Cross site scripting

Cross-site scripting XSS vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header...

CVE-2014-8911

Cross-site scripting XSS vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header...

Mobile Vikings: Stored xss in user name (2) affected another user.

Again we have to users: A - attacker B - victim User A attacker has name - namealert1 and add auth to user B victim. User B receive a letter and get remider about new request on website. And open it https://mobilevikings.com/account/requests/ And probably press "Accept" and got xss fired. x:confi...

openssh: AcceptEnv environment restriction bypass flaw

It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions...

Cart Engine 3.0 - Multiple Vulnerabilities

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

Neon WebDAV Client Library 0.2x Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10136/info It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions...

IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow

No description provided by source. $Id: dominohttpacceptlanguage.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

phpLDAPadmin 0.9.4b DoS

No description provided by source. / Exploit Title: phpLDAPadmin 0.9.4b DoS Google Dork: phpLDAPadmin - 0.9.4b Date: 2011-10-23 Author: Alguien Software Link: http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin/0.9.4b/ Version: 0.9.4b Tested on: Red Hat CVE : - Compilation: ----------...

ARM Loader Port 0x1337

No description provided by source. / Title: arm-loader Brief: Bind port 0x1337 on any local interface, listen for a connection receive a payload, and pass execution to it Author: Daniel Godas-Lopez gmail account dgodas / / socdes = socketAFINET, SOCKSTREAM, IPPROTOTCP; / mov %r0, $2 / AFINET / mo...

SapporoWorks Black JumboDog 2.6.4/2.6.5 HTTP Proxy Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3858/info Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to an exploitable buffer overflow. The buffer overflow can be exploited by sending excessively long expires, if-modified-since, and LastModified strings...

97 bytes Linx x86 bind shell port 64533

No description provided by source. include stdio.h include string.h / 1 1 0 I'm Magnefikko member from Inj3ct0r Team & Promhyl Studies Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 by Magnefikko 05.07.2010 [email protected] Promhyl Studies ::...

BSD x86 portbind + fork shellcode (111 bytes)

No description provided by source. / -------------- FreeBSD/x86 - portbind shell + fork 111 bytes-------------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include stdio.h include string.h include arpa/inet.h char shellcode =...

WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload

Work The Flow plugin is prone to an arbitrary file upload vulnerability that submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php. Solution Edit the data from the control "acceptfiletypes"...

Localize: Server header - information disclosure

X-Powered-By: PleskLin HTTP/1.1 200 OK Date: Thu, 17 Apr 2014 19:52:33 GMT Server: Apache Pragma: no-cache Expires: Mon, 24 Mar 2008 00:00:00 GMT Cache-Control: no-cache X-Powered-By: PleskLin Vary: Accept-Encoding Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html;...

CVE-2013-1946

The CVE-2013-1946 entry affects Drupal’s RESTful Web Services (RESTWS) module for Drupal 7.x-1.x up to 7.x-1.3 and 7.x-2.x up to 7.x-2.0-alpha5. When page caching is enabled and anonymous users have RESTWS permissions, a GET request with an HTTP Accept header set to a non-HTML type can cause a de...

PT-2014-1796

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 OpenSSH version 5.3p1 Description The issue allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character in the AcceptEnv lines of the sshd config...

The browser cache is Vary broken

Jake, why are your blog posts always so depressing? -- Domenic Denicola @domenic Well, I wouldn't want to disappoint… TL;DR If you use "Vary" to negotiate content, the responses will fight for the same cache space. Additionally, IE ignores "max-age" and Safari is buggy. Content negotiation using...

[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...

Linux Command Shell, Bind TCP Random Port Inline

Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 51...

Squid Accept-Language Header DoS Vulnerability (SQUID-2013:1)

Squid is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...