J. River Media Center 11.0.309 - Remote Denial of Service (PoC)

!/usr/bin/perl Credit to n00b for finding this bug..^ ^ Media Center 11 d0s exploit overly long string. TiVo server plugin..Runs on port tcp :8070 Also J. River UPnP Server Version 1.0.34 is also afected by the same bug which is just a dos exploit.As we know the port always changes for the UPnP...

osCommerce 2.1/2.2 - 'product_info.php' SQL Injection

source: https://www.securityfocus.com/bid/19774/info osCommerce is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent...

CVE-2006-3859

IBM Informix Dynamic Server IDS allows remote authenticated users to create and overwrite arbitrary files via the 1 LOTOFILE and 2 trltracefileset functions, and the 3 "SET DEBUG FILE" commands...

CVE-2006-3860

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the 1 "SET DEBUG FILE" SQL command, and the 2 startonpload and 3 dbexp functions...

CVE-2006-3859

IBM Informix Dynamic Server IDS allows remote authenticated users to create and overwrite arbitrary files via the 1 LOTOFILE and 2 trltracefileset functions, and the 3 "SET DEBUG FILE" commands...

[UNIX] Liblesstif Local Root (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

liblesstif symbolic links vulnerability

Insecure debug files handling in libXm...

TWiki 4.0.4 - 'configure' Remote Command Execution

!/usr/bin/perl Tue Aug 1 13:18:12 CEST 2006 [email protected] use strict; use LWP::UserAgent; use LWP::Simple; use HTTP::Request; use HTTP::Response; use Getopt::Long; $| = 1; couse 1 is bigger than 0 my $proxy,$proxyuser,$proxypass; my $host,$debug,$dir, $command; my $options = GetOptions 'host=...

CentOS 3 : openssh (CESA-2006:0298)

Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...

Bypassing the system“Group Policy”restrictions! - Vulnerability warning-the black bar safety net

In a system, since the system applied the Group Policy“only allow a license to run the program”of the limiting function, so that unauthorized programs cannot run, the pop-up message: this operation due to this computer restrictions and be cancelled. Please contact your system administrator. Next ...

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

CVE-2006-2755

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

CVE-2006-1855

The CVE-2006-1855 case concerns Linux kernel code (choose_new_parent) containing obsolete debugging paths that can be exploited locally to cause a kernel panic/Denial of Service. The vulnerability is described as a local issue in the kernel prior to a fixed release (notably reflected across multi...

Invision Power Board 2.1.5 - search.php Remote Code Execution

Invision Power Board 2.1.5 - search.php Remote Code Execution !/usr/bin/perl Wed Apr 26 16:44:15 CEST 2006 [email protected] INVISION POWER BOARD 2.1.5 pr00f 0f c0ncept remote command execution. vuln credits goes to IceShaman. works only if you have perms to post a comment. Exploit with replye is...

[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)

Overflow.pl Security Advisory 5 Clam AntiVirus Win32-UPX Heap Overflow not default configuration Vendor: Clam AntiVirus Affected version: Prior to 0.88.1 Vendor status: Fixed version released 0.88.1 Author: Damian Put [email protected] URL: http://www.overflow.pl/adv/clamavupxinteger.txt Date:...

Sendmail DEBUG Command Enabled

The remote Sendmail service accepts the DEBUG command. SPDX-FileCopyrightText: 1999 Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendmail:sendmail";...

Mercur MailServer 5.0 SP3 - IMAP Remote Buffer Overflow (1)

Mercur MailServer 5.0 SP3 - IMAP Remote Buffer Overflow 1 / mercur.cpp Atrium Mercur IMAP 5.0 SP3 Messaging Multiple IMAP Commands Remote Exploit Copyright C 2006 Javaphile Group http://www.javaphile.org Exploits code by : pll Ellison.Tangatgmaildotcom Bug Reference:...

capi4hylafax hylafax addon symbolic links problem

Symbolic links problem on creation of debug and log files...

SCO Unixware 7.1.3 - ptrace Local Privilege Escalation

SCO Unixware 7.1.3 - ptrace Local Privilege Escalation / SCO Unixware 7.1.3 ptrace local root exploit ============================================ SCO Unixware 7.1.3 kernel allows unprivledged users to debug binaries. The condition can be exploited by an attacker when he has execute permissions t...

FrontPage fp30reg.dll remote debug buffer overflow

Added: 01/30/2006 CVE: CVE-2003-0822 BID: 9007 OSVDB: 2952 Background Microsoft FrontPage Server Extensions includes a remote debugging function. Problem A buffer overflow in fp30reg.dll leads to a vulnerability in the remote debug function in FrontPage Server Extensions. A remote attacker could...