Python 2.22.3 - Documentation Server Error Page Cross-Site Scripting

Python 2.22.3 - Documentation Server Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7353/info It has been reported that the Python Documentation Server is vulnerable to a cross-site scripting problem in error pages. Because of this, an attacker could potentially cause t...

Python 2.2/2.3 - Documentation Server Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/7353/info It has been reported that the Python Documentation Server is vulnerable to a cross-site scripting problem in error pages. Because of this, an attacker could potentially cause the execution of malicious HTML and script code in the browser of a we...

XSS in Python Documentation Server

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: XSS in Python Documentation Server product: Python 2.2.2 and 2.3a2 for Win32 vendor: http://www.python.org risk: low date: 04/02/2k3 tested platform: Windows 98 Second Edition discovered by: euronymous /F0KP advisory urls:...

Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the...

Oracle 9iAS soapdocs Directory Remote Information Disclosure

It is possible to access the Oracle 9iAS Application Server's SOAP documentation directory, which contain the install scripts used with the default SOAP install. These files might be useful for an attacker to determine which application server is in use as well as the name of the disk where Oracl...

Sun AnswerBook2 1.x - Unauthorized Administrative Script Access

Sun AnswerBook2 1.x - Unauthorized Administrative Script Access source: https://www.securityfocus.com/bid/5383/info Sun Microsystems AnswerBook2 allows users to view Sun documentation through a web browser, and is available for Solaris. AnswerBook2 includes an administrative web interface...

Mandrake Security may make unexpected system modifications

Overview The Mandrake Security utility included with Mandrake Linux may make unexpected modifications that affect system security. Description Mandrake Linux includes a tool named Mandrake Security msec that allows system administrators to manage and audit various system parameters associated wit...

ATMSNMPD Vulnerable but not Addressed

ATMSNMPD vulnerable???? Yep! I am challenging anyone out there to find information on line stating that Sun's ATMSNMPD is vulnerable to attack. As of today May 13 2002 there is no information identifying this fact. If you are running SunATM 4.0 or 5.0 and have not added the patches below you are...

Cobalt cube3 css

Try either of the following URLs against your RAQ3 http://host/nav/cList.php?root=/scripth1www.snosoft.com rocks/h1 http://host/nav/cList.php?root=/scriptscriptalert'Snosoft Rocks'/script You will see your code followed by this chunk of java code that was trying to run. "; // get tab configuratio...

CVE-2002-1594

Buffer overflow in 1 grpck and 2 pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument...

Ошибка форматной строки в gm4 (format string)

No description provided...

CVE-2000-1016

The default configuration of Apache httpd.conf on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL...

CVE-2000-1016

The default configuration of Apache httpd.conf on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL...

Denial of Service Vulnerability in Sun AnswerBook2

Topic: Denial of Service Vulnerability in Sun AnswerBook2 Date: 10/24/2000 Status: Vendor Contacted 10/10/2000, Currently unsolved Scope: Local and Remote Denial of Service Platforms: SunOS 5.6, Presumably any running AnswerBook2 Authors: Dave Monnier, Dick Repasky Unix Workstation Support Group...

Horde library Bug part 2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Horde Library $from Bug part 2 + How to exploit with IMP and Sendmail Description: The Fix of the first detected problem with the $from variable in the horde library was just escaping shellchars which avoids directly executing commands. It is still...

Linux News 29.08.00

Linux Kernel pre-patch 2.4.0 test8-pre1 Первый пререлиз восьмого тестового ядра Linux - Linux Kernel 2.4.0. Подробнее: ftp://ftp.funet.fi/pub/linux/kernel/testing Kernel Traffic 82 Очередной Kernel Traffic за номером 82. Подробнее: http://linuxtoday.com/newsstory.php3?ltsn=2000-08-29-010-06-OS-KN...

CVE-1999-0678

CVE-1999-0678 affects the Apache server configured on Debian GNU/Linux where the default ServerRoot is /usr/doc. This misconfiguration allows remote users to read documentation files for the entire server via the web interface. The issue is caused by serving the /usr/doc directory as part of the ...

CVE-1999-0678

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server...

irix-infosrch.cgi.txt

Hi, InfoSearch is a web-based interface to books, manpages, and relnotes, distributed by SGI. No suprises here, no parsing is done on the 'fname' variable before being passed to man2html. i.e. when cmd is 'getdoc' and db is 'man'. Also, fname is the full path to the manpage/relnote! I'm sure...

coldfusion.alert.txt

Date: Friday, 30 Apr 1999 17:00:00 -0400 From: [email protected] To: [email protected] Subject: ColdFusion Security Alert Allaire respects the Web and the privacy of those who use it. To avoid future messages from Allaire, send e-mail to [email protected] with the subject:...