[Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])

Eiji James Yoshida wrote in http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049784.html : If 'Encoding' is set to 'Auto Select', and Internet Explorer finds a UTF-7 string in the response's body, it will set the charset encoding to UTF-7 automatically ... Proof of concept:...

Windows Executable Download (http,https,ftp) and Execute

Download an EXE from an HTTPS/FTP URL and execute it This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 429 include Msf::Payload::Windows include Msf::Payload::Single include...

Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"

Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...

Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Exploit (perl)

No description provided by source. !/usr/bin/perl Exploit for WEBMIN and USERMIN less than 1.29x ARBITARY REMOTE FILE DISCLOSURE WORKS FOR HTTP AND HTTPS NOW Thrusday 13th July 2006 Vulnerability Disclosure at securitydot.net Coded by UmZ! [email protected] Make sure you have LWP before using...

web-usermin.pl.txt

!/usr/bin/perl Exploit for WEBMIN and USERMIN less than 1.29x ARBITARY REMOTE FILE DISCLOSURE WORKS FOR HTTP AND HTTPS NOW Thrusday 13th July 2006 Vulnerability Disclosure at securitydot.net Coded by UmZ! [email protected] Make sure you have LWP before using this exploit. USE IT AT YOUR OWN RIS...

Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Expl (perl)

Exploit for multiple platform in category remote exploits ========================================================================= Webmin new; if @ARGV \n"; print"TARGETS are\n "; print"0 - HTTP \n"; print" 1 - HTTPS\n"; print"Define full path with file name \n"; print"Example: ./webmin.pl...

Webmin &lt; 1.290 / Usermin &lt; 1.220 - Arbitrary File Disclosure

!/usr/bin/perl Exploit for WEBMIN and USERMIN less than 1.29x ARBITARY REMOTE FILE DISCLOSURE WORKS FOR HTTP AND HTTPS NOW Thrusday 13th July 2006 Vulnerability Disclosure at securitydot.net Coded by UmZ! umz32.dll at gmail.com Make sure you have LWP before using this exploit. USE IT AT YOUR OWN...

CVE-2006-3548

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a 1 javascript URI or an external 2 http, 3 https, or 4 ftp URI in the url parameter in services/go.php a...

CVE-2006-3549

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via 1 http, 2 https, and 3 ftp URL in the url parameter...

CVE-2006-3548

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a 1 javascript URI or an external 2 http, 3 https, or 4 ftp URI in the url parameter in services/go.php a...

Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP interface on TCP port 8028 and an HTTPS...

ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability

ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-016.html May 22, 2006 -- CVE ID: CVE-2006-2496 -- Affected Vendor: Novell -- Affected Products: Novell eDirectory 8.8 Novell iMonitor 2.4 -- TippingPointTM IPS Customer...

Novell eDirectory Novell Directory Service buffer overflow

iMonitor NDS Server buffer overflow HTTP TCP/8028, HTTPS TCP/8038 on oversized URI in NDS path...

Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities

The remote host appears to be running Symantec Scan Engine. This version of Scan Engine is vulnerable to several flaws that could allow a remote attacker to take control of the scan engine. The following flaws are present: - Fixed HTTPS certificate key - Configuration file retrieval with...

Kerio WinRoute Firewall HTTP/HTTPS Management Detection

The remote host is running a firewall application. Description : The remote host appears to be running the Kerio WinRoute Firewall application. It is possible to access the HTTP or HTTPS management interface on the host. OpenVAS Vulnerability Test $Id: keriowrfmanagementdetection.nasl 8023...

pound reverse proxy / load balancer / HTTPS front-end buffer overflow

Buffer overflow on oversized hostname...

Multiple Microsoft Internet Explorer vulnerabilities

Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak...

CVE-2005-2830

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."...

CVE-2005-2830

CVE-2005-2830 is an information-disclosure vulnerability in Microsoft Internet Explorer 5.01/5.5/6 when using an HTTPS proxy that requires Basic Authentication, causing URLs to be sent in cleartext. The issue is documented in the HTTPS Proxy Vulnerability (CAN-2005-2830) and is addressed by Micro...