CVE-2008-0367

CVE-2008-0367 affects Mozilla Firefox (2.0.0.11, 3.0b2, and possibly earlier) in the HTTP Basic Authentication prompt, where prompting for credentials causes the realm text to display after the site, potentially enabling phishing/spoofing by remote servers. The available connected documents descr...

CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...

Microsoft Visual Basic Enterprise 6 SP6 - .dsr File Handling Buffer Overflow

Microsoft Visual Basic Enterprise 6 SP6 - .dsr File Handling Buffer Overflow usage: exploit.py import time print "---------------------------------------------------------------------------" print ' MS Visual Basic Enterprise Ed. 6 SP6 ".dsr" File Handling Buffer Overflow\n' print " author:...

MS Visual Basic Enterprise Ed. 6 SP6 .dsr File Handling BOF Exploit

Exploit for unknown platform in category local exploits =================================================================== MS Visual Basic Enterprise Ed. 6 SP6 .dsr File Handling BOF Exploit =================================================================== usage: exploit.py import time print...

Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow

usage: exploit.py import time print "---------------------------------------------------------------------------" print ' MS Visual Basic Enterprise Ed. 6 SP6 ".dsr" File Handling Buffer Overflow\n' print " author: shinnai" print " mail: shinnaiatautisticidotorg" print " site:...

Firefox “Basic Realm”基础认证头欺骗漏洞

BUGTRAQ ID: 27111 Firefox是一款开源的WEB浏览器。 Firefox会在所访问的Web服务器返回401状态代码时显示认证对话和WWW-Authenticate头。如果要指定基础认证，WWW-Authenticate头必须设置了Basic realm="XXX"值，然后会在认证对话窗口中显示Realm的值（也就是XXX）。 尽管Firefox不会显示双引号（"）后WWW-Authenticate头Realm值中的字符，但没有过滤单引号（'）和空格，因此攻击者就可以创建特制的Realm值，使认证对话看起来好像来自于可信任的站点，这样就可以执行网络钓鱼攻击。 Mozil...

Mozilla Firefox 'Basic Realm' Basic Authentication Header Spoofing Vulnerability

Mozilla Firefox is prone to a domain-spoofing vulnerability that allows an attacker to spoof an HTTP basic authentication dialog. Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTP basic authentication dialog that the victim may trust. Attackers may fi...

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service source: https://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash...

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

source: https://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users. Note: Forms 2.0 ActiveX is...

Ubuntu 5.04 / 6.06 LTS : openoffice.org-amd64, openoffice.org vulnerabilities (USN-313-1)

It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code including local file access and modification with the user...

Format string

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

Two XSS on Blue Coat ProxySG Management Console

PR07-29: Two XSS on Blue Coat ProxySG Management Console Vulnerability found: 23 July 2007 Vendor informed: 20 August 2007 Vulnerability fixed: 29 October 2007 Advisory publicly released: 1 November 2007 Severity: Medium Description: Blue Coat SG400 is vulnerable to a couple of XSS holes...

[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

Software : phpBasic Music Module Homepage : http://phpbasic.com/ 1. SQL Injection by Xcross87 : Proof of concept : http://victim.com/phpbasic/?php=music&basic=view&id='SQL Injection Xploit admin user account :...

Microsoft Visual Studio PDWizard.ocx ActiveX Control Code Execution (CVE-2007-4891)

Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services.The vulnerability is due to an error in the Microsoft Visual...

[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

Software : phpBasic Music Module Homepage : http://phpbasic.com/ 1. SQL Injection by Xcross87 : Proof of concept : http://victim.com/phpbasic/?php=music&basic=view&id='SQL Injection Xploit admin user account :...

Apache Tomcat - WebDAV SSL Remote File Disclosure

!/usr/bin/perl ================================================================ Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL MoDiFiEd version by : h3rcul3s ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007 http://milw0rm.org/exploits/4530 MoDiFiCaTiOn : This code ...

openSUSE 10 Security Update : mono-core (mono-core-2373)

By appending spaces to URLs and attackers could download the source code of scripts that normally get executed by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mono-core-2373...

CVE-2007-5487

CVE-2007-5487 describes a stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 that can be triggered by a crafted URL in an EXTM3U section of an .m3u file. The underlying cause is a stack-based overflow allowing user-assisted remote attackers to execute arbitrary code on affected sys...

Boa 0.93.15 - HTTP Basic Authentication Bypass

Boa 0.93.15 - HTTP Basic Authentication Bypass / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ----...

Boa 0.93.15 - HTTP Basic Authentication Bypass

/ Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ---- !/usr/bin/env python import urllib2 SERVERIPADDRESS ...