VHCS --- Virtual Hosting Control System Cross Site Scripting

---------------------------------------------------------- Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & R@1D3N & Smok3r ----------------------------------------------------------- Software: VHCS Link: http://www.vhcs.net Attack method: Cross Site...

Virtual Hosting Control System 2.4.7.1 - 'Server_day_stats.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...

Default credentials

changepassword.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access...

CVE-2006-0685

The CVE-2006-0685 issue affects VHCS (Virtual Hosting Control System) up to version 2.4.7.1, where the check_login function in login.php does not exit on failed authentication. This enables a remote attacker to bypass authentication and gain unauthorized access to VHCS application scripts. The co...

Virtual Hosting Control System 2.2/2.4 - 'change_password.php' Current Password

source: https://www.securityfocus.com/bid/16600/info Virtual Hosting Control System VHCS is prone to multiple input and access vulnerabilities. VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative acces...

eXchange POP3 5.0.050203 - RPCT TO Remote Buffer Overflow

eXchange POP3 5.0.050203 - RPCT TO Remote Buffer Overflow !/usr/bin/perl -w for educational purposes only . use IO::Socket; if $ARGV0 print "\n write the target IP!! \n\n"; exit; $buffer2 = "\x90"x1999999; $mailf= "mail"; $rcptt ="rcpt to:"; $buffer = "\x41"x4100; $ret = "\x80\x1d\xdc\x02";...

CVE-2005-3902

VHCS (Virtual Hosting Control System) versions 2.2.0 through 2.4.6.2 are affected by a cross-site scripting (XSS) vulnerability in gui/errordocs/index.php. Attackers can inject arbitrary script or HTML via query strings that are reflected in an error message. The advisory entries (NVD CVE-2005-39...

Virtual Hosting Control System 2.2/2.4 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser session of another user in the...

MCCS Multi Computer Control System DoS

DoS on internal UDP-based control protocol parsing...

CVS: Multiple vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...

[Full-Disclosure] Kernelpanik Labs Digest 2005-1

Hi and happy new year. This is a email digest with security fails recently published by Kernelpanik Labs http://www.kernelpanik.org Apache suEXEC Bypass -------------------- Small document about how bypass isolating procedures, i.e. suEXEC, in Apache WebServer. English document:...

DEBIAN-CVE-2004-0778

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned...

RHEL 2.1 / 3 : cvs (RHSA-2004:153)

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CVE-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

security flaw

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service crash, modification of critical program data, or arbitrary code execution...

security flaw

servenotify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data...

cvs security update

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS. A security problem which could allow a server to create arbitrary files on a client machine, and...

Moderate: Red Hat Security Advisory: cvs security update

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

Low: Red Hat Security Advisory: cvs security update

Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a...

Low: Red Hat Security Advisory: : Updated CVS packages fix minor security issue

Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a...

CVE-2003-1342

Trend Micro Virus Control System TVCS 1.8 running with IIS allows remote attackers to cause a denial of service memory consumption in IIS via multiple URL requests for ActiveSupport.exe...