36 matches found
MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
MiniShare 1.4.1 HEAD / POST Buffer Overflow
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
HP Universal Configuration Management Database Server Authentication Bypass
The version of HP Universal Configuration Management Database Server running on the remote web server is affected by an authentication bypass vulnerability due to the JMX-Console component performing access control only for GET and POST methods. A remote attacker, using the HTTP HEAD method, can...
[THC-Hydra v7.6] Fast Parallel Network Logon Cracker
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...
[THC-Hydra 7.5] Fast Parallel Network Logon Cracker
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...
Easy to want to buy the system through the kill SQL injection vulnerability analysis and exploit-vulnerability warning-the black bar safety net
Just open the red and black see J8 friends write aeasy to want to buy the system to the latest version through the killarticle, look at his posted code there is a getclientipfunction, haha, I guess not filtered, decisive under a set of procedures. Find getclientipfunction. // Get the Client IP...
Nero MediaHome Multiple Remote DoS Vulnerabilities
Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper Handling of Length Parameter Inconsistency...
Nero MediaHome 4.5.8.0 - Denial of Service
Nero MediaHome 4.5.8.0 - Denial of Service Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper...
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Public Disclosure: December 5, 2012...
IBM WebSphere Application Server < 7.0.0.7 Multiple Vulnerabilities
Binary data 5235.prm...
IBM WebSphere Application Server 7.0 < Fix Pack 7
IBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console...
HTTP NIDS evasion
This plugin configures OpenVAS for NIDS evasion see the SPDX-FileCopyrightText: 2008 Michel Arboi / Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only The HTTP IDS evasion...
CVE-2004-2534
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service connection consumption by sending a large number HTTP HEAD requests...
CVE-2004-2534
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service connection consumption by sending a large number HTTP HEAD requests...
[SA13268] Fastream NETFile FTP/Web Server Multiple HEAD Requests Denial of Service
TITLE: Fastream NETFile FTP/Web Server Multiple HEAD Requests Denial of Service SECUNIA ADVISORY ID: SA13268 VERIFY ADVISORY: http://secunia.com/advisories/13268/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: Fastream NETFile FTP/Web Server 6.x http://secunia.com/product/2455/...
Fastream NETFile FTP/Web Server HEAD Request Saturation DoS
The remote host appears to be running FastStream NETFile Server version 7.1 or older. These versions do not close the connection when an HTTP HEAD request is received with the keep-alive option set. An attacker may exploit this flaw by sending multiple HEAD requests to the remote host, thus...