Serv-U FTP Server Timezone MDTM Buffer Overflow (CVE-2004-0330)

Serv-U FTP Server is a widely-used FTP server that includes enterprise-grade features such as SSL support, ODBC and Windows NT/SAM user account management, virtual directories, compression etc. By default configuration, Serv-U FTP Server listens on 21/TCP for incoming FTP request. There exists a...

CVE-2009-3905

CVE-2009-3905 concerns XSS in the e-Courier CMS. The vulnerability arises from unsafely handling the UserGUID parameter in multiple pages: Wizard_tracking.asp, wizard_oe2.asp, your-register.asp, main-whyregister.asp, and your.asp in home/, plus unspecified vectors. Public details from NVD/NVD-der...

CVE-2009-3833

CVE-2009-3833: TFTgallery

CVE-2009-3696

Cross-site scripting XSS vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table...

CVE-2009-3650

CVE-2009-3650 is a Cross-site Scripting (XSS) vulnerability in the Dex module for Drupal. Affected software includes Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, where the module allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected document...

Code injection

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable...

CVE-2009-3247

Cross-site scripting XSS vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the querystring vector is already covered by CVE-2008-3101.3...

Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass Remote Code Injection

Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass Remote Code Injection !/bin/bash Oracle Secure Backup Administration Server authentication bypass, plus command injection vulnerability 1-day exploit for CVE-2009-1977 and CVE-2009-1978 PoC script successfully tested on: Oracle Secure...

Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection

!/bin/bash Oracle Secure Backup Administration Server authentication bypass, plus command injection vulnerability 1-day exploit for CVE-2009-1977 and CVE-2009-1978 PoC script successfully tested on: Oracle Secure Backup Server 10.3.0.1.0win32release MS Windows Professional XP SP3 In August 2009,...

CVE-2009-3057

CVE-2009-3057 affects AOM Software Beex 3. The vulnerability is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to the vulnerable pages (1) news.php and (2) partneralle.php). The connected documents specify t...

FreeBSD : dnsmasq -- TFTP server remote code injection vulnerability (80aa98e0-97b4-11de-b946-0030843d3802)

Simon Kelley reports : Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled. Fix a problem which allowed a malicious TFTP client to crash dnsmasq. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2008-7147

CVE-2008-7147 describes multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly versions before 4.2.3. The issues allow remote attackers to inject arbitrary web script or HTML via (1) outline and (2) course parameters to library/description_link.cfm...

dnsmasq -- TFTP server remote code injection vulnerability

Simon Kelley reports: Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled. Fix a problem which allowed a malicious TFTP client to crash dnsmasq...

Code injection

NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service client crash via a crafted login response that triggers a divide-by-zero error...

BaBB 2.8 - Remote Code Injection

BaBB 2.8 - Remote Code Injection !usr/bin/python BaBB 2.8 Full Code Injection Exploit AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

BaBB 2.8 Remote Code Injection Exploit

No description provided by source. !usr/bin/python BaBB 2.8 Full Code Injection Exploit AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

BaBB 2.8 Remote Code Injection Exploit

Exploit for unknown platform in category web applications ====================================== BaBB 2.8 Remote Code Injection Exploit ====================================== !usr/bin/python BaBB 2.8 Full Code Injection Exploit Download :...

BaBB 2.8 - Remote Code Injection

!usr/bin/python BaBB 2.8 Full Code Injection Exploit AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr Download :...

Ignition 1.2 (comment) Remote Code Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Ignition 1.2 comment Remote Code Injection Vulnerability ========================================================== Ignition Remote Code Execution AUTHOR : Sina Yazdanmehr R3d.W0rm...

Ignition 1.2 (comment) Remote Code Injection Vulnerability

No description provided by source. Ignition Remote Code Execution AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr Download :...