CVE-2004-2181

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the 1 sortby or 2 page parameters to viewuser.php, or the 3 forumid parameter to viewtopic.php. NOTE: the sortby vector was later reported to be present in WowBB 1.65...

VirtuaSystems VirtuaNews 1.0.x (Multiple Modules) - Cross-Site Scripting

VirtuaSystems VirtuaNews 1.0.x Multiple Modules - Cross-Site Scripting source: https://www.securityfocus.com/bid/9812/info It has been reported that the VirtuaNews non-default modules 'Files' and 'Vulns' are prone to multiple cross-site scripting vulnerabilities. These problems surround the...

IE: CHM Attacks are still alive (CHM attack without showHelp())

!! R//an0001 !! CHM Attacks are still alive =========================== Title: CHM Attacks are still alive Date: Tuesday, September 02, 2003 Software: IE What a nice program!!! Vendor: Microsoft Corp. I love Microsoft Patch: N/A Author: Arman Nayyeri, [email protected] Vendor Status:...

MS Windows (RPC DCOM) Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ==================================================== MS Windows RPC DCOM Remote Buffer Overflow Exploit ==================================================== include include include include include include pragma commentlib,"ws232" unsigned...

Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities

Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5516/info Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool. An attacker may exploit this vulnerability by causing a victim user to follow a malicious link...

Local privalege escalation issues with Webmin 0.92

18-02-02 -- [email protected] About Webmin: ------------- "Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms and Java for the File Manager module, you can setup user accounts, Apache, DNS, file sharing and so on." Problem 1...

Cisco Password Bruteforcer Exploit

Exploit for hardware platform in category remote exploits ================================== Cisco Password Bruteforcer Exploit ================================== / .: free source :. .: coded 4 Avatar Corp :. enabler. cisco internal bruteforcer. coder - norby concept - anyone this program just lo...

cmctl_exp

! /usr/bin/ksh cmctl is installed setuid to Oracle by default. See BugTraq ID 170 and Oracle bug id 701297 and 714293. This script will create a setuid Oracle shell, /tmp/.sh redirect environment variables export ORACLEHOME=/tmp export ORAHOME=/tmp mkdir /tmp/bin chmod a+rx /tmp/bin create cmadmi...

thatware.txt

Summary The security vulnerabilities in Thatware allows attacker to gain administrative access to the application. Thatware is a news portal administration, open source, and freely downloaded at: http://www.atthat.com/ Vulnerable systems Thatware 0.3 Exploit 1: If we send it...

wu-ftpd.worm.txt

Date: Wed, 14 Apr 1999 02:19:17 -0300 From: Stu Alchor To: [email protected] Subject: Possible WU-ftpd Worm ? I'm a system administrator of a educational domain which deals with information and technology. During the last 2 weeks, a our network have been acting very weird, with a lot of traffi...