[Full-Disclosure] Buffer overflow in Whisper FTP Surfer 1.0.7

PRODUCT Whisper FTP Surfer is a freeware FTP client for Windows DETAILS A buffer overflow in version 1.0.7 latest version occours when trying to open a file with a long name from an FTP Server. For common extension as .txt FTP surfer create a temporary file and tries to open it. When closing the...

RHEL 2.1 : wu-ftpd (RHSA-2003:246)

Updated wu-ftpd packages are available that fix an off-by-one buffer overflow. The wu-ftpd package contains the Washington University FTP File Transfer Protocol server daemon. FTP is a method of transferring files between machines. An off-by-one bug has been discovered in versions of wu-ftpd up t...

rlpr <= 2.04 msg() Remote Format String Exploit

Exploit for linux platform in category remote exploits =============================================== rlpr 0,1,2 lnxstagetwo = "\x31\xc0\x89\xc3\x89\xc1\x89\xc2\xb2\x3f\x88\xd0\xb3\x04" lnxstagetwo += "\xcd\x80\x89\xd0\x41\xcd\x80\x89\xd0\x41\xcd\x80" execute /bin/sh lnxstagetwo += "\x90" 100...

Web Wiz Forums 7.x - Registration_Rules.asp Cross-Site Scripting

Web Wiz Forums 7.x - RegistrationRules.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizi...

Cactusoft CactuShop 5.05.1 - SQL Injection

Cactusoft CactuShop 5.05.1 - SQL Injection source: https://www.securityfocus.com/bid/10019/info Reportedly CactuShop is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user-supplied URI input before using it to craft an SQL query. As a result of...

opera723.txt

Opera Array Allocation Managment Exploit ===================================== Dicovered by- d3thStaR !AM Greets: !AM Crew, Atomix, d3thstar, mgrd, 0x29A Crew, rootthief.com. Sources: Safari Overflow Exploit- kang Confirmed products effected- Opera 7.23 Linux, Opera 7.23 Windows =======Descriptio...

Apple Safari 1.x - Large JavaScript Array Handling Denial of Service

source: https://www.securityfocus.com/bid/9815/info Apple Safari Web Browser is reported to be prone to a security vulnerability related to handling of large JavaScript arrays with 99999999999999999999999 or 0x23000000 elements. By declaring such an array and then attempting to access it, it may ...

Squid Proxy 2.4/2.5 - NULL URL Character Unauthorized Access

source: https://www.securityfocus.com/bid/9778/info It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to attacker-specified resources. The vulnerability presents itself...

PSOProxy 0.91 Remote Buffer Overflow Exploit (Win2k/XP)

Exploit for unknown platform in category remote exploits ======================================================= PSOProxy 0.91 Remote Buffer Overflow Exploit Win2k/XP ======================================================= / Copyright ? Rosiello Security http www rosiello org ================ -==...

GateKeeper Pro 4.7 web proxy Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits =========================================================== GateKeeper Pro 4.7 web proxy Remote Buffer Overflow Exploit =========================================================== /================CRPT - FrenchTeam =================...

[ GLSA 200402-04 ] Gallery &lt;= 1.4.1 and below remote exploit vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200402-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org - - - - - - - - - - - - - - - ...

FreznoShop 1.2.31.3 - Search Script Cross-Site Scripting

FreznoShop 1.2.31.3 - Search Script Cross-Site Scripting source: https://www.securityfocus.com/bid/9359/info FreznoShop is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to the software that include hostile HTML and script code. If such a link was...

MVDSV 0.165 b0.171 Quake Server - Download Buffer Overrun

MVDSV 0.165 b0.171 Quake Server - Download Buffer Overrun source: https://www.securityfocus.com/bid/9218/info The mvdsv Quake Server implementation is prone to a remotely exploitable buffer overrun vulnerability. This could permit execution of arbitrary code in the context of the server...

Epic 1.0.1/1.0.x - CTCP Nickname Server Message Buffer Overrun

// source: https://www.securityfocus.com/bid/8999/info A remotely exploitable buffer overrun has been reported in Epic. This issue may reportedly be exploited by a malicious server that supplies an overly long nickname in a CTCP messages, potentially allowing for execution of arbitrary code in th...

Apache cocoon 2.14/2.2 - Directory Traversal

source: https://www.securityfocus.com/bid/8883/info It has been reported that Apache Cocoon may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/./../' character sequences. The issue is caused by insufficient...

Atrise Everyfind 5.0.2 - search Cross-Site Scripting

source: https://www.securityfocus.com/bid/8740/info It has been reported that Atrise Everyfind is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the search module of the software. This issue may allow a remote attacker ...

Plug and Play Web Server 1.0 002c - Directory Traversal

source: https://www.securityfocus.com/bid/8645/info It has been reported that Plug and Play Web Server is prone a directory traversal issue allowing a remote attacker to traverse outside the server root directory by using '../' or '..' character sequences. Successful exploitation of this...

Critical: Red Hat Security Advisory: : Updated OpenSSH packages fix potential vulnerabilities

Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable. Updated 17 Sep 2003 Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project cve.mitre.org has...

Mah-Jong 1.41.6 - Server Remote Denial of Service

Mah-Jong 1.41.6 - Server Remote Denial of Service source: https://www.securityfocus.com/bid/8558/info A remote denial of service vulnerability has been reported to affect the mah-jong game server. The issue has been reported to be exploitable so that a remote attacker may trigger a tight loop in...

AldWeb MiniPortail 1.92.x - LNG Cross-Site Scripting

AldWeb MiniPortail 1.92.x - LNG Cross-Site Scripting source: https://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code ...