2294 matches found
Design/Logic Flaw
The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...
CVE-2 0 1 4-1 8 0 6 . NET Remoting Services vulnerability analysis-vulnerability warning-the black bar safety net
0x00 description Microsoft . NET Remoting is a distributed processing manner, there is provided a method that allows the object by the application domain with the other objects to interact with the framework. A few days ago James Forshaw posted a CVE-2 0 1 4-1 8 0 6 . NET Remoting Services exploi...
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server PoC GET /cmdownloads/?CMDsearch=".phpinfo." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:33....
USN-2403-1: GnuTLS vulnerability
Sean Burford discovered that GnuTLS incorrectly handled printing certain elliptic curve parameters. A malicious remote server or client could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-2399-1: curl vulnerability
Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPTCOPYPOSTFIELDS and curleasyduphandle. This may result in sensitive data being incorrectly sent to the remote server...
USN-2399-1 curl vulnerability
Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPTCOPYPOSTFIELDS and curleasyduphandle. This may result in sensitive data being incorrectly sent to the remote server...
Authorization
Requests aka python-requests before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request...
How to use Windows Management Instrumentation (WMI) Tester [WBEMTest] to Test WMI Connectivity
Purpose This article documents how to use Windows Management Instrumentation WMI Tester WBEMTest to test connectivity, which can assist in troubleshooting and isolating WMI-related issues with Veeam products. Solution Opening Windows Management Instrumentation WMI Tester 1. Open a Run prompt Win+...
CVE-2014-6060
The getoption function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHOOPTIONSOVERLOADED option in the 1 bootfile or 2 servername section, which triggers the option to be processed again...
Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud
The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...
CVE-2014-4501
Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the 1 extractsockaddr or 2 parsereconnect functions in util.c...
Heap overflow
Multiple heap-based buffer overflows in the parsenotify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a 1 large or 2 negative value in the Extranonc2size parameter in a mining.subscribe response and a...
AWStats (6.0-6.2) configdir Remote Command Execution Exploit (perl code)
No description provided by source. !/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for...
cURL 6.1 - 7.4 - Remote Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1804/info Curl is an open-source utility for sending or receiving files using URL syntax. A vulnerability exists in the version of curl included with Debian GNU/Linux 2.2 and FreeBSD prior to 4.2 release. Note that cURL...
PHPBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for...
Poll It CGI 2.0 - exploit
No description provided by source. !/usr/bin/perl Poll It CGI v2.0 exploit keelis/havoc korp 2000 shouts to modjo, p, zen, kd, ab, all the script kiddies. keelisathushmaildotcom use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print\n\t+--- Poll It CGI v2.0 exploit ---+; print\n\t+---...
W-Agora 4.1.x Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4977/info W-Agora is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. In particular, the 'incdir' variable found in a number of the W-Agora scripts defines the path to t...
D-Forum 1 footer Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some...
LieroX <= 0.62b Remote Server/Client Denial of Service Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include stdarg.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h /...
Opera 6.0.1,MS IE 5/6 JavaScript Modifier Keypress Event Subversion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences...