Samba NDR MS-RPC Request Heap-Based Remote Buffer Overflow

The version of the Samba server installed on the remote host is affected by multiple heap overflow vulnerabilities, which can be exploited remotely to execute code with the privileges of the Samba daemon. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid25216;...

MS07-027: Cumulative Security Update for Internet Explorer (931768)

The remote host is missing the IE cumulative security update 931768. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...

SunShop Shopping Cart 3.54.0 - Multiple Remote File Inclusions

SunShop Shopping Cart 3.54.0 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/23662/info Sunshop is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to...

SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/23662/info Sunshop is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks...

Remot File Include download_engine_V1.4.3

By Hasadya Raed Contact : [email protected] Israel -------------------------- Script : downloadengineV1.4.3 Dork : c 2002 AlexScriptEngine -------------------------- B.Files : addmember.php class.phpmailer.php colorpicker.php -------------------------- Exploits :...

MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

The remote host is running a version of Windows containing a bug in the CSRSS error message handling routine that could allow an attacker to execute arbitrary code on the remote host by luring a user on the remote host into visiting a rogue website. Additionally, the system is prone to the...

Remot File Include In Script Lore v1

By Hasadya Raed Contact : [email protected] Greetz : Brotha Mohammed Zeed --------------------------- Script : Lore v1 Download : http://www.pineappletechnologies.com Dork : Pineapple Technologies 2003-2005 c --------------------------- B.Files : class.phpmailer.php function.htmlcheckboxes.php...

PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusions

PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusions -------------------------------------------------------- php-generics 1.0 Remote File Inclusion Vulnerabilities -------------------------------------------------------- Software: php-generics 1.0Beta Vendor:...

phpMyNewsletter 0.8 (beta5) - Multiple Vulnerabilities

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc Delete Config Value Rude Attack - can't do anything after 2 - Send an Email to all of the subscribers Do not alter anything Related: 1 - None 2 - OneWordTitle TextOfYourChoice Es: php ".$argv0."...

Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities

To ConTacT mE @ www.Asb-May.net/bb ScRiPt:-http://kaqoo.com/server/download.php GrEaTz To:-ToOofa-HaCk.eGy-Alkmadz-Bright Dark All AsB-MaY DisCoverY ExPloIts GrOup Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Wrong Code:- includeonce"$installroot...

Remot File Include In Aardvark Topsites PHP 5

By Hasadya Raed Contact : [email protected] Israel ---------------------------------------- Script : Aardvark Topsites PHP 5 Dork : "Copyright c 2003-2005 Jeremy Scheff. All rights reserved" --------------------------------------- B.Files : settingssql.php newday.php...

MySQL Single Row Subselect Remote DoS

According to its banner, the version of MySQL on the remote host is older than 5.0.37. Such versions are vulnerable to a remote denial of service when processing certain single row subselect queries. A malicious user can crash the service via a specially crafted SQL query. C Tenable Network...

AIX 4.3 lsmcode local root command execution

It has been reported on http://www.securityfocus.com/bid/18114/ about this vulnerability in AIX 5.1 - 5.3, some exploits is published in milw0rm to exploits this issue http://milw0rm.com/exploits/701 I have an AIX 4.3 box and it seems vulnerable with this issue too bash-2.04$ mkdirhier /tmp/aap/b...

Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability

Dear Micha? Majchrowicz, This image also effectively exploits stack overflow in FastStone Image Viewer 2.8, EIP is 0x41414141. --Monday, March 26, 2007, 12:20:07 AM, you wrote to [email protected]: MM Everytime you try to turn on the slideshow with a JPG file in the MM folder you get BSoD...

Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ========================================================================= Kaqoo Auction installroot Multiple Remote File Include Vulnerabilities =========================================================================...

PHP 5.2.1 - Multiple functions 'Reference' Information Disclosures

source: https://www.securityfocus.com/bid/23202/info PHP is prone to an information-disclosure vulnerability due to a design error. The vulnerability resides in various functions that accept parameters as references. Successful exploits will allow attackers to obtain sensitive information...

CVE-2007-1723

Multiple cross-site scripting XSS vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 network, 2 defRouterIp, 3 hostName, 4 domainName, 5 ipAddress, 6 defaultRouter, 7 dns1, or 8 dns2...

Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit

No description provided by source. / Exploiting Microsoft DNS Dynamic Updates for Fun and profit Andres Tarasco Acu?a - c 2007 Url: http://www.514.es By default, most Microsoft DNS servers integrated with active directory allow insecure dynamic updates for dns records. This feature allows remote...

Philex 0.2.3 - Remote File Inclusion / File Disclosure

Philex 0.2.3 Exploit Remote File Include: PathPhilex/header.inc.php?CssFile=Shell V.Code Disclosure: readfile$HTTPGETVARS"file"; Exploit Remote File Disclosure: PathPhilex/download.php?file=conf.inc.php milw0rm.com 2007-03-23...