CVE-2006-6430

CVE-2006-6430 affects Xerox WorkCentre/WorkCentre Pro before versions 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000; these web services do not require HTTPS, allowing remote attackers to sniff unencrypted HTTP traffic and obtain sensitive information. Remediation is to u...

CVE-2006-6430

Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic...

w3m -- format string vulnerability

An anonymous person reports: w3m-0.5.1 crashes when using the -dump or -backend options to open a HTTPS URL with a SSL certificate where the CN contains "%n%n%n%n%n%n"...

CVE-2006-5347

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS04...

CVE-2006-5349

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS07...

CVE-2006-5349

Technical details for CVE-2006-5349 are not publicly available in the provided documents; the entries describe an unspecified vulnerability affecting Oracle HTTP Server 9.2.0.7 on HP Tru64 UNIX without concrete details. Monitor for updates.

CVE-2006-5348

Technical details for CVE-2006-5348 are not publicly provided in the supplied documents. Available records reference the vulnerability but do not specify affected products, root cause, or fixes. Monitor for updates.

CVE-2006-5347

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS04...

CVE-2006-5348

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS05...

CVE-2006-5347

CVE-2006-5347 affects Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2. The vulnerability is described as unspecified with unknown impact and remote attack vectors related to HTTPS/SSL (aka Vuln# OHS04); no remediation details are provided in the connected documents.

CVE-2006-5349

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS07...

Linksys WRT54G routers do not properly validate user credentials

Overview Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. Description The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a w...

[Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])

Eiji James Yoshida wrote in http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049784.html : If 'Encoding' is set to 'Auto Select', and Internet Explorer finds a UTF-7 string in the response's body, it will set the charset encoding to UTF-7 automatically ... Proof of concept:...

Windows Executable Download (http,https,ftp) and Execute

Download an EXE from an HTTPS/FTP URL and execute it This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 429 include Msf::Payload::Windows include Msf::Payload::Single include...

Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"

Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

!/usr/bin/perl Exploit for WEBMIN and USERMIN less than 1.29x ARBITARY REMOTE FILE DISCLOSURE WORKS FOR HTTP AND HTTPS NOW Thrusday 13th July 2006 Vulnerability Disclosure at securitydot.net Coded by UmZ! umz32.dll at gmail.com Make sure you have LWP before using this exploit. USE IT AT YOUR OWN...

Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Expl (perl)

Exploit for multiple platform in category remote exploits ========================================================================= Webmin new; if @ARGV \n"; print"TARGETS are\n "; print"0 - HTTP \n"; print" 1 - HTTPS\n"; print"Define full path with file name \n"; print"Example: ./webmin.pl...

Webmin &lt; 1.290 / Usermin &lt; 1.220 Arbitrary File Disclosure Exploit (perl)

No description provided by source. !/usr/bin/perl Exploit for WEBMIN and USERMIN less than 1.29x ARBITARY REMOTE FILE DISCLOSURE WORKS FOR HTTP AND HTTPS NOW Thrusday 13th July 2006 Vulnerability Disclosure at securitydot.net Coded by UmZ! [email protected] Make sure you have LWP before using...

web-usermin.pl.txt

!/usr/bin/perl Exploit for WEBMIN and USERMIN less than 1.29x ARBITARY REMOTE FILE DISCLOSURE WORKS FOR HTTP AND HTTPS NOW Thrusday 13th July 2006 Vulnerability Disclosure at securitydot.net Coded by UmZ! [email protected] Make sure you have LWP before using this exploit. USE IT AT YOUR OWN RIS...