3675 matches found
CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-7081
The CVE-2008-7081 entry concerns RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1. The described vulnerability allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. This is a network-accessible issue with complete confidentiality...
Examples teach you to understand the net horse-vulnerability warning-the black bar safety net
The main code is as follows: SCRIPT language=”JavaScript” window. status=”completed”; evalfunctionp,a,c,k,e,de=functioncreturn c. toString3 6;if!”. replace/^/,Stringwhilec–dc. toStringa=kc||c. toStringak=functionereturn de;e=functionreturn’\\w+’;c=1;whilec–ifkcp=p. replacenew...
SIPS v0.2.2 Remote File Inclusion Vulnerability
/=============================================================================================================================================== | | o SIPS v0.2.2 Remote File Inclusion Vulnerability | | Software : SIPS v0.2.2 | Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |...
Is It Time to Stop Password Masking?
From SANS AppSec Street Fighter Blog Jason Montgomery I just ran across Jakob Nielsen‘s Alert Box post titled Stop Password Masking and wanted to provide some feedback from a security vs. usability perspective. I have great respect for Nielsen’s contribution to the usability of the web. Back in t...
Firefox browser engine crashes
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...
openSUSE 10 Security Update : seamonkey (seamonkey-6310)
The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 bmo460090,485217 Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with...
MRCGIGUY Message Box 1.0 Insecure Cookie Handling Vuln
No description provided by source. --------------------------------------------------------------- --------------------------------------------------------------- Message Box Version 1.0 Insecure Cookie Handling Vulnerability --------------------------------------------------------------- Founder...
MRCGIGUY Message Box 1.0 - Insecure Cookie Handling
MRCGIGUY Message Box 1.0 - Insecure Cookie Handling --------------------------------------------------------------- --------------------------------------------------------------- Message Box Version 1.0 Insecure Cookie Handling Vulnerability...
MRCGIGUY Message Box 1.0 Insecure Cookie Handling Vuln
Exploit for unknown platform in category web applications ====================================================== MRCGIGUY Message Box 1.0 Insecure Cookie Handling Vuln ====================================================== --------------------------------------------------------------- Message Bo...
MRCGIGUY Message Box 1.0 - Insecure Cookie Handling
--------------------------------------------------------------- --------------------------------------------------------------- Message Box Version 1.0 Insecure Cookie Handling Vulnerability --------------------------------------------------------------- Founder : TiGeR-Dz...
Cross site request forgery (csrf)
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an...
Formshield Captcha - Older Version vulnerable to replay attacks
Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield – A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our...
firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
The Internationalized Domain Names IDN blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...
URL spoofing with box drawing character — Mozilla
Bjoern Hoehrmann and security researcher Moxie Marlinspike independently reported that Unicode box drawing characters were allowed in Internationalized Domain Names IDN where they could be visually confused with punctuation used in valid web addresses. This could be combined with a phishing-type...
6KBBS system to break the back door file-vulnerability warning-the black bar safety net
From:Dream an end Hello, I'm Dream an end. See the September the the hackers Handbook the lone water around the city, my brother wrote that article, the alarm bells ringing-the vigilant hidden in the web site behind the trap of feeling quite a lot. In this crazy Internet era, made a rookie your o...
Bypass getimagesize()function defect-vulnerability warning-the black bar safety net
By: the superhei A lot of php code using getimagesizeto determine if your Upload file is not image, a lot of people in the Black-Box testing will be used in the php code before adding a GIF89a to bypass such code: ifgetimagesize$file print yes; else print No.; But there are many cases there are...
Trellis Desk v1.0 XSS Vulnerability
This problem has been reported to the author but no action taken to resolve the issue. The search box does not sanitise data and is open to simple XSS SQL injection. file sources/article.php find around line 519 $searchstring = $this-ifthd-input'keywords'; Needs to have the following line added...
Synactis All-In-The-Box ActiveX Remote Code Execution Vulnerability
This host is installed with All-In-The-Box ActiveX and is prone to Remote Code Execution Vulnerability. OpenVAS Vulnerability Test $Id: gbsynactisallintheboxactivexcodeexecvuln.nasl 5369 2017-02-20 14:48:07Z cfi $ Synactis All-In-The-Box ActiveX Remote Code Execution Vulnerability Authors: Sujit...