NetLink Shell Upload

====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""; echo "Filename: ".$filename; echo "File Type:...

Automated Solutions Modbus/TCP OPC Server Heap Corruption

!/usr/bin/python asmb-heap.py Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC Jeremy Brown 0xjbrown41-gmail-com Jan 2011 A specially crafted length field in a MODBUS packet header can trigger heap corruption. 00408312 | 8B5424 3C MOV EDX,DWORD PTR SS:ESP+3C - move length into...

Automated Solutions ModbusTCP OPC Server - Remote Heap Corruption (PoC)

Automated Solutions ModbusTCP OPC Server - Remote Heap Corruption PoC !/usr/bin/python asmb-heap.py Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC Jeremy Brown 0xjbrown41-gmail-com Jan 2011 A specially crafted length field in a MODBUS packet header can trigger heap corruptio...

Code injection

Cisco IOS before 15.01XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service device crash via a TFTP copy over IPv6, aka Bug ID CSCtb28877...

CVE-2010-4684

Cisco IOS before 15.0(1)XA1 is affected. When certain TFTP debugging is enabled, a remote attacker can trigger a denial of service (device crash) via a TFTP copy over IPv6 (Bug ID CSCtb28877). The concrete vulnerability details across connected documents confirm the affected software and the atta...

Fedora 14 : openconnect-2.26-4.fc14 (2010-18055)

This update implements DTLS rekeying, elides the session cookie from debugging output by default, and fixes a potential crash on relative HTTP redirect during authentication. It also fixes a problem which occurs when changing VPN hosts in the NetworkManager auth-dialog, after the connection to th...

Fiddler v2.3.1.0 ( Web Debugging Proxy tool ) - Latest Version Download

"Fiddler is a Web Debugging Proxy which logs all HTTPS traffic between your computer and the Internet. Fiddler allows you to inspect all HTTPS traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended...

Image of the Day: Dissecting The ZeroAccess Crimeware

We know a lot about the effects of malicious programs like rootkits and Trojan downloaders. The job of finding out exactly how the programs work, however, is painstaking. That’s because most malware authors worth their salt take steps to make their creations hard to understand. Code obfuscation a...

Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file...

CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

Design/Logic Flaw

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

CVE-2010-3902

CVE-2010-3902 affects OpenConnect; the issue is that the webvpn cookie value could be exposed in debugging output, potentially leaking sensitive information. Root cause: debugging output includes the session cookie. Evidence in connected feeds shows Fedora advisories shifting to fix this by elidi...

CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

DEBIAN-CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

Httpdx 1.5.4 Multiple (http-ftp) PoC

Exploit for windows platform in category dos / poc ==================================== Httpdx 1.5.4 Multiple http-ftp PoC ==================================== !/usr/bin/env python Title: httpdx v1.5.4 Remote HTTP Server DoS 0day By: DrIDE Tested: XPSP3 Download: http://httpdx.sourceforge.net Not...

MS win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks

Exploit for windows platform in category dos / poc ===================================================================== MS Windows win32k!xxxRealDrawMenuItem Missing HBITMAP Bounds Checks ===================================================================== Microsoft Windows...

QNX pdebug Service Detection

The QNX pdebug remote debugging service is running on this host. pdebug should only be used only in development phase. Through this service, it is possible to upload and execute arbitrary code on the host, read or modify memory, stop running processes, etc. An attacker can use this service to tak...