50 matches found
SimpleServer:WWW 1.0.7/1.0.8/1.13 Hex Encoded URL Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3112/info SimpleServer:WWW is a freely available HTTP daemon available from AnalogX. It is designed for simplicity of operation. A problem with the web server could allow a remote user to execute arbitrary commands, and...
rnd_hex_encode
This evasion plugin adds random hex encoding. Example: Input: /bar/foo.asp Output : /b%61r/%66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...
Adobe PDF Escape EXE Social Engineering (No JavaScript)
This module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack. This module requires Metasploit: https://metasploit.com/download Current source:...
Let the administrator help you restart the machine-vulnerability warning-the black bar safety net
Let the administrator help you restart the machine Sometimes, we go through the database backup a batch to the Startup menu, you want the server on the next restart to run our batch processing. But we, Ah, etc., the server is not restarting, what should I do? Allow administrator to help us restar...
[RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View
Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to Cross Site Scripting attacks in its email view. This enables attackers to send emails with embedded JavaScript code, for exampl...
DansGuardianHex编码文件扩展名URI内容过滤绕过漏洞 Exploit
No description provided by source. Rubén Molina ([email protected])提供了如下测试方法: 使用如下扩展名: http://server/file.%65%78%65 或http://server/file%2eexe...
CVE-2005-0831
PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters...
PT-2004-3257 · Phpx · Phpx
Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6 Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via hex-encoded tags. This is achieved by bypassing the check for literal "", "", and "" characters in the checkURI...
zonelabsFilter.txt
Zone Labs IMsecure Active Link Filter Bypass http://www.kurczaba.com/html/security/0410141.htm ------------------------------------------------- Overview: A vulnerability has been discovered in the Zone Labs IMsecure Active Link Filter Vendor: Zone Labs http://www.zonelabs.com Affected...
[Full-Disclosure] [Fwd: DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability]
DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability ========================================================================== Original Release Date: 2004-07-29 Author: Ruben Molina a.k.a fradiavolo Email: [email protected] !!! VIVA COLOMBIA !!! 1. Systems affected: All...