Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...

Xinetd 2.1.x/2.3.x - Rejected Connection Memory Leakage Denial of Service

source: https://www.securityfocus.com/bid/7382/info A denial of service vulnerability has been reported for Xinetd. The vulnerability exists due to memory leaks occuring when connections are rejected. Numerous, repeated connections to a vulnerable Xinetd server will result in the consumption of a...

Vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host.

There is a vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host. The exploit was tested on Windows and as far as I know it will only work on windows.. It will not work on nix because of file permissions. Upload Lite 3.22 from PerlScriptsJavaScripts.c...

Half-Life StatsMe 2.6.x Plugin - CMD_ARGV Buffer Overflow

Half-Life StatsMe 2.6.x Plugin - CMDARGV Buffer Overflow // source: https://www.securityfocus.com/bid/6575/info // The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the...

H-Sphere WebShell 2.4 - Remote Command Execution

/ source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a...

Polycom ViaVideo 2.23.0 - Denial of Service

Polycom ViaVideo 2.23.0 - Denial of Service source: https://www.securityfocus.com/bid/5962/info Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. The device may...

XSS bug in PHPNuke 6.0

Vulnerable systems: PHPNuke 6.0 & mabey all Exploit: 1- go to http://traget/modules.php?name=Downloads&dop=search 2- put in form search this code : Scriptjavascript:alertdocument.cookie/Script 3- click "Search" without "" you can't use it an URL like this http://traget/modules.php?...

XSS bug in Zorum 2.4

Vulnerable systems: Zorum 2.4 Exploit: zusershow.php?method=showuserlink&class=Scriptjavascript:alert document.cookie/Script&rollid=admin&x=3da59a9da8825& without "" Solution: i think that will work , but im not sure open dbtreelistpropertymethod.php and put this code in line 7: $class =...

phpGB 1.x - SQL Injection

source: https://www.securityfocus.com/bid/5673/info phpGB is vulnerable to a SQL injection vulnerability. The cause of the issue is that the bulletin board relies on the PHP magicquotesgpc directive to sanitize variables that are used in SQL queries. If magicquotesgpc is not enabled, then it will...

Microsoft Word 95979820002002 Excel 2002 - INCLUDETEXT Document Sharing File Disclosure

Microsoft Word 95979820002002 Excel 2002 - INCLUDETEXT Document Sharing File Disclosure source: https://www.securityfocus.com/bid/5586/info The Microsoft Word and Excel INCLUDETEXT Field Code may be used to insert an arbitrary local file into a document. The INCLUDETEXT Field Code is reported to,...

Macromedia JRun 34 - Administrative Authentication Bypass

Macromedia JRun 34 - Administrative Authentication Bypass source: https://www.securityfocus.com/bid/5118/info Macromedia JRun is prone to an issue which may allow remote attackers to bypass the authentication page for the admin server. This may be exploited by adding an extraneous '/' to a reques...

Sambar Server 5.1 - Script Source Disclosure

Sambar Server 5.1 - Script Source Disclosure source: https://www.securityfocus.com/bid/4533/info An issue has been discovered in Sambar Server, which could allow a user to reveal the source code of script files. Submitting a request for a known script file along with a space and null character %0...

Qualcomm QPopper 4.0.x - Remote Denial of Service

Qualcomm QPopper 4.0.x - Remote Denial of Service source: https://www.securityfocus.com/bid/4295/info Qualcomm's QPopper is a POP3 mail server for Linux and Unix based systems. Recent versions of QPopper have been released as open source projects. A vulnerability has been reported in some version...

phpnukeEKO.txt

// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. echo7 // // [email protected] http://nyshock.hypermart.net // // efnet dna // PHP Nuke can expose full Path beginning with root dir Which can be used to plan further attack against a Vulnerable website, Disposing Information...

XMB cross-scripting vulnerability

XMB is a php-based forum. This product contain a Cross Site Scripting vulnerability that allows attackers to insert JavaScript code and other HTML code into existing messages, bypassing the internal JavaScript/HTML code stripper. Exploit: imgjavasCript:alert'Hello world.'/img Vulnerable systems:...

Macinosh IE file execuion vulerability

Problem: Malicious webmaster can execute files, if the victim is using Internet Explorer 5. Affected versions: IE 5.0, probably earlier, on Classic systemsbelow OS X Description: If you know the file path you can execute watever you want. What makes it difficult is that macintosh hard drives have...

sadmind-howto.txt

rpc.sadmind 27/02/2000 ------------------------ The bug rpc.sadmind has been reported a long time ago. But there has never been a manual for it. So i decided to explain how to exploit the bug. First of all i would recommend to use the sadmind brute forcer for the sploit files sadmindex-sparc.c an...

Gallery Addon for PhpNuke remote file viewing vulnerability

Gallery Addon for PhpNuke remote file viewing vulnerability Problem discovered: 18/10/2001 by Cabezon Aurйlien | [email protected] 1 Description Gallery is an intuitive web based photo gallery with authenticated users and privileged albums. Photo management includes automatic...

basilix bug

+--------------------------------------+ | Basilix Webmail System Vulnerability | +--------------------------------------+ Release Date : 13:49, 6 July 2001 Version Affected : Basilix Webmail System 1.0.2beta Basilix Webmail System 1.0.3beta Description : basilix lunches a file which name is read...

PHPSlash : potential vulnerability in URL blocks

sAvAte inc. Serial Savate System advisory --------------------------------------- xxxxxxxxxxx2.adv.en Program: PHPSLASH Homepage: http://www.phpslash.org Author Contacted: 15/apr/2001 Answer: 16/apr/2001 ajayrockrock Patch : 16/apr/2001 Version tested: 0.6.1 Found by : tobozo - Problem descriptio...