1036 matches found
Scientific Linux Security Update : sysstat on SL5.x i386/x86_64
The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack...
Vivotek Full Data Source CONFIG
Exploit for cgi platform in category web applications Exploit Title: Vivotek Full Data Source CONFIG Date: 09/07/12 Author: Alejandro Leon Morales GothicX Author Mail: Gothicxatfreaknetworkdotin Author Web: www.undermx.blogspot.mx Sofware web: www.vivotek.com Vulnerable version: all Tested on:...
HTTP Protocol header injection vulnerability-vulnerability warning-the black bar safety net
HTTP response header file contains unverified data will lead to cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect. HTTP Protocol header injection vulnerability principles The following cases will appear in the HTTP Protocol header...
CVE-2012-0754
creationtimestamp| type| source ---|---|--- 2012-03-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18572 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobeflashmp4cprt.rb 2023-06-14 21:10:03+00:00|...
Cross site scripting
Cross-site scripting XSS vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."...
CVE-2011-0026
Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...
PT-2011-2023 · Microsoft · Data Access Components +1
Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components MDAC versions 2.8 SP1 through 2.8 SP2 Windows Data Access Components WDAC version 6.0 Description: The issue is related to an integer signedness error in the SQLConnectW function within the odbc32.dll of...
CVE-2003-0213
creationtimestamp| type| source ---|---|--- 2010-11-23 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16845 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/pptp/poptopnegativeread.rb 2025-02-06 03:13:37+00:00| seen...
CVE-2006-3838
creationtimestamp| type| source ---|---|--- 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16438 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16451 2018-05-29 15:50:33+00:00| seen|...
CVE-2009-4769
creationtimestamp| type| source ---|---|--- 2010-08-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16794 2010-08-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16732 2018-05-29 15:50:33+00:00| seen|...
CVE-2002-1643
creationtimestamp| type| source ---|---|--- 2010-08-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16286 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/realserver/describe.rb 2025-02-06 03:13:37+00:00| seen|...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
CVE-2005-1018
creationtimestamp| type| source ---|---|--- 2010-06-22 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16405 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/universalagent.rb 2025-02-06 03:13:38+00:00|...
CVE-2010-1999
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsnphptype parameter, a related issue to CVE-2007-2069...
CVE-2006-1016
creationtimestamp| type| source ---|---|--- 2010-05-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16549 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ieiscomponentinstalled.rb 2025-02-06...
Kwik Pay Payroll 4.10.3 Proof Of Concept
Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: chap0 Email: chap0x90atgmaildotcom Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From Data Source...
Kwik Pay Payroll 4.10.3 - '.mdb' Crash (PoC)
Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: anonymous Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From Data Source Drop-Down: Kwik-Pay Payroll Da...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
CVE-2009-1979
creationtimestamp| type| source ---|---|--- 2009-10-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9905 2010-11-24 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16342 2018-05-29 15:50:33+00:00| seen|...