366 matches found
Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Lianja SQL 1.0.0RC5.1 dbnetserver Sta...
Novell eDirectory NCP Stack Buffer Overflow (CVE-2012-0432)
A stack buffer overflow exists in Novell eDirectory NetWare Core Protocol NCP stack. The vulnerability is due to lack of bounds checking in the KeyedObjectLogin function. A remote attacker could exploit this vulnerability by sending TCP packets with malicious data...
SA-CONTRIB-2012-143 PRH Search - Cross Site Scripting (XSS)
PRH Search provides an interface to search for association information for Finnish association using the PRH Patentti- ja Rekisterihallitus database. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection vulnerability XSS...
XSRF vulnerability in the Mail Page plugin
We have identified and fixed a cross-site request forgery XSRF vulnerability which may affect Confluence instances in a public environment. The XSRF vulnerability is exposed in the Confluence Mail Page plugin. Note that the Mail Page plugin is disabled by default. If you do not have this plugin...
Easy RM To MP3 2.7.3.7000 Buffer Overflow
Exploit Title: Easy RM to MP3 2.7.3.700 Local Buffer Overflow .m3u , .pls , .smi , .wpl , .wax , .wvx , .ram Date: 4 / 8 / 2010 Author: Oh Yaw Theng Software Link: http://www.exploit-db.com/application/10642/ Version: 2.7.3.700 Tested on: Windows XP SP 1 CVE : N / A !/usr/bin/python This exploit...
dotDefender - Cross-Site Scripting Security Bypass
dotDefender - Cross-Site Scripting Security Bypass source: https://www.securityfocus.com/bid/41560/info dotDefender is prone to a security-bypass vulnerability because it fails to restrict malicious data from reaching protected sites. Remote attackers can exploit this issue to bypass security...
FreeBSD : horde-base -- multiple vulnerabilities (ee23aa09-a175-11de-96c0-0011098ad87f)
The Horde team reports : An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files. An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a...
IBM DB2 < 9.5 pack 3a Malicious Data Stream Denial of Service Exploit
No description provided by source. Discovered by Dennis Yurichev [email protected] DB2TEST database should be present on target system GUEST account with QQ password shoule be present on target system from sys import from socket import sockobj = socketAFINET, SOCKSTREAM sockobj.connect argv1, 500...
IBM DB2 < 9.5 pack 3a Malicious Data Stream Denial of Service Exploit
Exploit for multiple platform in category dos / poc ===================================================================== IBM DB2 9.5 pack 3a Malicious Data Stream Denial of Service Exploit ===================================================================== Discovered by Dennis Yurichev DB2TEST...
wordpress -- header rss feed script insertion vulnerability
Secunia reports: Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed...
Opera Web浏览器HTML注入及跨站脚本漏洞
BUGTRAQ ID: 31842 Opera是一款流行的WEB浏览器,支持多种平台。 Opera的9.61之前版本中的多个安全漏洞可能允许恶意用户执行脚本注入攻击、绕过某些安全限制或泄露敏感信息。 1 History Search功能没有正确地过滤某些输入,用户在查看恶意数据时可能在用户的浏览器会话中注入任意HTML和脚本代码,导致泄露之前所访问的页面。 2 实现Fast Forward功能中的错误可能允许通过特制的JavaScript URL在受限制的帧中执行任意脚本代码。 3 在预览新闻源期间时阻断脚本存在错误,可能导致泄露所订阅新闻源的内容,或将用户订阅到任意的新闻源。 Oper...
Sina DLoader Class - ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download
source: https://www.securityfocus.com/bid/30223/info Sina DLoader is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. Attackers may exploit this issue to overwrite sensitive files with malicious data that will...
SuSE 10 Security Update : dhcp-server (ZYPP Patch Number 2437)
A bug was fixed were a LDAP server with malicious data providing information to the DHCP server could crash and potentially execute code as the DHCP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
GLSA-200708-11 : Lighttpd: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-11 Lighttpd: Multiple vulnerabilities Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP...
Lighttpd: Multiple vulnerabilities
Background Lighttpd is a lightweight HTTP web server. Description Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the modauth and modscgi modules, and th...
PHP Hash_Update_File释放资源访问代码执行漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP hashupdatefile存在设计错误,远程攻击者可能利用此漏洞获得对释放内存的访问并使用恶意数据覆盖而执行任意代码。 问题存在于GD函数中,在通过资源识别器获得资源数据后,可能用usercode来中断PHP函数,usercode就会会破坏资源,并获取与其内存相同位置来分配PHP字符串相同大小的空间作为释放资源。这个字符串可以用于建立特定构建的资源,以允许利用内部PHP函数,当恶意中断终止函数时,会继续使用替代资源数据。导致任意代码执行。 要获得需要的函数中断,通常需要放置对象到函数的某个参数中,这会在转化一个超长值时触发PHP错误。...
FreeBSD : weex -- remote format string vulnerability (d4c70df5-335d-11da-9c70-0040f42d58c6)
Emanuel Haupt reports : Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are...
cfengine format string vulnerability
Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...
USN-151-3: zlib vulnerabilities
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages...
USN-151-2: zlib vulnerabilities
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the "zlib1g" package; however, some packages contain copies of t...