webcalXSS.txt

Author: Stan Bubrouski Date: December 16, 2005 Package: WebCal by Michael Arndt; http://bulldog.tzo.org/webcal/webcal.html Versions Affected: 1.11-3.04 unknown alertdocument.cookie&cal=public http://bulldog.tzo.org/perl/webcal.cgi?function=webyear&cal=public&year=alertdocument.cookie...

QuickPayPro™ 3.1 Multiple vuln.

QuickPayPro™ 3.1 Multiple vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html vendor:http://quickpaypro.com/ affected version:3.1 and prior Product Description: QuickPayPro.com has been Online for over 3 years no...

CVE-2005-3583

1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.208, 1.4.209, and 1.5.005 and possibly other versions allow remote attackers to cause a denial of service JVM unresponsive via a crafted serialized object, such as a font object as demonstrated on JBoss...

CVE-2004-2540

readObject in 1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.0 through 1.4.205 allows remote attackers to cause a denial of service JVM unresponsive via crafted serialized data...

CVE-2005-3583

1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.208, 1.4.209, and 1.5.005 and possibly other versions allow remote attackers to cause a denial of service JVM unresponsive via a crafted serialized object, such as a font object as demonstrated on JBoss...

Sun Java Development Toolkit DoS

Crash on font deserialization...

Against three stunt--talking about the Trojans of“the search, blocking, kill”-bug warning-the black bar safety net

RFC1244Request for Comments:1 2 4 4is this description of the Trojan:“the Trojan horse is a program, it can provide some useful, or just interesting features. But it is also the user did not know the other functions, such as in your ignorance of the case copy the file or steal your password.” Wit...

CVE-2005-3068

Unspecified vulnerability in Eric Integrated Development Environment eric3 before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit."...

CVE-2005-3068

Summary : CVE-2005-3068 affects the Eric IDE (eric3). Debian security advisory DSA-869-1 states the vulnerability is caused by missing input sanitising in eric, which could lead to arbitrary code execution. Affected releases: eric before 3.7.2; the fix is in eric 3.7.2-1 (and 3.6.2-2 for the rele...

Ethereal 10.x - AFP Protocol Dissector Remote Format String

Ethereal 10.x - AFP Protocol Dissector Remote Format String / etherealv0.10.: AFP remote format string exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xethereal-afp-fmt.c -o xethereal-afp-fmt ethereal homepage/url: http://www.ethereal.com syntax: ./xethereal-afp-fmt -spSrPanc...

Arbitrary code execution in SlimFTPd v3.16

Arbitrary code execution in SlimFTPd v3.16 discovered by Raphal Rigo Product: SlimFTPd by WhitSoft Development Affected Version: 3.16 verified, =3.16 probably too Not affected Version: 3.17 OS affected: All Win32 Risk: Critical Remote Exploit: yes URL: http://www.whitsoftdev.com/slimftpd/ Overvie...

SOL4809 - tcpdump vulnerabilities - CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280

F5 Networks Product Development tracked this issue as CR48152 and CR48153 and it was fixed in BIG-IP and 3-DNS version 4.5.13. This issue still exists in the BIG-IP and 3-DNS 4.6 software branch...

RHEL 4 : krb5 (RHSA-2005:567)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:567 advisory. Kerberos is a networked authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. A...

IMail.pl

GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 = "/dl.php?a=0.1&OURFILE=ff24404eeac528b"...

CVE-2003-1156

Java Runtime Environment JRE and Software Development Kit SDK 1.4.2 through 1.4.202 allows local users to overwrite arbitrary files via a symlink attack on 1 unpack.log, as created by the unpack program, or 2 .mailcap1 and .mime.types1, as created by the RPM program...

I-Mall Commerce - i-mall.cgi Remote Command Execution

I-Mall Commerce - i-mall.cgi Remote Command Execution I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1...

msjet40.txt

See-security Technologies ltd. http://www.see-security.com Microsoft Jet msjet40.dll Reverse Shell Exploit coded by Tal zeltzer Based on the exploit written by S.Pearson import sys import struct Addresses are compatible with Windows XP Service Pack 1 ReturnAddress = 0x77F51B93 Address of "jmp edx...

postnukeSQL0760.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical SQL Injection 0.760-RC2=x cXIb8O3.1 Author: cXIb8O3Maksymilian Arciemowicz Date: 15.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC2=x PostNuke is an open source, open developement...

postnukeSQL0760-2.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...

[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...