8100 matches found
DEBIAN-CVE-2005-0096
Memory leak in the NTLM fakeauthauth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service memory consumption...
security flaw
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges...
RIP Router Version 2 Detection
Binary data 1155.prm...
NTP Server Protocol Version 2 Detection
Binary data 1151.prm...
GoScript Remote Command Execution
GoScript Remote Command Execution Version verified: 2.0 Author: Pete Stein http://www.slack.net/pete/perl GoScript v2.0 allow remote commando execution as we can see below: http://www.server.com/go.cgi?|id| http://www.server.com/go.cgi?artarchive=|id| May be possible another methods of attack!...
goscript20.txt
GoScript Remote Command Execution Version verified: 2.0 Author: Pete Stein http://www.slack.net/pete/perl GoScript v2.0 allow remote commando execution as we can see below: http://www.server.com/go.cgi?|id| http://www.server.com/go.cgi?artarchive=|id| May be possible another methods of attack!...
[Full-Disclosure] XSS in Board Power forum
Programm: Board Power forum v2.04 PF Autor: Ivan Zhdanov CRITICAL: Low Exploit: http://target/cgi-bin/boardpower/icq.cgi?action=scriptjavascript:alert 'hello';/script URL: http://www.thewebmasterforums.com ...... Maxpatrol - Professional Network Security Scanner www.maxpatrol.com. Full-Disclosure...
DEBIAN-CVE-2004-2027
Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service crash via a long Basic Authorization header that triggers an out-of-bounds read...
SA-20031006 slocate vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ====================================================================== Security advisory 20031006 - ---------------------------------------------------------------------- Product: slocate Vulnerability type: buffer overflow corrupt heap Extended type:...
pMachine.txt
Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if registerglobals is ON OR OFF. /pm/lib.inc.php : ------------------------------------------------------------...
Poster version.two index.php Account Manipulation Privilege Escalation
The remote host is running 'poster version.two' a news posting system written in PHP. There is a flaw in this version that allows new users to enter a specially crafted name that could allow them to gain administrative privileges on this installation. %NASLMINLEVEL 70300 C Tenable Network Securit...
hwdeGUEST
Product : hwdeGUEST Version : 2.0 WebSite : http://hwde.de Problem : Admin access rus Description: ------------ var.dat: ======== ... //Your username $benutzername="hwde"; //Your password $benutzerpasswort="SOFT"; ... ========= Exploit: -------- http://somehost/guestbook/var.dat Contacts: -------...
osCommerce 2.12.2 - Checkout_Payment.php Error Output Cross-Site Scripting
osCommerce 2.12.2 - CheckoutPayment.php Error Output Cross-Site Scripting source: https://www.securityfocus.com/bid/7155/info Error output is not sufficiently sanitized of HTML and script code by osCommerce. This may allow for cross-site scripting attacks as remote users could create a malicious...
DEBIAN-CVE-2002-1747
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB...
DEBIAN-CVE-2002-0916
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call...
PT-2001-1854 · Microsoft · Internet Explorer +2
Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 6 and earlier Description: The issue allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later...
Squid doesn't quote urls in error messages.
Hi, I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages. For example if a user visits the following url http://www.dotcom.com/ btest/b The user will get an invalid url page with test in bold. Or even more fun with: http://www.somecompany.com/img...
cabletron.ssr.dos.txt
Bindview Security Advisory -------- Cabletron SmartSwitch Router 8000 Firmware v2.x Issue date: November 24, 1999 Contact: Scott Blake Topic: Denial of Service Vulnerability in Cabletron's SmartSwitch Router SSR Overview: Cabletron's SSR is a Layers 2-4 routing and switching device with one of th...
CVE-1999-1549
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands...
kernel_hide.txt
Subject: EuroHaCk stealth-code fwd To: [email protected] ---------- Forwarded message ---------- Date: Wed, 18 Aug 1999 18:56:09 +0200 From: Martin Markovitz Reply-To: [email protected] To: [email protected] Subject: EuroHaCk stealth-code hi, don't think that hiding modules is an...