6604 matches found
PhpWind 防盗链插件Showpic.php本地读文件漏洞
showpic.php str=$SERVER'QUERYSTRING'; $img=base64decode$str; $codelen=strlen$safeguard;//获取附加码长度 $img=substr$img,$codelen; //去掉附加码 readfile$img; 提交的参数经过base64编码后直接用readfile读文件,所以可以把路径base64编码后提交,以读出文件内容 PhpWind http://www.PhpWind.net http://bbs.xxx.com/showpic.php?ZGF0YS9zcWxfY29uZmlnLnBocA==...
Microsoft Exchange Base64 MIME消息远程代码执行漏洞(MS07-026)
Microsoft Exchange Server是一款企业级的邮件服务程序。 Microsoft Exchange Server处理特定的畸形编码数据时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Microsoft Exchange没有正确地解码base64编码的内容,如果用户向服务器发送了特制的base64编码的MIME邮件消息的话,就可能导致执行任意指令。 Microsoft Exchange Server 2007 Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1 Microsoft...
CVE-2007-0213
CVE-2007-0213 is a remote code execution vulnerability in Microsoft Exchange Server (2000 SP3, 2003 SP1/SP2, and 2007) caused by improper handling of base64-encoded MIME content. An attacker can exploit this by sending a crafted MIME email that triggers memory corruption/decoding issues, gaining ...
Immunity Canvas: GROUPWISE_WEBACCESS
Name| groupwisewebaccess ---|--- CVE| CVE-2007-2171 Exploit Pack| CANVAS Description| Novell GroupWise WebAccess Base64 Decoding Stack Overflow Notes| CVE Name: CVE-2007-2171 VENDOR: Novell VersionsAffected: Repeatability: References: http://www.zerodayinitiative.com/advisories/ZDI-07-015.html CV...
CVE-2007-2171
Stack-based buffer overflow in the base64decode function in GWINTER.exe in Novell GroupWise GW WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request...
Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow
The remote host is running a version of GroupWise WebAccess from Novell that is vulnerable to a stack overflow in the way it handles HTTP Basic Authentication. By sending a specially crafted request, an attacker can exploit this flaw to execute code on the remote host with administrative...
Novell Groupwise WebAccess buffer overflow
Stack buffer overflow stack overrun during TCP/7205 TCP/7211 HTTP basic authentication on base64 decoding...
ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-015.html April 18, 2007 -- CVE ID: CVE-2007-2171 -- Affected Vendor: Novell -- Affected Products: Groupwise WebAccess -- TippingPointTM IPS Customer Protection:...
Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the...
Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service
Mercur IMAPD 5.00.14 Windows x86 - Remote Denial of Service !/usr/bin/perl mercur-v1.pl Mercur v5.00.14 win32 remote exploit by mu-b - Dec 2006 - Tested on: Mercur v5.00.14 win32 use Getopt::Std; getopts't:n:', %arg; use Socket; use MIME::Base64; my $target; if defined$arg't' $target = $arg't' if...
Mandrake Linux Security Advisory : bind (MDKSA-2006:207)
The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem CVE-2006-4339. BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record...
Integer overflow
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via certain base64-encoded data on the pop3 port 110/tcp, which triggers an integer overflow...
Axigen 2.0.0b1 - Remote Denial of Service (1)
Axigen 2.0.0b1 - Remote Denial of Service 1 / doaxigen.c axigen 1.2.6 - 2.0.0b1 DoS x86-lnx by mu-b - Sat Oct 22 2006 - Tested on: AXIGEN 1.2.6 lnx AXIGEN 2.0.0b1 lnx 0x08088054: parsing error results in DoS little-endian, confirmed DoS + off-by-one heap smash big-endian Note: if you receive a...
PHP Subscriber远程密码泄露漏洞
PHP Subscriber是一款基于PHP的WEB应用程序。 PHP Subscriber不正确过滤用户提交的输入,远程攻击者可以利用漏洞获得密码敏感信息。 攻击者可以请求http://www.site.com/path/pwd.txt连接获得密码文件信息,然后使用BASE64解码密码信息。 PHP Subscriber 目前没有详细漏洞细节提供...
subscribe (pwd.txt) Remote Password Disclosur
subscribe pwd.txt Remote Password Disclosur D0rk = "Powered By PHP Subscriber" discovered by : ThE TiGeR 100 Exploit : http://www.site.com/path/pwd.txt or http://www.site.com/pwd.txt then crack the password with bass64 decode ,,the password is coded by base64 not hash Contact:[email protected]...
RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur
RANDOM PHP QUOTE 1.0 pwd.txt Remote Password Disclosur scrip : http://www.scriptsez.net/download/download.php?action=download&p=randomphpquote.zip&ns=1 discovered by : ThE TiGeR 100 Exploit : http://www.site.com/path/pwd.txt or http://www.site.com/pwd.txt then crack the password with bass64 decod...
Fedora Core 6 : mutt-1.4.2.2-3.fc6 (2006-1063)
Tue Oct 24 2006 Miroslav Lichvar 5:1.4.2.2-3 - fix insecure temp file creation on NFS 211085, CVE-2006-5297 - Thu Aug 3 2006 Miroslav Lichvar 5:1.4.2.2-2 - fix a SASL authentication bug 199591 - Mon Jul 17 2006 Miroslav Lichvar 5:1.4.2.2-1 - update to 1.4.2.2 - fix directories in manual.txt...
Kerio Winroute Firewall 5.10 users credentials leak
Application: Kerio Winroute Firewall 5.10 Vendor: Kerio Technologies Inc. Vendor Site: http://www.kerio.com Remote: Yes Exploitable: Yes Risk level: Critical if proxy requires authentication Authors: Alexander Antipov & 3APA3A aka Pig Killer Authors Sites: http://www.securitylab.ru...
PHP-Update <= 2.7 (admin/uploads.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl rgod u fucking little piece of shit faggot. way to ruin a private exploit, scumbag use strict; use IO::Socket; use MIME::Base64; use Getopt::Std; my $app = "PHP-Update 2.7"; my $type = "Remote Code Execution"; my $author = "undefined1"; my $date =...
PHP-Update <= 2.7 (admin/uploads.php) Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== PHP-Update = 2.7 admin/uploads.php Remote Code Execution Exploit =================================================================== !/usr/bin/perl rgod u fucking little...