Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC

No description provided by source. ?php / Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC .oce by rgod found a local vector for this: http://retrogod.altervista.org/9sgoracledatadirect.htm http://www.exploit-db.com/exploits/18007/ This poc will create a...

Commercial Interactive Media SCOOP! 2.3 account_login.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

id Software Quake 3 Arena Server 1.29 Possible Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3123/info Quake3 Arena Server is a software package designed to host multiple Quake 3 players over a network for interactive play. A vulnerability exists in this software that can allow a malicious user to remotely crash ...

WinSyslog Interactive Syslog Server 4.21/ long Message Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8821/info WinSyslog is prone to a remotely exploitable denial of service vulnerability. The issue exists in the Interactive Syslog Server specifically. This occurs when the program receives multiple excessive syslog...

WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software...

HP JetDirect PJL Query Execution

No description provided by source. Exploit Title: HP JetDirect PJL Query Execution Date: Aug 7, 2011 Author: Myo Soe YGN Ethical Hacker Group - http://yehg.net/ Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit Framework a...

interactive story 1.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3028/info Interactive Story is a web-based application written in Perl and is distributed as freeware. Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote...

Commercial Interactive Media SCOOP! 2.3 category.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

Commercial Interactive Media SCOOP! 2.3 articleZone.asp Invalid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

Suidperl 5.00503 Mail Shell Escape Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root...

F@cile Interactive Web <= 0.8x Remote (Include / XSS) Vulnerabilities

No description provided by source. F@cile Interactive Web = 0.8x Multiple Remote Vulnerabilities Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on F@cile Interactive Web = 0.8x Original advisory can be found at: http://www.nukedx.com/?viewdoc=35 File...

openSUSE Security Update : dropbear (openSUSE-SU-2013:1696-1)

dropbear was updated to version 2013.60 to fix following bugs : - Fix 'make install' so that it doesn't always install to /bin and /sbin - Fix 'make install MULTI=1', installing manpages failed - Fix 'make install' when scp is included since it has no manpage - Make --disable-bundled-libtom work ...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

CVE-2013-4727

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx...

CVE-2013-4724

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to...

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

Design/Logic Flaw

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. dot dot in the "l" parameter, which reveals the installation path in an error message...

Session fixation

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

Information disclosure

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx...

Design/Logic Flaw

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to...