SMTP settings

This plugin sets various SMTP parameters because several checks need to use a third-party host/domain name in order to work properly. The checks that rely on this are SMTP or DNS relay checks. By default, 'example.edu' is being used for this purpose. However, under some circumstances, this may le...

Problems with various windows FTP servers

Hi, I am just writing a small set of perl scripts, to test server implementations of different protocols agains common problems i.e. Buffer overflow and format strings.. . The first script is against FTP servers, and just stupidly sends stuff to a server, verifies if the server crashes and if it...

NFuse Cross Site Scripting vulnerability

Hi, NFuse provides several jsp or asp pages to make a portal. In one this page launch.jsp or launch.asp it's possible to use the method getLastError of the TemplateParser object in fact this method is inherited from the WebPNObject object. The CSS problem comes from the getLastError method. It do...

Cobalt cube3 css

Try either of the following URLs against your RAQ3 http://host/nav/cList.php?root=/scripth1www.snosoft.com rocks/h1 http://host/nav/cList.php?root=/scriptscriptalert'Snosoft Rocks'/script You will see your code followed by this chunk of java code that was trying to run. "; // get tab configuratio...

Ximian Mozilla: The 2618 Bug

NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't make it since this doesn't seem to affect a redhat itself, it affects the mozilla packages distrbuted by Ximian: The test system look like: bash rpm -qa | grep mozilla mozilla-0.9.8-1.ximian.2 mozilla-mail-0.9.8-1.ximian.2...

fingerd-cgi.txt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++GOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++ ALERT! ALERT! BERKELEY FINGER VULNERABILITY! ALERT! ALERT! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This is NOT...

Progress Database vulnerabilities

strcpy and pstcopy dbutpstcopy are BAD!@@!$! you need to make use of strncpy or invent pstncopy This is straight from the unix man pages for strcpy NAME strcpy, strncpy - copy a string SYNOPSIS include string.h char strcpychar dest, const char src; BUGS If the destination string of a strcpy is no...

majordomo.1.94.4.txt

Hi, I found something to discuss, this time involving majordomo. This was tested on a Slackware linux 8.0 kernel 2.4.8; majordomo version 1.94.4, I also tested the other versions and all default installs had the same problem, note that the versions 1.94.1 an 1.94.2 should NOT be used anymore, tho...

MiM Simultaneous close attack

Доброе время суток Учёный Кот! Глядя на убогий эксплоит mimsc.exe решили написать нечто похожее, коментарий одного из автора проекта: ---------------------------------------------------------------------------------------------- Данный эксплоит написан в поддержку security advisory MiM Simultaneo...

FW-1 RDP Vulnerability Proof of Concept Code

As announced earlier this week, we hereby post the proof of concept code for the FireWall-1 RDP Bypass Vulnerability. We think it doesn't make sense to withhold it any longer for the following reasons. 1. This is no "Script-Kiddie" exploit, it will not provide anyone with a means to instantly bre...

cue.sh

!/usr/bin/ksh THIS IS A DANGEROUS SCRIPT !!! READ THE CODE PRIOR TO ./! This is just a proof of concept. Don't use for malicious purpose. If ever you decide to run that script, please read the code carefully before! Emilie Chang, 2001. Dedicated to Scriptors of Doom and HERT people. Good job...

Advisory for Vdns

Advisory for VdnsServer VdnsServer is sold by ZFC and Hughestech Site: http://www.zfc.com | www.hughesnet.net by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0121 /-|=explanation=|- Virtual DNS Vdns allows users with DSL & ADSL type connections to run their own web serve...

Advisory for Spynet Chat

Advisory for Spynet Chat Spynet Chat is made by Spytech Site: http://www.spytech-web.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0120 /-|=explanation=|- Spynet Chat is a chat server. It suffers from a denial of service. /-|=who is vulnerable=|- Spynet Chat 6.5 ha...

Advisory for Electrocomm 2.0

Advisory for Electrocomm Electrocomm is made by Electrosoft Site: http://www.esei.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0118 /-|=explanation=|- ElectroComm allows you to connect to a comm port on a computer over a network using any Telnet client. The progra...

Advisory for Netcruiser

Advisory for NetCruiser 0.1.2.8 Netcruiser is made by Netcuiser Software Site: http://www.netcruiser-software.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0110 /-|=explanation=|- Netcruiser is a webserver. It has a simple path revealance bug. /-|=who is...

Advisory for perl webserver

Advisory for Perl Web Server Site: http://perlwebserver.sourceforge.net by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0113 /-|=explanation=|- Perl Web Server has a simple dot dot bug bug. /-|=who is vulnerable=|- Tested to be vulnerable to the hex-encoded dot dot bug...

Advisory for Xitami 2.4d7, 2.5d4

Advisory for Xitami 2.4d7, 2.5d4 Xitami is made by Imatix. Site: http://xitami.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0105 /-|=explanation=|- Xitami is a webserver. It has a denial of service. /-|=who is vulnerable=|- Anyone running Xitami 2.5d4, 2.4d7 and...

Advisory for GoAhead Webserver v2.1

Advisory for GoAhead Webserver v2.1 GoAhead Webserver is made by GoAhead. Site: http://www.goahead.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0104 /-|=explanation=|- GoAhead is well, a webserver. It has a denial of service. /-|=who is vulnerable=|- Anyone runnin...

Savant 3.0 Denial Of Service

Not exactly sure what the problem is because it will handle the same request from a program that does the same thing. "Time is a factor" so pay attention man ;P Connect to the server using telnet or somthing and type in the following: GET / HTTP/1.1 Host:AAAAAAAAAAAAAAAAAAAA..... Where A x 260, h...

Cisco PIX Security Notes

Cisco PIX Notes -- Introduction This is a simples paper on which i wrote down some note about "Cisco PIX Firewall" so it isn't well organized or talk specifically about a vulnerability . All test it's about THE latest pix release on this pix: Cisco Secure PIX Firewall Version 5.31 Hardware: SE442...