boastmachine-session.txt

Vagrant - E-hack.org 05.22.2007 BoastMachine v3.0 platinum - Session Ýd Hacking After the login into the site which alllows new user registration. Site user's data which is entered to change the topic, can be changed by another user, and that is a security hole because of ID interchangeability in...

Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit

Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ Advisory Name: Microsoft IIS Remote Denial of Service DoS .DLL Url exploit Release Date: 16. Desember 2005 Vulnerable: Microsoft® Internet Information Server® V5.1 Not vulnerable: Microsoft®...

pwnzilla.txt

/ SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all. FireFox optimized iSY iS; .sS Exploit for IDN host name heap buffer overrun in .SSSSSSS .sS Mozilla browsers FireFox, Mozilla and Netscape iS; .sS Copyright C 2003-2005 by Berend-Jan Wever. .SS sSSSSSSP Official release:...

SaveWebPortal 3.4 - Unauthorized Access

source: https://www.securityfocus.com/bid/14639/info SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts. An attacker may leverage this issue to execute arbitrary server-side script code on an...

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

phpbb 2.0.11 bug

PHPBB 2.0.11 is vulnable to a path disclosure.All you need is a valid topic and for highlight put .Here is a sample: http://www.site.com/forum/viewtopic.php?t=2&highlight= Here is the messege you will get: Warning: Compilation failed: missing at offset 7 in c:appservwwwforumviewtopic.php1109 :...

CVE-2004-1150

Stack-based buffer overflow in the incdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long 1 device name or 2 sound track number, as demonstrated with a .m3u or .pls playlist file...

CVE-2004-1512

Cross-site scripting XSS vulnerability in Responsedefault.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page...

RHEL 2.1 / 3 : libxml (RHSA-2004:650)

An updated libxml package that fixes multiple buffer overflows is now available. Updated 24 May 2005 Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.1...

CVE-2004-0550

Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." period characters...

Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents itself when an attacker sends a...

CuteFTP < 5.0.2.0 Multiple Vulnerabilities

CuteFTP, an FTP client, is installed on the remote Windows host. The version of CuteFTP on the remote host reportedly is affected by a buffer overflow that may be exploited by an attacker to execute arbitrary commands, subject to the privileges of the current user. To exploit this issue, an...

Opera 7.10 - Permanent Denial of Service

Opera 7.10 - Permanent Denial of Service source: https://www.securityfocus.com/bid/7430/info Allegedly, a vulnerability exists in Opera 7.10 that may result in a denial of service. The problem reportedly occurs when processing a 'news:' URL of excessive length. It has been reported that this issu...

Vulnerability in WebCollection Plus &#40;TM&#41;

These vulnerabilities were found / tested on: WebCollection Plus TM Copyright 2001 Follett Software Company Version 5.00 Revision 12-01-A Dec 19 2001 Program protects from reading other non-webserver accessible files by checking for a : or excessive .'s in a string. If the URL has a / at the...

CVE-2002-2369

Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL...

DB4Web 3.43.6 - Connection Proxy

DB4Web 3.43.6 - Connection Proxy source: https://www.securityfocus.com/bid/5725/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. B...

NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link,...

Cookie protection bypass in Mozilla

It's possible to obtain cookie by spoofing valid hostname in javascript: URL. For example f.location = "javascript://www.google.com/n"+ "'body onload=alertdocument.cookie'";...

CVE-2002-0275

Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / slash in the requested URL...

ATPhttpd 0.4 DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ATPhttpd 0.4 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 13, 2001 Product / Vendor: ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is ideal for serving lots of static content, especially where disk I/O is...