phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

No description provided by source. !/usr/bin/perl phpRPC =0.7 Remote Command Execution Exploit based on: http://www.gulftech.org/?node=research&articleid=00105-02262006 Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to...

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

Exploit for unknown platform in category web applications ================================================================= phpRPC Library $host, "proxy=s" = $proxy, "verbose+" = $verbose; &usage unless $host; while print color"green", "cijfer$ ", color"reset"; chomp$command = ; exit unless...

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (1)

!/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print 'IRAN HOMELAND SECURITY$ '; $cmd = ; chop$cmd; last if $cmd eq 'exit';...

phpRPC Library &lt;= 0.7 XML Data Decoding Remote Code Execution

No description provided by source. !/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC = 0.7 commands execute exploit by LorD http://www.ihs.ir IRAN HOMELAND SECURITY$ uname -a;id;pwd Linux sc8-pr-web9.sourceforge.net...

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (1)

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution 1 !/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print 'IRAN...

GLSA-200602-08 : libtasn1, GNU TLS: Security flaw in DER decoding

The remote host is affected by the vulnerability described in GLSA-200602-08 libtasn1, GNU TLS: Security flaw in DER decoding Evgeny Legerov has reported a flaw in the DER decoding routines provided by libtasn1, which could cause an out of bounds access to occur. Impact : A remote attacker could...

libtasn1, GNU TLS: Security flaw in DER decoding

Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Libtasn1 is included with the GNU TLS library, which is used by applications to provide a cryptographically secure communications channel. Description...

Communigate Pro < 5.0.8 LDAP Module BER Decoding DoS

Binary data 3415.prm...

Communigate Pro < 5.0.7 LDAP Module BER Decoding DoS

Binary data 3387.prm...

security flaw

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...

Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-83-2)

USN-83-1 fixed some vulnerabilities in the 'lesstif2' library. The older 'lesstif1' library was also affected, however, a fix was not yet available at that time. This USN fixes the flaws for lesstif1. Please note that there are no supported applications that use this library, so this only affects...

Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-83-1)

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image...

Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-92-1)

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image...

Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution

Binary data 3365.prm...

Update Protection against a Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange (MS06-003)

A vulnerability exists in the way Microsoft Exchange server and Microsoft Outlook products handle the decoding of the Transport Neutral Encapsulation TNEF MIME attachment. The TNEF format is used by many Microsoft products such as Exchange and Outlook to transfer messages formatted as Rich Text...

MS06-003: Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

The remote host is running a version of Outlook or Exchange containing a bug in the Transport Neutral Encapsulation Format TNEF MIME attachment handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email. C Tenable Network Security,...

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

GLSA-200511-14 : GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200511-14 GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities iDEFENSE reported a possible heap overflow in the XPM loader CVE-2005-3186. Upon further inspection, Ludwig Nussel discovered two additional issues in the XPM...

libungif security update

CentOS Errata and Security Advisory CESA-2005:828 Updated libungif packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The libungif package contains a shared library of functions for loading...

LiteServe URL Decoding DoS Vulnerability

The remote web server dies when an URL consisting of a long invalid string of % is sent. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...