[INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS

INFIGO IS Security Advisory ADV-2008-01-06 http://www.infigo.hr/en/ Title: McAfee E-Business Server Remote Preauth Code Execution / DoS Advisory ID: INFIGO-2008-01-06 Date: 2008-01-09 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-01-06 Impact: Remote code execution Risk...

CVE-2007-5952

Cross-site scripting XSS vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-5466

Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to 1 have an unknown impact by sending multiple long strings to the IMAP port 143/tcp; 2 execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; 3 execut...

eXtremail 2.1.1 - 'LOGIN' Remote Stack Overflow

/ extremail-v4.c Copyright c 2006 by eXtremail include include include include include define BUFSIZE 8192 define NOP 0x41 define PAD 0 / do you feel lucky? / define DEFPORT 4501 define PORTADMIN DEFPORT define PORTSHELL 4444 static const char bndshelllnx =...

eXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit

No description provided by source. / extremail-v4.c Copyright c 2006 by [email protected] eXtremail =2.1.1 remote root exploit x86-lnx by mu-b - Sun Oct 08 2006 - Tested on: eXtremail 2.1.1 lnx Overflow in LOGIN command of admin interface. ...

eXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit

Exploit for linux platform in category remote exploits ======================================================== eXtremail eXtremail include include include include include define BUFSIZE 8192 define NOP 0x41 define PAD 0 / do you feel lucky? / define DEFPORT 4501 define PORTADMIN DEFPORT define...

eXtremail 2.1.1 - LOGIN Remote Stack Overflow

eXtremail 2.1.1 - LOGIN Remote Stack Overflow / extremail-v4.c Copyright c 2006 by eXtremail include include include include include define BUFSIZE 8192 define NOP 0x41 define PAD 0 / do you feel lucky? / define DEFPORT 4501 define PORTADMIN DEFPORT define PORTSHELL 4444 static const char...

MDPro 1.0.76 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage;...

MDPro 1.0.76 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================= MDPro 1.0.76 Remote SQL Injection Exploit ========================================= !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author =...

Design/Logic Flaw

SimpNews 2.41.03 allows remote attackers to obtain sensitive information via 1 an invalid lang parameter to admin/index.php; or a direct request to 2 admin/dbginfos.php, 3 admin/heading.php, or 4 evsearch.php; which reveals the path in various error messages...

SimpNews version 2.41.03 File Content Disclosure Vulnerability

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

simpnews24103-fdisclose.txt

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

SimpGB version 1.46.02 Information Disclosure Vulnerability

netVigilance Security Advisory 66 SimpGB version 1.46.02 Information Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...

simpnews24103-xss.txt

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

CVE-2007-4477

The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service administration interface outage via an HTTP request without a Host header...

CVE-2007-4239

Cross-site scripting XSS vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 21007062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter...

CVE-2007-4239

Cross-site scripting XSS vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 21007062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter...

CVE-2007-4239

The CVE-2007-4239 entry describes a Cross-site scripting (XSS) vulnerability in the admin interface of C‑SAM oneWallet 210_07062007;1.0, specifically in user/forgotPassStep2.jsp. The issue allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. The provided docum...

csam-xss.txt

A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null%22%3e%3cscript%3ealert%22XSS!%22%3c%2fscript%3e Sucessfully tested with Version...