Zeus Admin vs_diag.cgi XSS

The remote host is running the Zeus WebServer. There is a vulnerability in the CGI 'vsdiag.cgi' that may allow an attacker to gain administrative access on that server. To exploit this flaw, the attacker would need to lure the administrator of this server to click on a rogue link. %NASLMINLEVEL...

AIX 4.35.1 - diagrpt Arbitrary Privileged Program Execution

AIX 4.35.1 - diagrpt Arbitrary Privileged Program Execution source: https://www.securityfocus.com/bid/2916/info AIX ships with a diagnostic reporting utility called 'diagrpt'. This utility is installed setuid root by default. When 'diagrpt' executes, it relies on an environment variable to locate...

IISProtect 2.1/2.2 - Authentication Bypass

source: https://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...

PHP-Proxima - autohtml.php Information Disclosure

PHP-Proxima - autohtml.php Information Disclosure source: https://www.securityfocus.com/bid/7598/info A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before includin...

Phorum 3.4.x - Message Form HTML Injection

Phorum 3.4.x - Message Form HTML Injection source: https://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. It has been reported that it is possible to inject HTML or script code into the subject and other fields of a...

ttcms and ttforum exploits

hope this is the right place to send this exploit info, I found three diffrent exploits for a forum software / cms software: ------------------------------------------------------------------------------------------------------------------------------------------------ Affected Product: ttCMS or...

Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass

source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be...

HappyMall E-Commerce Software 4.3/4.4 - 'Member_HTML.cgi' Command Execution

source: https://www.securityfocus.com/bid/7530/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the memberhtml.cgi script. This could lead to attacks against system resources. HappyMall explo vulnerabl...

Leksbot 1.2 - Multiple Vulnerabilities

Leksbot 1.2 - Multiple Vulnerabilities / source: https://www.securityfocus.com/bid/7505/info Multiple vulnerabilities have been reported for Leksbot. The precise nature of these vulnerabilities are currently unknown however, exploitation of this issue may result in an attacker obtaining elevated...

Xinetd 2.1.x2.3.x - Rejected Connection Memory Leakage Denial of Service

Xinetd 2.1.x2.3.x - Rejected Connection Memory Leakage Denial of Service source: https://www.securityfocus.com/bid/7382/info A denial of service vulnerability has been reported for Xinetd. The vulnerability exists due to memory leaks occuring when connections are rejected. Numerous, repeated...

Winamp < 3.0b Multiple File Handling DoS

The remote host is using Winamp3, a popular media player which handles many files format mp3, wavs and more... This version suffers from multiple buffer overflow and denial of service issues that can be triggered by specially crafted b4s files. To perform an attack, the attack would have to send ...

Poptop < 1.1.3-b3 and 1.1.3-20030409 Negative Read Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Netgear FM114P ProSafe Wireless Router - Rule Bypass

source: https://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a...

Edikon Release 0.6 of PHPShop

Product : Edikon Release 0.6 of PHPShop Version : 0.6.1 WebSite : http://www.phpshop.org Problem : Viewing dbase information Description: ------------ eng In phpShop we can get access to a database of the server as the file of a configuration is accessible to each user. As we can find out a full...

Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access

Kebi Academy, a Korean web application, fails to sanitize user input to the 'file' parameter to the 'home' script of directory traversal sequences. A remote attacker can leverage this issue to read arbitrary files or even upload arbitrary code to the affected host, to be executed subject to the...

Platform Load Sharing Facility 45 - LSF_ENVDIR Local Command Execution

Platform Load Sharing Facility 45 - LSFENVDIR Local Command Execution source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated...

Outblaze Webmail - Cookie Authentication Bypass

// source: https://www.securityfocus.com/bid/7115/info Outblaze web mail service has been reported prone to an authentication cookie spoofing vulnerability. This issue may allow a malicious attacker to bypass the cookie-based authentication mechanisms used by the affected Outblaze web mail server...

RSA ClearTrust ct_logon.asp Multiple Parameter XSS

The remote ClearTrust server is vulnerable to a cross-site scripting attack that can be exploited using specially crafted calls to its 'ctlogon.asp' or 'ctlogon.jsp' scripts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: Fri, 14 Mar 2003 18:42:02 -0800 To: [email protected]...

MySQL datadir/my.cnf Modification Privilege Escalation

The remote version of MySQL is older than 3.23.56. Such versions are affected by an issue that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a 'DATADIR/my.cnf' that includes the line 'user=root' under the 'mysqld' option...

Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow

Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow // source: https://www.securityfocus.com/bid/7102/info The Microsoft Windows 2000 Help facility does not perform sufficient bounds checking on .cnt files. If a .cnt file containing an unusually long :Link URI was opened...