XOR-iUser.txt

------=Part352119317884.1140054596440 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=...

xmameOverflow-ruby.txt

!/usr/bin/ruby One of the PoC code for xmame "-lang" options. Advisory is base on : http://kerneltrap.org/node/6055 by xwings at mysec dot org url : http://www.mysec.org , new website Tested on : Linux debian24 2.4.27-2-386 1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux gcc version 4.0.3 20060104...

NetBSD Security Advisory 2006-002: settimeofday() time wrap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2006-002 ================================= Topic: settimeofday time wrap Version: NetBSD-current: source prior to December 5, 2005 NetBSD 3.0: not affected NetBSD 2.1: affected NetBSD 2.0.3: affected NetBSD 1.6.2: affected...

CVE-2006-0083

Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...

Sumus 0.2.2 - HTTPd Remote Buffer Overflow

Sumus 0.2.2 - HTTPd Remote Buffer Overflow / sumusv0.2.2: httpd remote buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xsumus.c -o xsumus syntax: ./xsumus -pscrln -h host sumus homepage/url: http://sumus.sourceforge.net Mus is a Spanish cards game played by 4...

Invision Power Board (IP.Board) 1.x2.0.3 - SML Code Script Injection

Invision Power Board IP.Board 1.x2.0.3 - SML Code Script Injection source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included CVE-2004-0003. A local root vulnerability was discovered in the isofs component of the Linu...

DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities

Bulletin has no description...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

Gopherd 3.0.5 - FTP Gateway Remote Overflow

/ UMN gopherd2.x.x/3.x.x: remote "ftp gateway" buffer overflow. by: vade79/v9 v9 at fakehalo.deadpig.org fakehalo/realhalo three years since last audit, code is a little more secure. but, still found a few potentially exploitable situations. this exploits the "ftp gateway" feature of gopherd. the...

Linux Kernel <= 2.4.20 decode_fh Denial of Service Exploit

No description provided by source. / Linux 2.4.20 knfsd kernel signed/unsigned decodefh DoS Author: jared stanbrough jareds pdx edu Vulnerable code: fs/nfsd/nfs3xdr.c line 52-64 static inline u32 decodefhu32 p, struct svcfh fhp int size; fhinitfhp, NFS3FHSIZE; size = ntohlp++; if size NFS3FHSIZE...

Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting

Kerio MailServer 5.6.3 - Web Mail DOMAP Module Cross-Site Scripting source: https://www.securityfocus.com/bid/7968/info Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the domap module of the Kerio Mailserver web mail component. An...

Sun ONE Application Server 7.0 - Source Disclosure

source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

miniPortail (PHP) : Admin Access

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.aldweb.com/ Version : 1.9, 2.0, 2.1, 2.2 and less ? Problem : Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/admin.php :...

CVE-2002-0687

Zope Server DoS via header injection (CVE-2002-0687) affects Zope versions 2.0 through 2.5.1 beta 1, where the "through the web code" capability allows untrusted users to crash the server by injecting malicious headers into a response. The connected advisories (GHSA-vwrc-g9q6-f675 and OSV) descri...

CVE-2002-2130

publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...

CVE-2002-1752

csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2002-2186

Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL...

W-Agora 4.1.6 - EditForm.php Cross-Site Scripting

W-Agora 4.1.6 - EditForm.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6464/info W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems. A problem with W-Agora may make cross-site scripting attacks possible. It has be...