143 matches found
netsupportDNA.txt
NetSupport DNA HelpDesk SQL Injection Summary DNA Helpdesk is "a fully web based solution providing detailed recording and tracking of user Help Requests". We found the product to contain at least one exploitable SQL Injection vulnerability that would allow a normal user to at the very least gain...
MySQL 4.1/5.0 - Zero-Length Password Authentication Bypass
!/usr/bin/perl The script connects to MySQL and attempts to log in using a zero-length password Based on the vuln found by NGSSecurity The following Perl script can be used to test your version of MySQL. It will display the login packet sent to the server and it's reply. Exploit copyright c 2004 ...
WinZip - MIME Parsing Overflow
WinZip - MIME Parsing Overflow / Author: snooq Date: 14 April 2004 This is a PoC exploit for WinZip32 MIME Parsing Overflow bug reported by iDefense on 27 February 2004. The original advisory is found here: http://www.idefense.com/application/poi/display?id=76 This version is SP dependent becoz m...
YaBBXSS.txt
Advisory Name : YaBB/YaBBse Cross Site Scripting Vulnerability Release Date : Mar 14,2004 Application : YaBB/YaBBse Test On : YaBB 1 GoldSP1.3 YaBB SE 1.5.1 Final Vendor URL : http://www.yabbforum.com/ http://www.yabbse.org/ Discover : Cheng Peng Suapplesoupatmsn.com Proof of conecpt: The problem...
PHP Message Board/Guestbook
Product : PHP Message Board/Guestbook Version : First WebSite : http://www.cyber-cats.com/php Problem : Viewing passwords file Description: ------------ In this script passwords are in passwd.txt file They are encrypted by DES algorithm. In Shrot, all who want see the passwords can make it...
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3)
// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploi...
PHP-Nuke 5.x6.06.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 5.x6.06.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6244/info everal cross site scripting vulnerabilities have been reported for PHP-Nuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious lin...
Microsoft Internet Explorer 6 - URI Handler Restriction Circumvention
source: https://www.securityfocus.com/bid/5730/info Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers such as file:// and res://. It has been demonstrated in the past that these URI handlers could be abused and incorporated into different types of attack...
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (5)
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 5 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...
Microsoft IIS 4.05.0 - HTTP Error Page Cross-Site Scripting
Microsoft IIS 4.05.0 - HTTP Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/4486/info A Cross Site Scripting issue exists in some versions of IIS. The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user...
pkc001.txt
/ pkc001.txt / -= SECURITY ADVISORY 001 =- | \ www.pkcrew.org / \ \ | / \ | | | | | / | | | | | / | | | | / | | / / | | | / | Application : Oops proxy server 1.4.22 1.4.6 and maybe prior Type: heap buffer overflow --- The problem --- Function listparser in ftputils.c : line is the line sent by th...
Solaris 2.6 7 8 - Lock Users Out of mailx
Solaris 2.6 7 8 - Lock Users Out of mailx !/bin/sh Solaris mailx1 username.lock proof of theory makes mailx not work for all users except those that can erase the lockfile even so mailx will hang for a long time. Tested on Solaris 2.6, 7, 8 by Optyx http://www.uberhax0r.net echo "mailx-lock by...
ksh.temp-hole.txt
Author: Paul Szabo Recently I reported that, similarly to the recently discussed tcsh vulnerability, the Bourne shell /bin/sh creates temporary files in an insecure way: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200011230225.N [email protected] At the time I als...
GnomeHack - Local Buffer Overflow
GnomeHack - Local Buffer Overflow / gnomehack local buffer overflow. gid=games60 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/17/2000 Tested on Debian 2.2, kernel 2.2.17 - x86. sgid "games"60 by default. bash-2.03$ id uid=1000loophole gid=501noc bash-2.03$ ....
Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in Pragma TelnetServer 2000 Remote Execute Daemon Vulnerability USSR Advisory Code: USSR-2000051 Release Date: August 24, 2000 Systems Affected: Pragma TelnetServer 2000 for Windows NT/2000 THE PROBLEM: The Ussr Labs team has recentl...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and Setup Variables Can Be Viewed Through DBMan db.cgi Script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch...
Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution
source: https://www.securityfocus.com/bid/993/info The Windows Autorun feature was designed to allow an executable and an icon to be specified for any piece of removable media. Upon insertion, the icon would be displayed for the drive, and the executable would automatically run. This feature also...
SunOS 4.1.1 - '/usr/release/bin/makeinstall' Local Privilege Escalation
source: https://www.securityfocus.com/bid/21/info This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources sunsrc has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall...
SCO Open Server 5.0.5 - cancel Buffer Overflow
// source: https://www.securityfocus.com/bid/702/info There is a buffer overflow vulnerability in /opt/K/SCO/Unix/5.0.5Eb/.softmgmt/var/usr/bin/cancel. It is important to know that the overflows are not in "/usr/bin/cancel" or "/usr/lpd/remote/cancel". The consequence of this vulnerability being...
sendmail.8.9.1-2.txt
Date: Thu, 24 Sep 1998 10:14:06 -0400 From: Simon Smith This is not the same attack as the last one regarding the "". This one does not make your system hang but rather alters permissions is seems. If this was already posted please disregard it...