Microsoft Windows RASMAN Service Memory Corruption (MS06-025; CVE-2006-1314)

RASMAN Remote Access Service Manager is a service that handles the details of establishing the connection to the remote server. This service also provides the client with status information during the connection operation. A vulnerability exists in RASMAN service that would allow an attacker who...

Cisco Access Point Web Browser Interface contains a vulnerability

Overview A vulnerability in the HTTP management interface for some configurations of Cisco wireless access points could allow a remote attacker to take complete control over the affected device. Description Cisco wireless access points allow administrators to create more than one set of...

iShopCart - vGetPost() Remote Buffer Overflow (CGI)

iShopCart - vGetPost Remote Buffer Overflow CGI / Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: ishopcart-cgi-bof.c include include include include include include include include define PORT 80 define CBPORT 31337 define IPOFFSET 33 + 13 define PORTOFFSET 39 + 13 // + 13 to the...

Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow

source: https://www.securityfocus.com/bid/18129/info Alt-N MDaemon IMAP Server is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This iss...

openvpn207.txt

Hi, There is a flaw well more a stupid design than anything else in OpenVPN 2.0.7 and below in the the Remote Management Interface that allows an attacker to gain complete control because there is NO AUTHENTICATION YES NO AUTHENTICATION AT ALL!. This can be carried out from within the LAN that th...

MERCUR Messaging IMAP Service Multiple Command Remote Overflow

The remote host is running MERCUR Messaging Server / Mailserver, a commercial messaging application for Windows. The IMAP server component of this software fails to properly copy overly-long arguments to LOGIN and SELECT commands, which can be exploited to crash the server and possibly to execute...

CVE-2005-4675

CVE-2005-4675 describes a Cross-site scripting (XSS) vulnerability in list.php of the product Complete PHP Counter, exploitable via the c parameter to inject arbitrary web script or HTML. The available connected documents confirm the affected component (list.php) and the vulnerable input (the c p...

CVE-2005-4674

Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the 1 c or 2 s parameter...

CVE-2005-4674

CVE-2005-4674 affects Complete PHP Counter. Vulnerable is list.php; remote attackers can inject via the (1) c or (2) s parameter, leading to arbitrary SQL execution. Affects the product as described in multiple sources (NVD, CVE records). The NVD metrics assign a base score of 7.5 (HIGH) with net...

CVE-2005-4675

Cross-site scripting XSS vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter...

123 Flash Chat 5.0 - Remote Code Injection

source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to take complete control of the...

Cray UNICOS usrbinscript - Command Line Argument Local Overflow

Cray UNICOS usrbinscript - Command Line Argument Local Overflow source: https://www.securityfocus.com/bid/16205/info Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities wi...

CVE-2005-4674

Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the 1 c or 2 s parameter...

CVE-2005-4675

Cross-site scripting XSS vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter...

Sun JavaServer Default Admin Password (HTTP)

This host is running the Sun JavaServer. This server has the default username and password of admin. SPDX-FileCopyrightText: 2002 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

eSeSIX Thintune Thin Client Multiple Vulnerabilities

Multiple security vulnerabilities have been found in Thintune, one of them is a backdoor password SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Microsoft COM+ contains a memory management flaw

Overview Microsoft COM+ contains a vulnerability due to a memory management flaw that may allow an attacker to take complete control of an affected system. Description Microsoft gives the following definition of COM+: COM+ is the next step in the evolution of the Microsoft Component Object Model...

phpCounter.txt

------------------------------------------------------ Nightmare TeAmZ Advisory 001 ------------------------------------------------------ Date - 10/2005 Complete PHP Counter Multiple Vulnerability AFFECTED PRODUCTS ================= Complete PHP Counter http://www.dotcombuilder.com OVERVIEW...

MS Windows Plug-and-Play Service Remote Universal Expl (MS05-039)

Exploit for unknown platform in category remote exploits ==================================================================== MS Windows Plug-and-Play Service Remote Universal Exploit MS05-039 ==================================================================== / HOD-ms05039-pnp-expl.c: 2005-08-1...

ECI Telecom B-FOCuS Router 312+ - Unauthorized Access

source: https://www.securityfocus.com/bid/14364/info B-FOCuS Router 312+ is affected by a vulnerability that can allow unauthorized attackers to gain access to an affected device. An attacker can disclose the administrator password through the Web interface of the device. This can lead to a...