183 matches found
Sending multipart/form-data requests from Flash (with arbitrary headers)
Hello lists, In my original "Forging HTTP request headers with Flash" paper http://www.securityfocus.com/archive/1/441014, I mentioned forcing multipart/form-data input format to ensure that Flash's LoadVars isn't used to forge the request. However, there's a work-around for the attacker - using...
httpd: Expect header XSS
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...
CVE-2006-3918
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...
DEBIAN-CVE-2006-3918
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...
Apache crossite scripting
By using Expect: header it's possible to inject HTML code to another site's context...
[SA21172] Apache "Expect" Header Cross-Site Scripting Vulnerability
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...
Update Protection against Apache Header Injection Vulnerability
A flaw has been identified in Apache 1.3.34/2.0.57/2.2.1. The flaw specifically exists in the Expect header. Attackers can exploit This flaw by appending malformed Expect headers in outgoing HTTP requests and redirect users to Web sites of their choice...
PT-2006-4764 · Ibm +3 · Ibm Http Server +3
Name of the Vulnerable Software and Affected Versions: IBM HTTP Server versions 6.0 through 6.0.2.13 IBM HTTP Server versions 6.1 through 6.1.0.1 Apache HTTP Server versions 1.3 through 1.3.35 Apache HTTP Server versions 2.0 through 2.0.58 Apache HTTP Server versions 2.2 through 2.2.2 Description...
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marke...
CVE-2001-1467
The CVE-2001-1467 issue affects mkpasswd in expect 5.2.8 as used by Red Hat Linux 6.2–7.0. The underlying problem is that the random number generator is seeded with the process ID, reducing the seed space and enabling easier brute-force password attacks. The associated metrics indicate a HIGH sev...
Mandrake Linux Security Advisory : tcltk (MDKSA-2002:060)
Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run...
Mandrake Linux Security Advisory : expect (MDKSA-2001:087)
A packaging problem that can lead to a root compromise existed in the expect package as provided in Mandrake Linux 8.1. expect would look for libraries in the directory /home/snailtalk/tmp/tcltk-root/usr/lib before any other and if such a user existed on the system, with rogue libraries, if root...
CVE-2001-1374
Summary (concrete details from connected documents): The vulnerability is in the expect utility prior to version 5.32, where it searches for its libraries in /var/tmp before other directories. A local attacker could exploit this by placing a Trojan horse library that mkpasswd would load, potentia...
CVE-2001-0912
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges...
CVE-2001-0912
CVE-2001-0912 affects Mandrake Linux 8.1 in the expect package (8.3.3). A packaging flaw causes expect to search libraries in /home/snailtalk before other directories, enabling a local user to gain root privileges. Mandrake issued MDKSA-2001:087 to address this.
CVE-2001-0912
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges...
expect to get hacked
====================== expect to get hacked ====================== After looking at a recent discussion on vuln-dev, I decided that this might as well be released again. Makes the process of exploiting expect a little rpm -qf which expect expect-5.31-46 Under Redhat 7.0 expect uses the wrong path...
ssh-brute.sh
!/usr/bin/expect -f simple expect exploit to brute force root's password via ssh without detection.. see CLABS200101 for info on this exploit. this is beerware, just buy me a beer at defcon if you like this. build your own dictionary, use at your own risk, no warranty, etc. [email protected]...
hhp-expect_adv0017.txt
------------------------------------------------------------------------------- hhp adv-17 Sec-Advisory/Exploit/Patch www.hhp-programming.net ------------------------------------------------------------------------------- Topic: Expect. Versions: 5.31.8 and 5.28.1, maybe others. Date: 12/12/2000...
hhp's Expect advisory/exploit/patch.
------------------------------------------------------------------------------- hhp adv-17 Sec-Advisory/Exploit/Patch www.hhp-programming.net ------------------------------------------------------------------------------- Topic: Expect. Versions: 5.31.8 and 5.28.1, maybe others. Date: 12/12/2000...