258 matches found
MySQL Community Server 5.1 < 5.1.49 Multiple Denial of Service Vulnerabilities
Binary data 5646.prm...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the 1 include and 2 Configuration'LANGUAGE' parameters...
getPlus insufficient domain name validation vulnerability
------------------------------------------------------------------------ getPlus insufficient domain name validation vulnerability ------------------------------------------------------------------------ Yorick Koster, April 2009...
HMS HICP Modification / Intellicom NetBiterConfing.exe Stack Overflow
----- More info http://reversemode.com/index.php?option=comcontent&task=view&id=65&Itemid=1 ----- 1st PART "HMS HICP Protocol" AFAIK there is no public documentation about this protocol, if not so please let me know and I'll repeatedly hit myself with a sharpened stick.All the information present...
HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow
No description provided by source. More info http://reversemode.com/index.php?option=comcontent&task=view&id=65&Itemid=1 ----- 1st PART "HMS HICP Protocol" AFAIK there is no public documentation about this protocol, if not so please let me know and I'll repeatedly hit myself with a sharpened...
Oracle Database Enumeration
This module provides a simple way to scan an Oracle database server for configuration parameters that may be useful during a penetration test. Valid database credentials must be provided for this module to run. This module requires Metasploit: https://metasploit.com/download Current source:...
dhcp-discover NSE Script
Sends a DHCPINFORM request to a host on UDP port 67 to obtain all the local configuration parameters without allocating a new address. DHCPINFORM is a DHCP request that returns useful information from a DHCP server, without allocating an IP address. The request sends a list of which fields it wan...
Authentication Bypass in Cisco Unity
A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released software updates that address this vulnerabilities. A workaround that mitigates this vulnerability is available. This...
CVE-2007-0443
Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters...
LifeType rss.php profile Parameter Traversal Arbitrary File Access
The remote host is running LifeType, an open source blogging platform written in PHP. The version of LifeType installed on the remote host fails to sanitize input to the 'profile' parameter of the 'rss.php' script of directory traversal sequences. An unauthenticated, remote attacker is able to...
[SA19448] VBook Multiple Vulnerabilities
TITLE: VBook Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19448 VERIFY ADVISORY: http://secunia.com/advisories/19448/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data, System access WHERE: From remote SOFTWARE: VBook 2.x http://secunia.com/product/9051/...
Oracle PL/SQL Gateway fails to properly validate HTTP requests
Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...
(1) Local file inclusion vulnerability and (2) Cross-Site Scripting vulnerability
PMASA-2005-5 Announcement-ID: PMASA-2005-5 Date: 2005-10-22 Updated: 2005-10-25 Summary 1 Local file inclusion vulnerability and 2 Cross-Site Scripting vulnerability Description We received a security advisory from Stefan Esser [email protected] about 1. We received a security advisory from...
CVE-2005-0232
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."...
Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities
source: https://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrar...
Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities
Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities source: https://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error...
Olicom XLT-F XL 80 IM V5.5BL2 - Undocumented Community String
Olicom XLT-F XL 80 IM V5.5BL2 - Undocumented Community String source: https://www.securityfocus.com/bid/2802/info Olicom routers were previously manufactured and distributed by Olicom, a company now owned by Intel. Olicom routers provide a low-cost routing solution for small businesses. A problem...
Cisco IOS 11.x/12.0 - ILMI SNMP Community String
source: https://www.securityfocus.com/bid/2427/info IOS is the operating system designed for various Cisco devices. It is maintained and distributed by Cisco systems. A problem in the versions of IOS 11.x and 12.0 could allow unauthorized access to certain configuration variables within a Cisco...