52 matches found
CVE-2018-10949
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...
Mapbox: Node modules path disclosure due to lack of error handling
On May 2nd, 2017 @apapedulimu reported an issue where changing a POST request to a GET request on one of our integration servers returned a full error stack trace rather than an HTTP 404 error. The full error stack trace revealed the full path of the Node.js modules directory on the integration...
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 except 2.3.20.2 and 2.3.24.2. Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled. This module requires Metasploit:...
SquareCMS 0.3.1 - post.php SQL Injection
SquareCMS 0.3.1 - post.php SQL Injection SquareCMS 0.3.1 post.php Remote SQL Injection Vulnerability found by cOndemned vendor: http://spoolio.co.cc/ download: http://webscripts.softpedia.com/script/Content-Management/Square-CMS-66303.html prior versions may also be affected source of post.php...
Splunk 4.0 - 4.1.2 XSS Vulnerability
Splunk is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk";...
Web Trojan samples to obtain a simple process-vulnerability warning-the black bar safety net
| The morning our server is hanging Horse, the analysis of the next, by the step to write out! Share, nothing technical content, the master can skip! --- Yesterday evening found the Trojan to do a simple analysis, the Trojan path is! http://www. . com/ma/web.htm Think of a way to get its source...
CVE-2007-1504
Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...
Sami HTTP Server 2.0.1 (HTTP 404 - Object not found) DoS Exploit
No description provided by source. !/usr/bin/env python import socket print "-----------------------------------------------------------------------" print "Sami HTTP Server HTTP 404 - Object not found Denial of Service" print "url: http://www.karjasoft.com" print "author: shinnai" print "mail:...
Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service
!/usr/bin/env python import socket print "-----------------------------------------------------------------------" print "Sami HTTP Server HTTP 404 - Object not found Denial of Service" print "url: http://www.karjasoft.com" print "author: shinnai" print "mail: shinnaiatautisticidotorg" print "sit...
Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service
Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service !/usr/bin/env python import socket print "-----------------------------------------------------------------------" print "Sami HTTP Server HTTP 404 - Object not found Denial of Service" print "url: http://www.karjasoft.com" prin...
CVE-2006-5152
Cross-site scripting XSS vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032...
[Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])
Eiji James Yoshida wrote in http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049784.html : If 'Encoding' is set to 'Auto Select', and Internet Explorer finds a UTF-7 string in the response's body, it will set the charset encoding to UTF-7 automatically ... Proof of concept:...