Stack overflow

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.cPatch3 allows remote attackers to execute arbitrary code or cause a denial of service service crash via a long request...

CVE-2010-3281

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.cPatch3 allows remote attackers to execute arbitrary code or cause a denial of service service crash via a long request...

CVE-2010-3281

CVE-2010-3281 describes a stack-based buffer overflow in the HTTP proxy of the Alcatel-Lucent OmniVista 4760 server. The vulnerability is triggered by a long HTTP GET request to the built-in proxy, allowing remote attackers to potentially execute arbitrary code or cause a denial of service. Affec...

Alcatel OmniVista 4760 buffer overflow

Buffer overflow in built-in HTTP proxy...

n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.002 20-September-2010 Vendor: Alcatel Affected Products: OmniVista 4760 server: all versions prior to release R5.1.06.03.cPatch3. Vulnerability: arbitrary code execution Risk: High CVE-Number: CVE-2010-3281 Vendor communication:...

QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)

$Id: qbikwingatewwwproxy.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ColdCalendar 2.06 - SQL Injection

!/usr/bin/python ColdGen - coldcalender v2.06 Remote 0day SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only. Do not use this code to do anything...

ColdUserGroup 1.06 - Blind SQL Injection

ColdUserGroup 1.06 - Blind SQL Injection !/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purpose...

ColdCalendar 2.06 SQL Injection Exploit

Exploit for python platform in category web applications ======================================= ColdCalendar 2.06 SQL Injection Exploit ======================================= !/usr/bin/python ColdGen - coldcalender v2.06 Remote 0day SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by...

ColdUserGroup 1.06 Blind SQL Injection Exploit

Exploit for python platform in category web applications ============================================== ColdUserGroup 1.06 Blind SQL Injection Exploit ============================================== !/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor:...

GFI WebMonitor Admin UI Remote Script Code Injection

GFI WebMonitor Admin UI Remote Script Code Injection ==================================================== Affected Products/Versions -------------------------- Product Name: GFI Webmonitor Version Number: 2009 Build Number: 20100324 Platform: Microsoft Windows Product/Company Information...

rsaUnDumper[sql] – универсальный дампер SQL INJECTION

Версия 1.5 Нововведения по сравнению с версией 1.0: добавлена поддержка прокси http; socks4 и sokcs5 - с авторизацией возможно указывать приоритет для потоков фак по ним позже, щас можно почитать msdn теперь вы указываете не url, а HTTP запрос, т.е. есть возможность дампить sql inj с уюзвимым pos...

Tumblr.com Cross Site Scripting

================================================================================================== $$$$$$$\ $$\ $$\ $$\ $$$$$$\ $$ $$\ | $$ | $$ | $$ $$\ $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | $$$$$$$\ |$$ |$$ |$$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ |...

citrix-enum-apps-xml NSE Script

Extracts a list of applications, ACLs, and settings from the Citrix XML service. The script returns more output with higher verbosity. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline,...

citrix-brute-xml NSE Script

Attempts to guess valid credentials for the Citrix PN Web Agent XML Service. The XML service authenticates against the local Windows server or the Active Directory. This script makes no attempt of preventing account lockout. If the password list contains more passwords than the lockout-threshold...

RHEL 5 : java-1.5.0-bea (RHSA-2008:0156)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0156 advisory. - Security Vulnerability in Java Runtime Environment With Applet Caching CVE-2007-5232 - Untrusted Application or Applet May Move or Copy...

RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0132)

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.4.2 SR10 Java release includes the IBM...

CVE-2008-6882

Live Chat comlivechat component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string...

Open redirect

Live Chat comlivechat component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string...

CVE-2008-6882

CVE-2008-6882 affects the Joomla! Live Chat component (com_livechat) 1.0. The underlying issue is that xmlhttp.php can be used as an open HTTP proxy, allowing remote attackers to forward requests with a full URL in the query string to hide network scanning activities or probe internal networks. T...