CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

Design/Logic Flaw

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

CVE-2010-3902

CVE-2010-3902 affects OpenConnect; the issue is that the webvpn cookie value could be exposed in debugging output, potentially leaking sensitive information. Root cause: debugging output includes the session cookie. Evidence in connected feeds shows Fedora advisories shifting to fix this by elidi...

CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

DEBIAN-CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

Httpdx 1.5.4 Multiple (http-ftp) PoC

Exploit for windows platform in category dos / poc ==================================== Httpdx 1.5.4 Multiple http-ftp PoC ==================================== !/usr/bin/env python Title: httpdx v1.5.4 Remote HTTP Server DoS 0day By: DrIDE Tested: XPSP3 Download: http://httpdx.sourceforge.net Not...

MS win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks

Exploit for windows platform in category dos / poc ===================================================================== MS Windows win32k!xxxRealDrawMenuItem Missing HBITMAP Bounds Checks ===================================================================== Microsoft Windows...

QNX pdebug Service Detection

The QNX pdebug remote debugging service is running on this host. pdebug should only be used only in development phase. Through this service, it is possible to upload and execute arbitrary code on the host, read or modify memory, stop running processes, etc. An attacker can use this service to tak...

[SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2078-1 [email protected] http://www.debian.org/security/ Nico Golde July 31nd, 2010 http://www.debian.org/security/faq -...

CVE-2010-2540

CVE-2010-2540 affects MapServer’s mapserv CGI interface. In MapServer versions prior to 4.10.6 and 5.x prior to 5.6.4, CGI arguments intended for debugging are not properly restricted, enabling remote attackers to craft arguments and trigger an unspecified impact. Fixed in MapServer 4.10.6 and 5....

Fedora 13 : gcc-4.4.4-10.fc13 (2010-10415)

Wed Jun 30 2010 Jakub Jelinek 4.4.4-10 - update from gcc-44-branch - PRs fortran/43841, fortran/43843, tree-optimization/44683 - fix qualified-id as template argument handling 605761, PR c++/44587 - -Wunused-but-set- staticcast fix PR c++/44682 - VTA backports - PRs debug/44610, debug/44668,...

Cкрипт для работы со слепыми инъекциями

Скрипт для работы со слепыми инъекциями. Наверное аналогов очень много, но этот скрипт заточен под слепые инъекции, а так же я постарался включить в него все возможные функции к примеру работа с informationschema очень полезно если версия БД = 5 или вывод файла что будет применимо если версия БД ...

Motorola SB5101 Hax0rware Rajko HTTPd Remote Proof Of Concept

!/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32 and R39 Description: Motorola SB5101 Hax0rware Rajko HttpD Remote...

Motorola SB5101 Hax0rware Rajko HTTPD Remote Exploit PoC

Exploit for hardware platform in category dos / poc ======================================================== Motorola SB5101 Hax0rware Rajko HTTPD Remote Exploit PoC ======================================================== !/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC...

Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service (PoC)

Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service PoC !/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32...

Motorola SB5101 Hax0rware Event Reset Remote Overflow

Exploit for hardware platform in category dos / poc ===================================================== Motorola SB5101 Hax0rware Event Reset Remote Overflow ===================================================== !/usr/bin/perl Motorola SB5101 Hax0rware Event Reset Remote Overflow Tested on...

Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service (PoC)

!/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32 and R39 Description: Motorola SB5101 Hax0rware Rajko HttpD Remote...

Sun Solaris多个libc库数字转换函数缓冲区溢出漏洞

BUGTRAQ ID: 40309 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris操作系统的libc库中所使用的econvert、ecvt、fcvt和gcvt等函数在执行数字转换操作时存在缓冲区溢出漏洞，攻击者提交恶意请求就可以触发这些溢出，导致执行任意指令。 Sun Solaris 10.0x86 Sun Solaris 10.0 厂商补丁： Sun --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://sunsolve.sun.com/security - --- 1. Sun Solar...