IrfanView 3.99 - .ani Local Buffer Overflow (1)

IrfanView 3.99 - .ani Local Buffer Overflow 1 / IrfanView 3.99 .ANI File Buffer Overflow IrfanView is vulnerable to a buffer overflow when opening a crafted .ani file. The overflow occurs while it is creating a snapshot of the file. This exploit launches calc.exe. Tested against Win XP SP2 FR. Ha...

IBM Lotus Domino Server 6.5 - Remote Overflow

IBM Lotus Domino Server 6.5 - Remote Overflow !/usr/bin/python IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit Tested on windows 2003 server SP0. Coded by Mati Aharoni [email protected] http://www.offensive-security.com Notes: Not the the faint of heart. Iris, I love you Skeleton...

CVE-2006-7142

The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive...

PT-2007-1420 · Utimaco · Utimaco Safeguard

Name of the Vulnerable Software and Affected Versions: Utimaco Safeguard affected versions not specified Description: The centralized management feature of Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files. This allows attackers to...

CVE-2007-1063

Cisco Unified IP Phone models 7906G/7911G/7941G/7961G/7970G/7971G running firmware 8.0(4)SR1 and earlier have a hard-coded SSH credential issue in the SSH server that lets remote attackers access the device. Connected sources (NVD, Tenable, PRION, CVE lists) confirm the root cause as embedded cre...

CVE-2007-1063

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device...

DotClear v1.2.5

DotClear v1.2.5 = RFi Vulnerabilities KaRTaL Download : http://www.spacemarc.it/scriptphp/index.php?script=meganoidesnews111 Script Name : DotClear v1.2.5 Coded By : KaRTaL Contact : k4rtalatgmaildotcom V.Code in : path/index.php require $blogdcpath.'/layout/append.php'; Exploit :...

VS-Link-Partner 2.1 - script_pfad Remote File Inclusion

VS-Link-Partner 2.1 - scriptpfad Remote File Inclusion VS-Link-Partner //'=============================================================================================== //'Script Name: VS-Link-Partner //'.... //'.. //'ERROR--------------------------------------------------------- // ajann,Turkey...

Multiple Printer Providers (Spooler Service) - Local Privilege Escalation

/Private exploit- internal use only Title: Universal exploit for vulnerable printer providers spooler service. Vulnerability: Insecure EnumPrintersW calls Author: Andres Tarasco Acuña - [email protected] Website: http://www.514.es This code should allow to gain SYSTEM privileges with the following...

WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow

/ WinZip - prdelka / incl...

Barracuda Networks垃圾邮件防火墙多个安全漏洞

Barracuda Spam Firewall是用于保护邮件服务器的集成硬件和软件垃圾邮件解决方案。 Barracuda垃圾邮件防火墙Login.pm脚本中的guest帐号有硬编码的口令bnadmin99。尽管guest帐号仅有有限的访问能力，但还是可以获取以下信息： 系统配置，包括IP地址、管理员IP ACL； 邮件消息日志（但没有消息的内容）； 垃圾邮件/杀毒定义的版本信息和系统固件版本。...

elf-infection.txt

gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use at your own risk Coded by...

CVE-2006-5038

The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 010207, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet...

CVE-2006-4001

Login.pm in Barracuda Spam Firewall BSF 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password...

CVE-2006-4001

Login.pm in Barracuda Spam Firewall BSF 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password...

Barracuda Spam Firewall Default Credentials

The firmware version of the Barracuda Spam Firewall detected on the remote device contains a hard-coded password for the 'guest' user account. Additionally, the device reportedly also contains a hard-coded password for the 'admin' account as well as the device fails to properly filter user-suppli...

CVE-2006-3286

The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.263 stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database aka bug CSCsd15951...

CVE-2006-3286

The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.263 stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database aka bug CSCsd15951...

CVE-2006-3286

The CVE-2006-3286 entry concerns Cisco Wireless Control System (WCS) for Linux and Windows prior to 3.2(63). The vulnerability arises from a hard-coded username and password stored in plaintext in unspecified files within the WCS database, enabling remote authenticated users to access the databas...

CVE-2006-3285

The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.251 uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data aka bugs CSCsd15955...