3634 matches found
Scorched 3D server chat box format string vulnerability
Background Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Description Scorched 3D build 36.2 a...
PHP-Nuke 5.x6.0 - Avatar HTML Injection
PHP-Nuke 5.x6.0 - Avatar HTML Injection source: https://www.securityfocus.com/bid/6750/info A problem with PHP-Nuke could allow remote users to execute arbitrary code in the context of the web site. The problem is in the lack of sanitization of some types of input. PHP-Nuke does not sanitize code...
WU-IMAP 2000.287(1-2) - Remote Overflow
WU-IMAP 2000.2871-2 - Remote Overflow / 7350owex- x86/linux WU-IMAP 2000.2871-2 remote exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to thir...
Xoops topics : One more time
Hi again, I just found an other Script injection issue in Xoops Private Message Box. http://xooped-site/pmlite.php?touserid=USERIDOFTARGET&msgid=&image=fo o.gif'scriptalert"test";/scriptimg20src='http://www.isecurelabs.com /images/barre.jpg&op=submit&theme=snow&subject=Are you sure...
Microsoft Internet Explorer download dialog may not display complete filenames
Overview There is a vulnerability in the download dialog box in Internet Explorer versions 5.5 and 6.0. The vulnerability allows an attacker to mislead users, causing them to inadvertently execute arbitrary code on the user's system. Description When downloading files included in web pages, users...
Remote command execution via KW Whois 1.0
Greetings, There is a vulnerability in Kootenay Web Inc's KW Whois v1.0 which allows malicious users to execute commands as the uid/gid of the webserver. The hole lies in unchecked user input via an input form box. The form element input type=text name="whois" is not checked by the script for...
New Tool: initd_.sh;
/ Attachment did not send... resending sorry for the bulk / Heyas ; I wrote this tool in the last couple of days to see if I could actually implement a program that would automatically attack local binaries and attempt to find exploits in respect to buffer overflows via command line switches...
Nokia 7110 Wap Browser Hole
Ok, so this may be slighly off topic for this forum, but I though id post it anyway. The nokia 7110 wap browser will happily pass form varibles that were entered once to another site later on in the same session? Not sure how long it stores them for The problem is that the Nokia recognises forms...
CVE-1999-0444
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files...
CVE-1999-0592
The Logon box of a Windows NT system displays the name of the last user who logged in...
February 24, 2021—KB4601382 (OS Builds 19041.844 and 19042.844) Preview
February 24, 2021—KB4601382 OS Builds 19041.844 and 19042.844 Preview NEW 2/24/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash...
CVE-1999-0592
The Logon box of a Windows NT system displays the name of the last user who logged in...
PT-1999-1211 · Microsoft · Windows Nt
Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: The issue concerns a Windows NT system where the Logon box displays the name of the last user who logged in. Recommendations: At the moment, there is no information about a newer version...
OOBE ZDP
This category would be used by the updates that would meet the ZDP bar...