IE Winhlp32.exe MsgBox F1

$Id: iewinhlp32.rb 8688 2010-03-02 12:23:17Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Vulnerabilities in vBulletin

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в vBulletin. Abuse of Functionality: Логины пользователей являются их именами на форуме, что позволяет выявить логины в системе. Abuse of Functionality: На странице...

CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

[SECURITY] Fedora 12 Update: pdfedit-0.4.3-4.fc12

Free pdf editing using PdfEdit. Complete editing of pdf documents is made possible with PDFedit. You can change either raw pdf objects for advanced users or use predefined gui functions. Functions can be easily added as everything is based on a script...

Unfixed XSS vulnerability at www.runnersworld.se

Security researcher Uber0n, has submitted on 17/02/2010 a cross-site-scripting XSS vulnerability affecting www.runnersworld.se, which at the time of submission ranked 571313 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 14/06/2010. It is...

Mandriva Update for nuface MDVA-2010:057 (nuface)

Check for the Version of nuface OpenVAS Vulnerability Test Mandriva Update for nuface MDVA-2010:057 nuface Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org)

Check for the Version of openoffice.org OpenVAS Vulnerability Test Mandriva Update for openoffice.org MDVSA-2010:035 openoffice.org Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CVE-2003-1578

Sun ONE aka iPlanet Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning...

Design/Logic Flaw

The replay functionality for ZFS Intent Log ZIL in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances...

linux/x86 write(0 Hello core!\n"" 12)

No description provided by source. / writehello-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it to see if my dup2loop worked. If you don't get "Hello core!\n" back it's a good indicator your shell won't be functional th...

Unfixed XSS vulnerability at www.icomplaints.in

Security researcher Th3 RDX, has submitted on 01/07/2010 a cross-site-scripting XSS vulnerability affecting www.icomplaints.in, which at the time of submission ranked 204926 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/07/2010. It is...

Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities.

The remote host is running the Sun Java System Directory Proxy Server, an LDAP application-layer protocol gateway. It is typically provided with Sun Java System Directory Server Enterprise Edition. The installed version of Sun Java System Directory Proxy Server is older than 6.3.1.1 and thus...

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

[SECURITY] Fedora 11 Update: tomcat-native-1.1.18-1.fc11

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

CVE-2009-3731

Multiple cross-site scripting XSS vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks...

Unfixed XSS vulnerability at www.famiglienuove.org

Security researcher Ribel, has submitted on 16/12/2009 a cross-site-scripting XSS vulnerability affecting www.famiglienuove.org, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2010. It is currentl...

Advanced Image Hosting 2.2 XSS

Vendor: http://yabsoft.com/ .. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + XSS + + http://server/search.php?text=%3Cscript%3Ealertdocument.cookie%3C/script%3E&dosearch=Search + + +...

Mandriva Linux Security Advisory : pidgin (MDVSA-2009:321)

Security vulnerabilities has been identified and fixed in pidgin : The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. CVE-2008-3532 Pidgin 2.4....

CVE-2009-4110

Cross-site scripting XSS vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page...