LCDProc 0.4 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1131/info A vulnerability exists in the server portion of version 0.4 of the LCDProc package. Several remote buffer overflows exist that could allow a remote attacker to corrupt memory and execute arbitrary code. As liste...

Linux Kernel <= 2.4.23, <= 2.6.0 - "do_mremap" Local Proof of Concept (2)

No description provided by source. / Proof of concept code for testing domremap Linux kernel bug. It is based on the code by Christophe Devine and Julien Tinnes posted on Bugtraq mailing list on 5 Jan 2004 but it's safer since it avoids any kernel data corruption. The following test was done...

Opera 7.0/7.10 JavaScript Console Single Quote Attribute Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (7)

No description provided by source. !/usr/bin/perl IIS 4.0/5.0 Unicode Exploit Checks for each script that has been posted on the BugTraq Lis Shouts to bighawkthats for help, datagram, Ghost Rider, The Duke, p4, kript0n and others Since It Uses fork, you gotta keep up with whats happening. Or Just...

Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1193/info Requesting a known filename with the extension replaced with .htr preceeded by approximately 230 %20 which is an escaped character that represents a space from Microsoft IIS 4.0/5.0 will cause the server to...

Oracle e-Business Suite - Multiple Vulnerabilities

No description provided by source. Oracle E-Business Suite is prone to multiple authentication-bypass and HTML-injection vulnerabilities. Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security restrictions...

Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when a specially formatted HCP URI th...

Linux Kernel 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 - Pipe.c Privelege Escalation

No description provided by source. This is a PoC based off the PoC release by Earl Chew Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability PoC by Matthew Bergin Bugtraq ID: 36901 import os import time import random infinite loop while i == 0: os.systemsleep 1 while x == 0:...

TestLink Test Management and Execution System - Multiple XSS and Injection Vulnerabilities

No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities in TestLink...

QuiXplorer 2.3 - Bugtraq File Upload Vulnerability

No description provided by source. Exploit Title: QuiXplorer 2.3 = Bugtraq File Upload Vulnerability Google Dork: QuiXplorer 2.3 - the QuiX project Date: 13/11/2011 Author: PCA & krhrkrhr and Software Link: http://quixplorer.sourceforge.net/ Version: QuiXplorer 2.3 Tested on: linux ,windows CVE :...

PostNuke Module v4bJournal - Remote SQL Injection Vulnerability

No description provided by source. ---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir Greetz F...

FCKeditor 'print_textinputs_var()' Multiple XSS Vulnerabilities

FCKeditor is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Lotus Domino Server 5.0.x Directory Traversal Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2173/info It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known...

Western Digital My Net Wireless Routers - Password Disclosure

No description provided by source. Vulnerable Systems: Western Digital My Net Series Wireless Routers: N600 Firmware 1.03.12 N600 Firmware 1.04.16 N750 Firmware 1.03.12 N750 Firmware 1.04.16 N900 Firmware 1.05.12 N900 Firmware 1.06.18 N900 Firmware 1.06.28 N900C Firmware 1.05.12 N900C Firmware...

Squid 2.4.1 - Remote Buffer Overflow Exploit

No description provided by source. / 7350squish - x86/linux squid remote exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties,...

Fedora 19 : sos-3.1-1.fc19 (2014-7490)

Updated sos packages that fix a number of bugs and add several enhancements are now available. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...

Fedora 19 : python-jinja2-2.6-7.fc19 (2014-7399)

Add patch to fix CVE-2014-1402. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 20 : kernel-3.14.8-200.fc20 (2014-7430)

The 3.14.8 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)

The following security issue was fixed in ruby19 : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-940. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : couchdb (openSUSE-SU-2014:0526-1)

This couchdb update fixes one security issue : - bnc871111: Fixed remote denial of service via /uuids that allowed remote attackers to cause CPU and memory consumption. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...