflows Gain a shell remotely shtml.exe overflow CAN-2002-0692 5804

Gain a shell remotely SSH Secure-RPC Weak

Encrypted Authentication

CVE-2001-0259 2222

Gain a shell remotely OpenSSL overflow

(generic test)

CAN-2002-0656, CAN-2002-0655, CAN-2002-0657, CAN-2002-0659, CVE-2001-1141

5363

Gain a shell remotely tanned format string

vulnerability

6553

Gain a shell remotely qpopper euidl problem CVE-2000-0320 1133

Gain a shell remotely Netscape Enterprise

‘Accept’ buffer overflow

CVE-1999-0751 631

Gain a shell remotely OpenSSH 2.5.x -> 2.9.x

adv.option

CVE-2001-0816 3369

Gain a shell remotely PostgreSQL multiple

flaws

CAN-2002-1402, CAN-2002-1401, CAN-2002-1400, CAN-2002-1397, CAN-2002-1399

6610, 6614, 5527,

5497, 6615, 6611,

6612, 6613, 7075

Gain a shell remotely MySQL double free() CAN-2003-0073 6718

Gain a shell remotely CesarFTP multiple

overflows

CAN-2001-0826 7950, 7946

Gain a shell remotely BitKeeper remote

command execution Gain a shell remotely mod_mylo overflow 8287

Gain a shell remotely uw-imap buffer overflow

after logon

CAN-2000-0284 1110

Gain a shell remotely NAI Management Agent

overflow

CVE-2000-0447 1254

Gain a shell remotely Lotus Domino

Vulner-abilities

CAN-2003-0123, CAN-2001-1311

7038, 7039

Gain a shell remotely qpopper LIST buffer

overflow

CAN-2000-0096 948

Gain a shell remotely wsmp3d command

execution

CAN-2003-0338

Gain a shell remotely LPRng malformed input CVE-2000-0917 1712

Gain a shell remotely IMAP4rev1 buffer

over-flow after logon

CAN-1999-1224

Gain a shell remotely Oracle LINK overflow CAN-2003-0222 7453

Gain a shell remotely iPlanet Application Server

Buffer Overflow

CAN-2002-0387 7082

Gain a shell remotely multiple MySQL flaws CAN-2002-1373,

CAN-2002-1374, CAN-2002-1375, CAN-2002-1376

6368, 6370, 6373,

6374, 6375

Gain a shell remotely PKCS 1 Version 1.5

Session Key Retrieval

CVE-2001-0361 2344

Gain a shell remotely FakeBO buffer overflow

Gain a shell remotely Batalla Naval Overflow

Gain a shell remotely Apache < 2.0.44 DOS

device name

CAN-2003-0016

Gain a shell remotely Magic WinMail Format

string

CAN-2003-0391 7667

Gain a shell remotely MySQL password handler

overflaw

CAN-2003-0780 8590

Gain a shell remotely SSH Insertion Attack CVE-1999-1085

Gain a shell remotely IMAP4buffer overflow in

the BODY command

CVE-2002-0379 4713

Gain a shell remotely rwhois format string

attack

CAN-2001-0838

Gain a shell remotely qpopper Qvsnprintf buffer

overflow

CAN-2003-0143 7058

Gain a shell remotely Apache chunked encoding CVE-2002-0392 5033

Gain a shell remotely rwhois format string

attack (2)

CAN-2001-0913

Gain a shell remotely scp File Create/Overwrite CVE-2000-0992 1742

Gain a shell remotely Kerio WebMail interface

flaws

7966, 7967, 7968

Gain a shell remotely Quicktime/Darwin

Remote Admin Exploit

CAN-2003-0050, CAN-2003-0051, CAN-2003-0052, CAN-2003-0053, CAN-2003-0054, CAN-2003-0055

6954, 6955, 6956,

6957, 6958, 6960, 6990

Gain a shell remotely Gauntlet overflow CVE-2000-0437 1234

Gain a shell remotely netscape imap buffer

over-flow after logon

CVE-2000-0961 1721

Gain a shell remotely Oops buffer overflow CAN-2001-0029 2099

Gain a shell remotely SSH Overflow CVE-1999-0834 843

Gain a shell remotely Helix RealServer Buffer

Overrun

CAN-2003-0725

Gain a shell remotely SSH 3.0.0 CVE-2001-0553 3078

Gain a shell remotely Apache-SSL overflow CVE-2002-0082 4189

Gain a shell remotely OpenSSH < 3.0.1 CVE-2002-0083 3560, 4560, 4241 Gain a shell remotely MDaemon IMAP

CREATE overflow

7446

Gain a shell remotely MailMax IMAP overflows CVE-1999-0404 7326

Gain a shell remotely OpenSSH 2.3.1

authen-tication bypass vulner-ability

2356

Gain a shell remotely SSH Kerberos issue CVE-2000-0575 1426

Gain a shell remotely mod_ntlm overflow /

format string bug

7393, 7388

Gain a shell remotely rsh with null username CVE-1999-0180

Gain a shell remotely OpenSSH Client

Unautho-rized Remote Forwarding

CVE-2000-1169 1949

Gain a shell remotely SSH1 SSH Daemon

Logging Failure

CAN-2001-0471 2345

Gain a shell remotely ActiveSync packet

overflow

7150

Gain root remotely mountd overflow CVE-1999-0002

Gain root remotely Imap buffer overflow CVE-1999-0005 130

Gain root remotely Microsoft RPC Interface

Buffer Overrun (823980)

CAN-2003-0352 8205

Gain root remotely Samba trans2open buffer

overflow

CAN-2003-0201, CAN-2003-0196

7294

Gain root remotely INN version check CVE-1999-0705,

CVE-1999-0043, CVE-1999-0247

616

Gain root remotely Linux nfs-utils xlog()

off-by-one overflow

CAN-2003-0252 8179

Gain root remotely Format string on HTTP

method name Gain root remotely EFTP buffer overflow CAN-2001-1112 3330

Gain root remotely SimpleServer remote

execution

3112

Gain root remotely Alibaba 2.0 buffer

overflow

CAN-2000-0626 1482

Gain root remotely BIND iquery overflow CVE-1999-0009 134

Gain root remotely Too long OPTIONS

parameter Gain root remotely OpenSSH < 3.7.1 CAN-2003-0693,

CAN-2003-0695

8628

Gain root remotely Samba Fragment

Reassembly Overflow

CAN-2003-0085, CAN-2003-0086

7106, 7107

Gain root remotely Buffer overflow in

Microsoft Telnet

CVE-2002-0020 4061

Gain root remotely BrowseGate HTTP

headers overflows

CVE-2000-0908 1702

Gain root remotely SSH Multiple Vulns CAN-2002-1357,

CAN-2002-1358, CAN-2002-1359, CAN-2002-1360 Gain root remotely Samba Remote Arbitrary

File Creation

CVE-2001-1162 2928

Gain root remotely MDBMS overflow CVE-2000-0446 1252