Apache mod_dav svn - Remote Denial of Service

Apache moddav svn - Remote Denial of Service furoffyourcat.pl Apache moddav / svn Remote Denial of Service Exploit by kcope / June 2009 Will exhaust all system memory Needs Authentication on normal DAV This can be especially serious stuff when used against svn subversion servers!! Svn might let t...

ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)

ICQ 6.5 - URL Search Hook Windows Explorer Remote Buffer Overflow PoC g f44.104: Access violation - code c0000005 !!! second chance !!! eax=02100068 ebx=772a23c1 ecx=0210cefa edx=00000823 esi=00610061 edi=00000000 eip=772a533f esp=0210cec0 ebp=0210cec4 iopl=0 nv up ei pl nz na po nc cs=001b ss=00...

SonicWALL Global VPN Client weak file permissions

Everyone:Full Control permission on application folder...

SiteX 0.7.4.418 - 'THEME_FOLDER' Local File Inclusion

=-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script:SiteX074build418.zip ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download...

SiteX 0.7.4.418 Local File Inclusion

=-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script:SiteX074build418.zip ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download...

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)

No description provided by source. Blog with a detailed description: http://www.skullsecurity.org/blog/?p=285 And the patch itself: http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch mkdir cadaver-h4x cd cadaver-h4x wget http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch...

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)

Blog with a detailed description: http://www.skullsecurity.org/blog/?p=285 And the patch itself: http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch mkdir cadaver-h4x cd cadaver-h4x wget http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch --snip-- wget...

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)

Exploit for windows platform in category remote exploits ===================================================================== Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit patch ===================================================================== And the patch itself:...

Pinnacle Studio 12 - '.hfz' Directory Traversal

?php / Pinnacle Studio 12 "Hollywood FX Compressed Archive" .hfz directory traversal vulnerability poc by Nine:Situations:Group::pyrokinesis Our site: http://retrogod.altervista.org/ Software site: http://www.pinnaclesys.com/ Some keys exported from the registry: HKEYCLASSESROOT.hfz @="hfzfile"...

Bitweaver 2.6 - 'saveFeed()' Remote Code Execution

saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal sequences... now look at saveFeed function in /rss/feedcreator.class.php ... function saveFeed$filename="", $displayContents=tru...

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

No description provided by source. ?php / Bitweaver = 2.6 /boards/boardsrss.php / saveFeed remote code execution exploit by Nine:Situations:Group::bookoo php.ini independent site: http://retrogod.altervista.org/ software site: http://www.bitweaver.org/ You need an user account and you need to...

MDVA-2009:018-1 : clamav

This update fixes several issues with clamav: - update unexpectely changes location of clamd socket 46459 - clamav-milter was not built 46555 - Clamav-milter wanted to remove postfix 46556 - Scanning mail with clamav leaves a big temporary folder 46642 - Build fails if invoked with --with milter,...

Trend Micro OfficeScan Client - DOS

Application: Trend Micro OfficeScan Client for Windows 8.0 sp1 OS: Windows XP ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description OfficeScan is a good antivirus that used in man...

VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)

VMware products installed on the remote host are reportedly affected by multiple vulnerabilities : - A vulnerability in the guest virtual device driver could allow an attacker to use the guest operating system to crash the host operating system. CVE-2008-3761 - A denial of service vulnerability...

VulnCheck KEV: CVE-2006-6884

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control aka Sky Software "FileView" ActiveX control for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198...

GDL 4.x (node) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================= GDL 4.x node Remote SQL Injection Vulnerability ================================================= Discovered by g4t3w4y transitory only...

Mandrake Security Advisory MDVSA-2009:064 (imap)

The remote host is missing an update to imap announced via advisory MDVSA-2009:064. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-6295

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

CVE-2008-6295

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

HP Quality Center缓存工作流脚本绕过安全限制漏洞

BUGTRAQ ID: 33854 CVECAN ID: CVE-2007-5289 HP质量中心可管理和控制质量流程，并在IT和应用环境中实现软件测试自动化。 HP质量中心的前端有一些嵌入到WEB浏览器中的COM组件组成。质量中心提供了自定义功能（被称为工作流），允许管理员修改默认的行为。这个工作流是由VBScript函数驱动的，每当客户端前端出现特定的事件时就会调用这些函数。...