Microsoft IIS 5.0 5.1 - Remote Denial of Service

Microsoft IIS 5.0 5.1 - Remote Denial of Service / Microsoft IIS versions 5.0 and 5.1 remote denial of service exploit that makes use of the vulnerability recently published by SPI dynamics Published on 31.05.2003 / include include include pragma comment lib,"ws232" void graphitte printf"\n ";...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

Batalla Naval 1.0 4 - Remote Buffer Overflow (1)

source: https://www.securityfocus.com/bid/7699/info Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server. !/usr/bin/perl Priv8security.com remote...

Mike Bobbitt Album.PL 0.61 - Remote Command Execution

source: https://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. The precise technical details of this vulnerability are currently unknown. This BID will be...

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (1)

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 1 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...

Buffer Overflow Vulnerability Found in MailMax Version 5

Buffer Overflow Vulnerability Found in MailMax Version 5 http://www.smartmax.com Discovered by Dennis Rand www.Infowarfare.dk ------------------------------------------------------------------------ -----SUMMARY This is a scalable e-mail server that supports SMTP, IMAP4 and POP3 protocols. Its...

Sun SUNWlldap Library Hostname - Local Buffer Overflow

Sun SUNWlldap Library Hostname - Local Buffer Overflow / hoagiesolarisldap.c gcc hoagiesolarisldap.c -o hoagiesolarisldap Author: Andi Greetz to Greuff, philipp and the other hoagie-fellas :- THIS FILE IS FOR STUDYING PURPOSES ONLY AND A PROOF-OF- CONCEPT. THE AUTHOR CAN NOT BE HELD RESPONSIBLE F...

ProtWare "HTML Guardian" has pathetic "encryption"

For $40 or $70, ProtWare's "HTML Guardian" http://www.protware.com claims to "encrypt html code and javascripts, making it impossible to reuse them." Unfortunately, "HTML Guardian" does not do anything more than to obfuscate the HTML source code. There is no encryption. In fact, the JavaScript th...

MyABraCaDaWeb 1.0 - Full Path Disclosure

MyABraCaDaWeb 1.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/7126/info MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software...

CVE-2002-1990

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet...

Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C.

======================================== INetCop Security Advisory 2002-0x82-007 ======================================== Title: Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C. 0x01. Description A simple mode of develop CGI in language C. The libcgi package is a library...

ion-p.exe allows Remote File Retrieving

ion-p.exe allows Remote File Retrieving Exploit Example: www.Server.com/cgi-bin/ion-p.exe?page=c:winntrepairsam Zero X, member of www.lobnan.de -- Powered by Outblaze...

Trillian 0.6351/0.7x - Identd Buffer Overflow

// source: https://www.securityfocus.com/bid/5733/info Trillian ships with an ident server to facilitate connections to IRC servers that require an ident response before allowing access. A buffer overflow condition exists in the Trillian ident server, which may potentially be exploited to cause a...

CVE-2002-0409

orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter...

KF Web Server version 1.0.2 shows file and directory content

KF Web Server version 1.0.2 shows file and directory content .oO Overview Oo. KF Web Server version 1.0.2 shows file and directory content Discovered on 2002, July, 2nd Vendor: KeyFocus http://www.keyfocus.net/kfws/ KF Web Server 1.0.2 is a free personal web server available for Windows...

XSS in Slashcode

There is a nasty Cross Site ScriptingXSS vuln in Slashcode. This was used a day or so go on slashdot.org and resulted in most of the site being taken down for an hour or so. The maintainers of slashcode have patched the problem in CVS but have not even mentioned it anywhere that I can find. This...

[AP] YaBB Cross-Site Scripting vulnerability

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: methodic [email protected] release date: 06/21/2002 homepage: http://sec.angrypacket.com advisory...

Apache Tomcat 3.2.33.2.4 - Example Files Web Root Full Path Disclosure

Apache Tomcat 3.2.33.2.4 - Example Files Web Root Full Path Disclosure source: https://www.securityfocus.com/bid/4877/info Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example...

Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure

source: https://www.securityfocus.com/bid/4877/info Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are request...

Matu FTP 1.74 - Client Buffer Overflow

Matu FTP 1.74 - Client Buffer Overflow source: https://www.securityfocus.com/bid/4572/info An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a Matu FTP client. If,upon user connection, a FTP server '220' response is of excessive length, a...