EUVD-2001-1229

Malware in sbrugna...

Microsoft IIS4 Exair Sample Site Denial Of Service (CVE-1999-0449)

Microsoft Internet Information Services IIS is a multi-featured server product that ships with all versions of Microsoft Windows 2000, XP and Server 2003. The product provides FTP, SMTP, NNTP and HTTP services. The HTTP component, known as the WWW Publishing Service, allows for the serving of...

Youngzsoft CMailServer CMailCOM ActiveX Control Buffer Overflow

Youngzsoft CMailServer is a mail server and web mail server software, aimed for small to medium size companies. CMailServer enables sending and receiving emails over the Internet or within the LAN and has support for client email applications such as Outlook, Eudora etc. Also, it supports...

AW BannerAd (Auth Bypass) SQL Injection Vulnerability

No description provided by source. AW-BannerAd Login ByPass By JxE-13 Ro0T-MaFia Sistema : AW-BannerAd,Asp Scripts Archivo : adv/admin/index.asp User&Pass:' or 'x'='x :' or 'x'='x...

AW BannerAd - Authentication Bypass

AW BannerAd - Authentication Bypass AW-BannerAd Login ByPass By JxE-13 Ro0T-MaFia Sistema : AW-BannerAd,Asp Scripts Archivo : adv/admin/index.asp User&Pass:' or 'x'='x :' or 'x'='x milw0rm.com 2009-08-03...

cmailserver-seh.txt

0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth but you can have a user account by simply browsing t...

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...

Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass

The remote host is running WSFTP Server Manager, also known as WSFTP WebService, a web-based administration tool included, for example, with Ipswitch WSFTP Server. The version of WSFTP Server Manager installed on the remote host allows an attacker by bypass authentication and gain access to ASP...

CVE-2007-6495

incnewuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named 1 db, 2 www, 3 Special, and 4 log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to...

SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express

SEC Consult Security Advisory 20070509-0 ======================================================================= title: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express Information / Source Code Disclosure, Cross Site Scripting, Denial of Service program: Nokia...

CVE-2004-1261

Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts...

MS00-019: Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure (uncredentialed check)

It is possible to get the source code of the remote ASP scripts which are hosted on a mapped network share by appending '%5c' to the end of the request. ASP source code usually contains sensitive information such as logins and passwords. %NASLMINLEVEL 70300 [email protected] http://libpcap.net See...

CVE-2001-1248

CVE-2001-1248 affects vWebServer 1.2.0, enabling remote attackers to view arbitrary ASP scripts by requesting an ASP file that ends with a URL-encoded space (%20). The issue is classified as a information-disclosure vulnerability (CVSSv2 base score 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N); no exploit spe...

Обратный путь в директориях aspapload (directory traversal)

Обратный путь в директориях в демонстрационных ASP-скриптах...

CVE-2001-1248

vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character %20...