Immunity Canvas: LOTUS_DOMINO_HTTP

Name| lotusdominohttp ---|--- CVE| CVE-2008-2240 Exploit Pack| CANVAS Description| Lotus Domino 8.0.0 HTTP Server - Accept-Language Overflow Notes| References: http://osvdb.org/show/osvdb/45415 CVE Name: CVE-2008-2240 VENDOR: IBM Notes: Repeatability: One-Shot Date public: 05/20/2008 CVE Url:...

Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

Overview Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains ...

tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

McAfee ePolicy Orchestrator FrameworkService.exe远程拒绝服务漏洞

BUGTRAQ ID: 28573 McAfee ePolicy Orchestrator（ePO）是一种业界领先的系统安全管理解决方案，能够帮助企业有效抵御各种恶意威胁和攻击。 ePO中所使用的McAfee框架服务（FrameworkService.exe）中存在安全漏洞，如果远程攻击者向该服务的默认8081/TCP端口发送了特制请求的话，就可能触发内存破坏，导致服务崩溃。 0 McAfee ePolicy Orchestrator 4.0 McAfee ePolicy Orchestrator 3.6.x McAfee CMA 3.6.0 McAfee ProtectionPilot...

Remotely Anywhere 'Accept-Charset'字符NULL指针拒绝服务漏洞

BUGTRAQ ID: 28175 CNCAN ID:CNCAN-2008031103 Remotely Anywhere是一款远程管理软件。 Remotely Anywhere不正确处理特殊构建的HTTP请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 提交包含非法Accept-Charset参数的HTTP请求，可导致NULL指针引用而导致应用程序崩溃，造成拒绝服务攻击。 RemotelyAnywhere RemotelyAnywhere Workstation Edition 8.0.668 RemotelyAnywhere RemotelyAnywhere Server...

Null pointer dereference

The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service crash via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted...

LulieBlog 1.0.1 - Remote Authentication Bypass

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz from spain download:...

LulieBlog 1.0.1 (delete id) Remote Admin Bypass Vulnerability

Exploit for unknown platform in category web applications ============================================================= LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability =============================================================...

LulieBlog 1.0.1 - Remote Authentication Bypass

LulieBlog 1.0.1 - Remote Authentication Bypass -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de,...

windows/XP-sp1 portshell on port 58821 116 bytes

No description provided by source. / 116 bytes bindcode hardcoded for Windows XP SP1 / / but you can change the address if you want / / i made it pretty clear where they are / / the bindcode will bind to port 58821 / / by silicon / [email protected] / / greetz to dtors.net : include stdio.h inclu...

dlink.txt

!/bin/bash Coded Bt Ph3mt Of K-Security Team This Code is private, pls do not redistribute Release Date 25/11/2007 Code function dow echo 'POST /cgi-bin/firmwarecfg HTTP/1.1' richiesta echo 'Host: $IP' richiesta echo 'User-Agent: veryprivateacsor' richiesta echo 'Accept:...

PYSEC-2007-1

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

CVE-2007-5712

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

CVE-2007-5712

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

DEBIAN-CVE-2007-5712

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

CVE-2007-5712

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

FreeBSD : py-django -- denial of service vulnerability (d2c2952d-85a1-11dc-bfff-003048705d5a)

Django project reports : A per-process cache used by Django's internationalization 'i18n' system to store the results of translation lookups for particular values of the HTTP Accept-Language header used the full value of that header as a key. An attacker could take advantage of this by sending...

py-django -- denial of service vulnerability

Django project reports: A per-process cache used by Django's internationalization "i18n" system to store the results of translation lookups for particular values of the HTTP Accept-Language header used the full value of that header as a key. An attacker could take advantage of this by sending...

OS X Write and Execute Binary, Bind TCP Stager

Spawn a command shell staged. Listen for a connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- OSX bind TCP stager. module MetasploitModule CachedSize = 248 include Msf::Payload::Stager def...

tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...