Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/8251/info Novell Netware Enterprise Web Server cgi2perl.nlm has been reported prone to a buffer overflow vulnerability. The issue presents itself, likely due to insufficient bounds checking performed on user-supplied data. It has been reported that a remo...

CVE-2003-0386

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

CVE-2003-0237

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack...

XMB 1.8 Partagium SQL Injection Bug

Binary Bugs Advisory BB-2003-1 XMB SQL injection - Product: XMB 1.8 Partagium Final Vendor: http://www.xmbforum.com Versions affected: 1.8, possibly others Impact: SQL injection vulnerability Risk: Medium/High Vendor status: Notified/New version available Release date: April 22, 2003 I. Overview...

MPCSoftWeb 1.0 - Database Disclosure

MPCSoftWeb 1.0 - Database Disclosure source: https://www.securityfocus.com/bid/7390/info MPCSoftWeb does not sufficiently secure the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as administrative credentials for the...

PHPay 2.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for a remote attacker to create a...

CVE-2001-0724

Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of...

Siteframe 2.2.4 - search.php Cross-Site Scripting Vulnerability

Siteframe 2.2.4 search.php Cross Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/7140/info It has been reported that Siteframe does not sufficiently filter user supplied URI parameters on Siteframe pages. As a result of this deficiency, it i...

Microsoft IIS fpcount.exe CGI Remote Overflow

Nessus detected the 'fpcount.exe' CGI on the remote web server. Some versions of this CGI have a remote buffer overflow vulnerability. A remote attacker could exploit it to crash the web server, or possibly execute arbitrary code. Nessus did not actually check for this flaw, but solely relied on...

FormMail-Clone - Cross-Site Scripting

FormMail-Clone - Cross-Site Scripting source: https://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious...

CVE-2002-2109

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTPREFERER check and conduct unauthorized activities via 1 a blank referer, 2 a spoofed referer with a trusted domain/URL after the beginning of the referer, or 3 a spoofed referer with a trusted domain/URL in the beginni...

CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users...

Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client

Overview IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of tags embedded in the web logs when viewed through the administration client. Description Requests made to web servers are routinely logged by the web serve...

YaBB 1 Gold SP 1 - YaBB.pl Cross-Site Scripting

YaBB 1 Gold SP 1 - YaBB.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/6272/info A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts. As a result, it is possible for a...

MS02-052: Flaw in Microsoft VM Could Allow Code Execution (810030)

The remote host is running a Microsoft VM machine that has a bug in its bytecode verifier that could allow a remote attacker to execute arbitrary code on this host, with the privileges of the SYSTEM. To exploit this vulnerability, an attacker would need to send a malformed applet to a user on thi...

BizDesign ImageFolio 2.x3.0.1 - nph-build.cgi Cross-Site Scripting

BizDesign ImageFolio 2.x3.0.1 - nph-build.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/6265/info Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included...

vBulletin 2.0/2.2.x - 'memberlist.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6226/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser o...

vBulletin 2.02.2.x - Cross-Site Scripting

vBulletin 2.02.2.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/5997/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link containing script co...

Important: Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library

Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. Updated BIND packages are now available to fix this issue. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

[ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A12 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : phpReactor Cross Site Scripti...