7.4AI Score
EPSS
0.1AI Score
OpenFTPD <= 0.30.1 (message system) Remote Shell Exploit
Exploit for linux platform in category remote...
7.1AI Score
This plugin attempts to identify the Operating System type and version by sending more or less incorrect ICMP requests using the techniques outlined in Ofir Arkin's paper 'ICMP Usage In Scanning'. An attacker may use this to identify the kind of the remote operating system and gain further...
7.1AI Score
0.7AI Score
7.4AI Score
EPSS
7.1AI Score
7.1AI Score
[Full-Disclosure] XSS in ezboard
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla ( sorry but I don't...
-0.1AI Score
[sec-labs] Zone Alarm Device Driver vulnerability
sec-labs team proudly presents: Local ZoneAlarm Firewall (probably all versions - tested on v3.1) Device Driver vulnerability. by Lord YuP 04/08/2003 I. BACKGROUND ZoneAlarm is a very powerful and very common nowadays firewall for Windows produced by Zone Labs....
0.4AI Score
Invision Board spoof and defacement
-INTRO- All versions of Invisions Board have a flaw in their input filtering that allows an attacker to completely mess up Invision's display and in one case I managed to change the URL of some of the forums links, which could be used to refer users to fake login sites to collect passwords etc....
0.7AI Score
[Full-Disclosure] [sec-labs] Zone Alarm Device Driver vulnerability
sec-labs team proudly presents: Local ZoneAlarm Firewall (probably all versions - tested on v3.1) Device Driver vulnerability. by Lord YuP 04/08/2003 I. BACKGROUND ZoneAlarm is a very powerful and very common nowadays firewall for Windows produced by Zone Labs....
0.4AI Score
sec-labs team proudly presents: Remote DoS vulnerability in NeoModus Direct Connect 1.0 build 9 and probably newest version. by Lord YuP 13/07/2003 I. BACKGROUND Direct Connect is a windows (i've found also a linux version but i don't have time to test it) p2p...
0.5AI Score
7.4AI Score
Ifenslave 0.0.7 - Argument Local Buffer Overflow (2)
Ifenslave 0.0.7 - Argument Local Buffer Overflow...
0.2AI Score
PHPNuke "Your Account" XSS Vulnerability
PHPNuke "Your Account" XSS Vulnerability Vulnerable; Francisco Burzi PHP-Nuke 6.5 Final Release Not tested but %90 vulnerable; Francisco Burzi PHP-Nuke 5.6 Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco...
AI Score
7.4AI Score
PHP-Nuke 6.5 - modules.php?Username Cross-Site Scripting
PHP-Nuke 6.5 - modules.php?Username Cross-Site...
-0.2AI Score
7.4AI Score
EPSS
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting...
AI Score
Security Patchs for PHP Products
PHPSecure made some patchs for security holes in PHP products. Here is the list : ALP - Banner Ad 2.0 : http://www.phpsecure.org/index.php?id=1&zone=pDl More details : http://online.securityfocus.com/search?category=22&query=ALP Tight Auction 3.0 :...
-0.2AI Score
An unknown service was found running on this port. Trojan Horses and other malware may sometimes open these ports to allow remote access to the machine. Ensure that this port is intended to be open and controlled by legitimate software installed by the...
7.1AI Score
Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
Title: Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow Author: Marco van Berkum Classification: High risk Date: 25/07/2002 Email: [email protected] Company: OBIT Company site: http://www.obit.nl Personal website: ...
-0.6AI Score
Again NULL and addslashes() (now in 123tkshop)
Hi! Ok, another announce about a php application containing unslashed SQL-Queries and bad include/require statements. Several problems in 123tkshop What is 123tkshop? 123tkshop is a ecommerce software written in php. It's providing a full featured online shop. More information are available at:...
-0.7AI Score
Several problems in CARE 2002 What is CARE 2002? CARE 2002 is a free software package for hospitals. It's based on php + mysql. For further information visit <http://www.care2x.com/>. include + NULL problem Problem description There are several include statements which use variables passed by...
-0.6AI Score
[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability
itcp advisory 5 [email protected] http://www.it-checkpoint.net/advisory/5.html March 21th, 2002 phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability Affected program: phpBB 1.4.4 Vendor: www.phpBB.org Vulnerability-Class: Cross Site Scripting (CSS) OS specific: No...
AI Score
Maelstrom 1.4.3 abartity file overwrite
Program: Maelstrom Version: 1.4.3 Distribution: RedHat 7.1 When trying to break stuff, ltracing Maelstrom showed the following: fopen("/tmp/f", "w") = 0x08081f58 fprintf(0x08081f58, "Main program = %s\n", "Maelstrom") = 25...
3.5AI Score
[ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability
-00 ASGUARD LABS ADVISORY 00- :Summary: Release Date : 2001-10-04 Affected : TYPSoft FTP Server v0.95 Not Affected : - Attack Type : Denial Of Service Credits to : Jan Wagner :Description: The TYPSoft FTP Server v0.95 contains a simple D.O.S....
0.8AI Score
[CLA-2001:427] Conectiva Linux Security Announcement - mod_auth_pgsql
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : mod_auth_pgsql SUMMARY : Remote vulnerability allows an attacker to bypass authentication DATE : 2001-09-28 11:26:00 ID : CLA-2001:427 RELEVANT RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0,...
AI Score
[ASGUARD-LABS] glFTPD v1.23 DOS Attack
-00 ASGUARD LABS ADVISORY 00- :Summary: Release Date : 2001-08-17 Affected : glFTPD for Linux v1.23 / glFTPD BSD v1.23 bins Not Affected : glFTPD for Linux v1.24 / glFTPD BSD v1.24 bins Attack Type : Denial Of Service Credits to ...
0.7AI Score
AI Score
7.4AI Score
EPSS
-0.3AI Score
Netscape 4.76 gif comment flaw
Product: Netscape Navigator/Communicator Tested on: 4.76 (on Linux and Win98/NT) Vendor Contact: Reported 2001-03-22 { Problem }-------------------------------------------------------- Overview: The Netscape browser does not escape the gif file comment in the image information page. This...
-0.3AI Score
Here is a possible bug in rcp; since I think it calls system(). I haven't had much time to play with this, because exama are coming up. It is negated because system() calls /bin/cp which with the newer versions of bash, it drops it's effective credientals... $ ls -alF which rcp -rwsr-xr-x 1 ...
1.5AI Score
On Wed, Nov 22, 2000 at 09:11:20AM +1100, Andrew Griffiths wrote: > Here is a possible bug in rcp; since I think it calls system(). I > haven't had much time to play with this, because exama are coming up. > > It is negated because system() calls /bin/cp which with the newer > versio...
1.4AI Score
Microsoft Internet Explorer 5.5 ASCII equivalent of "%01" security vulnerability....
The following security vulnerability has been found in Microsoft Internet Explorer version 5.5 When "" (an undisplayable character, which is eaqual to the 1st caharacter in ASCII table - after the 0th...) inserted in some strategic position in Javascript code ,it is possible to access to...
AI Score
IE5.5 window.externalNavigateAndFind security vulnerability....
Multiple security vulnerabilities found in window.external.NavigateAndFind function in IE5.5... After the most recent patches applied the vulnerabilities seem to persist.. Actually there is no current issues discussed at microsft website... Microsoft has been notified about the problem via ...
-0.4AI Score
WuFTPD: Providing *remote* root since at least1994
/ - wuftpd2600.c * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999 * * WUFTPD 2.6.0 REMOTE ROOT EXPLOIT * by tf8 * * NOTE: For ethical reasons, only an exploit for 2.6.0 will be * released (2.6.0 is the most popular version nowadays), and it * should suffice to proof this...
0.1AI Score
Problem Splitvt 1.6.3 contains a buffer overflow, if you have installed splitvt suid root (like Debian/Redhat/etc, btw not slackware) you should upgrade to 1.6.4. Solution Debian users: see http://www.debian.org/security/2000/20000605a Redhat: Redhat did respond with a "that package comes from our....
-0.5AI Score
Sam Lantinga splitvt 1.6.3 - Local Buffer Overflow
Sam Lantinga splitvt 1.6.3 - Local Buffer...
AI Score
7.4AI Score
EPSS
I searched the archives and did not find this one. Program : fdmount Version : 0.8 OS : linux Slackware 7.0 (maybe others) This program is normally only executable by members of group 'floppy' and installed suid-root by default. Bug Details: void msg(char *text,...) { char buff[80]; ...
1.8AI Score
Re: Denial of Service in Xitami webserver all versions...
Xitami also has an overflow in one of the default example CGI programs that it comes with. http://server.com/cgi-bin/TESTCGI.EXE bla bla bla overflow argv fun. Signed, Marc eEye Digital Security http://www.eEye.com "Its a bullshit, three ring, circus sideshow. The only way to fix it is to flush it....
0.8AI Score
7.4AI Score
EPSS
WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (1)
WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite...
0.3AI Score
-0.1AI Score
-0.4AI Score
-0.3AI Score
-0.3AI Score