jabberd SASL DoS

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

jabberd SASL DoS

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS

Exploit for unknown platform in category dos / poc ========================================================= Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS ========================================================= !/usr/bin/python Surgemail version 39e-1 - 0day Post Auth IMAP Buffer...

dovecot security and bug fix update

1.0.7-2 - LDAP+auth cache user login mixup CVE-2007-6598, 427575 - insecure mailextragroups option CVE-2008-1199, 436927 1.0.7-1 - update to latest upstream, fixes a few bugs 331441, 245249, plus two security vulnerabilities CVE-2007-2231, CVE-2007-4211 - increased default loginprocesssize to 64...

CVE-2008-2479

Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 kind parameter to fix/browse.php and the 2 account parameter to auth/00pass.php...

CVE-2008-2338

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin...

Code injection

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin...

CVE-2008-2338

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin...

Lulieblog 1.2 - Multiple Vulnerabilities

Lulieblog 1.2 - Multiple Vulnerabilities LulieBlog 1.2 Multiple Remote Vulnerabilities Admin Auth Bypass, Upload File, Blind SQL Injection Author: Cod3rZ Site: http://cod3rz.helloweb.eu Site: http://devilsnight.altervista.org Date: 06/05/2008 dd/mm/yyyy Admin Auth Bypass: Modify Articles: send a...

Lulieblog 1.2 - Multiple Vulnerabilities

LulieBlog 1.2 Multiple Remote Vulnerabilities Admin Auth Bypass, Upload File, Blind SQL Injection Author: Cod3rZ Site: http://cod3rz.helloweb.eu Site: http://devilsnight.altervista.org Date: 06/05/2008 dd/mm/yyyy Admin Auth Bypass: Modify Articles: send a request to site/Admin/articlemodif2.php...

[SECURITY] Fedora 9 Update: lighttpd-1.4.19-4.fc9

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

[SECURITY] Fedora 8 Update: lighttpd-1.4.19-4.fc8

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

phpTournois <= G4 Remote File Upload/Code Execution Exploit

No description provided by source. ?php / Name: phpTournois = G4 Remote File Upload/Code Execution Exploit Credits: Charles "real" F. charlesfolathotmail.fr Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we...

CVE-2008-0884

The Replace function in the capp-lspp-config script in the 1 lspp-eal4-config-ibm and 2 capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux RHEL 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable...

Linksys WRT54G Firmware 1.00.9 - Security Bypass (1)

regurgitated by: meathive url: kinqpinz.info ; Tue, 05 Feb 2008 07:51:41 -0700 CVE-2008-1247 WRT54G firmware version: v1.00.9 Default LAN IP: 192.168.1.1 Default auth: user:blank - pass:admin Authorization: Basic OmFkbWlu php print base64decode"OmFkbWlu"; :admin https://kinqpinz.info/lib/wrt54g/...

MailEnable Pro/Ent <= 3.13 (Fetch) post-auth Remote BOF Exploit

No description provided by source. !/usr/bin/perl ================================================================= MailEnable Professional = 3.13 "FETCH" post-auth buffer overflow ================================================================= Bind Shell POC Exploit for Win2K SP4 pro English...

NetWin Surgemail 3.8k4-4 IMAP post-auth Remote LIST Universal Exploit

No description provided by source. !/usr/bin/python NetWin Surgemail 0DAY IMAP POST AUTH Remote LIST Universal Exploit Discovered and coded by Matteo Memelli aka ryujin http://www.gray-world.net http://www.be4mind.com Affected Versions : Version 3.8k4-4 Windows Platform Tested on OS : Windows 200...

[SECURITY] Fedora 8 Update: lighttpd-1.4.18-6.fc8

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

[SECURITY] Fedora 7 Update: lighttpd-1.4.18-3.fc7

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

Xoops-2.0.16 Remote File Inclusion

In the Script Xoops-2.0.16 are Remote File Inclusion Bugs +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Script : xoops-2.0.16-Kararli Discovered By : F10 Contact : [email protected] WebSite : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy...