MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit

No description provided by source. / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof PoC File:...

VERITAS Backup Exec Remote Agent Static Password Arbitrary File Download

The remote host is running a version of VERITAS Backup Exec Agent which is configured with a default root account. An attacker may exploit this flaw to retrieve files from the remote host. C Tenable Network Security, Inc. Credit for the default root account values: - Metsaploit and an anonymous...

MS05-038: Cumulative Security Update for Internet Explorer (896727)

The remote host contains a version of the Internet Explorer that is vulnerable to multiple security flaws JPEG Rendering, Web Folder, COM Object that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web pag...

MS05-039: Vulnerability in Plug and Play Service Could Allow Remote Code Execution (899588) (uncredentialed check)

The remote version of Windows contains a flaw in the function 'PNPQueryResConfList' in the Plug and Play service that may allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. A series of worms Zotob are known to exploit this vulnerability in the wild. C Tenable...

SysCP 1.2.x - Multiple Script Execution Vulnerabilities

source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute i...

maxwebportalxss.txt

--Alt-Boundary-12164.15822371 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Desc: Maxwebportal 1.3.5 and prior Risk: High MaxWebPortal is...

Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection

The remote host is running Cyberstrong eShop, a shopping cart written in ASP. The remote version of this software contains several input validation flaws leading to SQL injection vulnerabilities. An attacker may exploit these flaws to affect database queries, possibly resulting in disclosure of...

CA BrightStor ARCserve Backup (dsconfig.exe) Buffer Overflow

Exploit for unknown platform in category remote exploits...

Dragonfly Shopping Cart Multiple vulnerabilities

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org Severity: High Title: Dragonfly Shopping Cart Multiple vulnerabilities Date:...

FreeBSD : mozilla -- privilege escalation via DOM property overrides (f650d5b8-ae62-11d9-a788-0001020eed82)

A Mozilla Foundation Security Advisory reports : mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was...

FreeBSD : mozilla -- privilege escalation via non-DOM property overrides (a6427195-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional...

hostingCreate.txt

-= KeHieuHoc – HCE GROUP =- Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerability : Multiple Unauthenticated information disclose Risk : high Vulnerable Versions: All version...

XBL scripts ran even when Javascript disabled — Mozilla

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them...

ZH2005-14SA.txt

ZH2005-14SA Phishing problems on MSN Date: July 1th 2005 Author:Giovanni Delvecchio email: [email protected] Overview ======= Multiple phishing problems exist on support.msn.com, permitting to a possible attacker to conduct phishing attack against a user. Details ===== 1Input passed to the "r...

Novell ZENworks Multiple Remote Pre-Authentication Overflows

The remote host is running Novell ZENworks Desktop or Server Management, a remote desktop management software. The remote version of this software is affected by multiple heap and stack overflow vulnerabilities which may be exploited by an attacker to to execute arbitrary code on the remote host...

MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check)

The remote version of Windows contains a flaw in the Server Message Block SMB implementation that may allow an attacker to execute arbitrary code on the remote host. An attacker does not need to be authenticated to exploit this flaw. C Tenable Network Security, Inc. include"compat.inc"; if...

citypostXSS.txt

sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software Security Advisory: XSS Vunerabilities in Multiple CityPost Software Severity: Medium Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor and Automated Link Exchange Vendor: Allen Kim Vendor Website:...

PortalAppXSS.txt

http://www.snkenjoi.com/secadv/secadv8.txt sNKenjoi's Security Advisory: XSS Vunerabilities in PortalApp v3.3 Security Advisory: XSS Vunerabilities in PortalApp v3.3 Severity: Medium Title: XSS Vunerabilities in PortalApp v3.3 Vendor: Iatek Vendor Website: http://www.portalapp.com/ Proof of Conce...

Serendipity < 0.80 RC7 Multiple Vulnerabilities

Binary data 2920.prm...

JGS-Portal 3.0.13.0.2 - jgs_portal_sponsor.php?id SQL Injection

JGS-Portal 3.0.13.0.2 - jgsportalsponsor.php?id SQL Injection source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...