SNMPv3 HMAC validation error Remote Authentication Bypass Exploit

Exploit for multiple platform in category remote exploits ================================================================= SNMPv3 HMAC validation error Remote Authentication Bypass Exploit ================================================================= snmpv3exp.sh exploit the vulnerability...

SNMPv3 - HMAC Validation error Remote Authentication Bypass

SNMPv3 - HMAC Validation error Remote Authentication Bypass snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini http://lab.mediaservice.net/...

net-snmp SNMPv3 authentication bypass (VU#877044)

SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...

CVE-2008-2097

Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."...

Code injection

scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field aka Email text box. NOTE: the vendor disputes this, stating "I'm unable to...

CVE-2008-2488

CVE-2008-2488 affects RoomPHPlanning 1.5. The issue is in admin/userform.php, where no administrative credentials are required, allowing remote authenticated users to create new admin accounts. This is the root cause and directly leads to privilege escalation within the application. The available...

Unrestricted file upload

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard...

CVE-2008-2392

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard...

mysql: daemon crash via EXPLAIN on queries on information schema

sqlselect.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service crash via an EXPLAIN SELECT FROM on the INFORMATIONSCHEMA table, as originally demonstrated using ORDER BY...

CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database...

CVE-2008-2131

CVE-2008-2131 is an XSS vulnerability in mvnForum 1.1 GA. The issue allows remote authenticated users to inject arbitrary script/HTML via the topic field, which is echoed in user/viewthread.jsp when using the quick reply button. The vulnerability is documented across multiple sources (NVD and CVE...

CVE-2008-2105

emailin.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE...

CVE-2008-2105

CVE-2008-2105 affects Bugzilla: vulnerable in Bugzilla 2.23.4 and 3.0.x before 3.0.4, and 3.1.x before 3.1.4. A remote authenticated user can abuse the @reporter command in the body of an email to spoof the bug changer, overriding the address from the From header. This bypasses normal From-header...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1874

SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter...

CVE-2008-1785

delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter...

DEBIAN-CVE-2008-0887

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...

Sql injection

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...

CVE-2008-0887

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...

CVE-2008-0887

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...