MS Windows XP/2003 (IGMP v3) Denial of Service Exploit (MS06-007) (2)

No description provided by source. / MS06-007 Denial of Service POC exploit created by Firestorm, based on zloSend.exe win32 exploit http://www.securitylab.ru/poc/264136.php Tested on Windows XP SP2 as victim compiled/runned on Fedore Core 4 x86 FOR EDUCATIONAL PURPOSE ONLY !!! / include stdio.h...

[SA19289] CuteNews "archive" Disclosure of Sensitive Information Vulnerability

TITLE: CuteNews "archive" Disclosure of Sensitive Information Vulnerability SECUNIA ADVISORY ID: SA19289 VERIFY ADVISORY: http://secunia.com/advisories/19289/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CuteNews 1.x...

[SA19283] SoftBB "mail" SQL Injection Vulnerability

TITLE: SoftBB "mail" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19283 VERIFY ADVISORY: http://secunia.com/advisories/19283/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: SoftBB 0.x http://secunia.com/product/8782/ DESCRIPTION: A vulnerability has...

[SA19216] vCard Cross-Site Scripting Vulnerabilities

TITLE: vCard Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA19216 VERIFY ADVISORY: http://secunia.com/advisories/19216/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: vCard 2.x http://secunia.com/product/8693/ DESCRIPTION: LinuxDrox has reported som...

Cross site request forgery (csrf)

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via 1 dot, 2 space, 3 slash, or 4 NULL characters in the filename extension of an HTTP request...

CVE-2006-0819

CVE-2006-0819 affects Dwarf HTTP Server 1.3.2. A validation error in the requested URL filename extension (dot/space/slash/NULL characters) allows remote disclosure of JSP source. Secunia also notes unsanitized error responses enabling XSS. Mitigation: update to version 1.3.3.

Multiple Dwarf HTTP Server vulnerabilities

Crossite scripting, scripts source code disclosure...

Code injection

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...

CVE-2006-1093

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...

Test both the JSP environment the following security vulnerabilities-vulnerability warning-the black bar safety net

Author: xy7BCT The first test JSP program vulnerabilities, to be exact is a server poor configuration leading to security risks, wrong place hope everyone noted it!!! Previously in some articles on the see on the JSP site storm any files of the original code of the vulnerability, and today finall...

[SA19142] Owl Intranet Engine "xrms_file_root" File Inclusion Vulnerability

TITLE: Owl Intranet Engine "xrmsfileroot" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19142 VERIFY ADVISORY: http://secunia.com/advisories/19142/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Owl Intranet Engine 0.x http://secunia.com/product/1579/...

USN-260-1: flex vulnerability

Chris Moore discovered a buffer overflow in a particular class of lexicographical scanners generated by flex. This could be exploited to execute arbitrary code by processing specially crafted user-defined input to an application that uses a flex scanner for parsing. This flaw particularly affects...

Privilege escalation

NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...

CVE-2006-0815

NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...

CVE-2006-0815

NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...

CVE-2006-0815

Summary of CVE-2006-0815 : Affects NetworkActiv Web Server 3.5.15. The vulnerability arises from improper validation of filename extensions when a forward slash is included in a URL, enabling a remote attacker to disclose the source code of scripts hosted on the server (information disclosure). I...

CVE-2006-0949

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...

CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...

Code injection

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...

Code injection

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...