5501 matches found
SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit
No description provided by source. !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 =...
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...
BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities
BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernam...
BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernames in the Plumtree portal as well as the server hostname, build date, and server version. Informati...
Fedora 7 : net-snmp-5.4-16.fc7 (2007-3019)
Fri Oct 19 2007 Jan Safranek 5.4-16 - License: field fixed to 'BSD and CMU' - fix hrSWInst 250237 - fix leak in UDP transport 247771 - fix remote DoS attack CVE-2007-5846 - Mon Oct 8 2007 Jan Safranek 5.4-15 - License: field changed to MIT - fix segfault on parsing smuxpeer without password...
Moderate: Red Hat Bug Fix Advisory: tcp_wrappers bug fix update
Updated tcpwrappers packages that fix several bugs are now available. The tcpwrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk and other network services. It also contains the libwrap libra...
CVE-2002-2367
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname...
CVE-2003-1377
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon SIRCD 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname...
CVE-2002-2261
CVE-2002-2261 affects Sendmail versions 8.9.0–8.12.6. The flaw allows remote attackers to bypass relaying restrictions enforced by the check_relay function by spoofing a blank DNS hostname. Root cause is related to how the relay check handles DNS hostnames, enabling unauthorized relaying. No expl...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)
This update brings Mozilla Firefox to security update version 1.5.0.10. - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume...
eXtremail 2.1.1 - 'memmove()' Remote Denial of Service
!/usr/bin/perl extremail-v3.pl Copyright c 2006 by eXtremail 1,50 $maxlen = intrand50 + 1; 0, $maxlen 0.75 - 0, $maxlen 0x75 - 1 $pad1len = intrand$maxlen 0.75; 0, $maxlen - $pad1len/2 - 1, $maxlen - $pad1len/2 $pad2len = intrand$maxlen - $pad1len/length"%s" + 1; $pad3len = $maxlen - $pad1len -...
Apache Tomcat - 'WebDAV' Remote File Disclosure
!/usr/bin/perl Apache Tomcat Remote File Disclosure Zeroday Xploit kcdarookie aka eliteb0y / 2007 thanx to the whole team & andi : +++KEEP PRIV8+++ This Bug may reside in different WebDav implementations, Warp your mind! +You will need auth for the exploit to work... use IO::Socket; use...
Cisco IOS LPD buffer overflow vulnerability
Overview The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition . Description The Cisco IOS includes support for the UNIX Line Printer Daemon...
CVE-2007-5381
Stack-based buffer overflow in the Line Printer Daemon LPD in Cisco IOS before 12.218SXF11, 12.416a, and 12.42T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to th...
Cisco routers IOS LPD server buffer overflows
Buffer overflow if oversized local hostname is set...
CVE-2007-5213
Multiple cross-site request forgery CSRF vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by 1 an SMTP server change through the confSMTPMailServer1 parameter to ServerManager.srv and 2...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by 1 an SMTP server change through the confSMTPMailServer1 parameter to ServerManager.srv and 2...
SOL6916 - Case change in URL host name circumvents Accessibility Scope
It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...
WengoPhone SIP Soft Phone畸形报文拒绝服务漏洞
WengoPhone SIP Soft Phone是一款基于SIP的VoIP电话程序。 WengoPhone SIP Soft Phone实现存在消息验证检查问题,远程攻击者可以利用漏洞进行拒绝服务攻击,使应用程序崩溃。 问题是存在于SIP客户端组件不正确处理SIP报文,MESSAGE处理没有"Content-Type"字段的畸形报文可导致应用程序崩溃。 Wengo WengoPhone 2.1 目前没有解决方案提供: http://www.wengophone.com/ /main.cpp/ include stdio.h include string using namespace...
CVE-2007-3144
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...