TWiki 20030201 search.pm Remote Command Execution Exploit

Exploit for cgi platform in category web applications ========================================================= TWiki 20030201 search.pm Remote Command Execution Exploit ========================================================= !/usr/bin/perl "tweaky.pl" v. 1.0 beta 2 Proof of concept for TWiki...

Multiple XSS holes in TheFaceBook

Authors: Alex Lanstein, Ivo Parashkevov Date: November 12, 2004 Affected Software: TheFaceBook - All Versions Software URL: http://www.thefacebook.com TheFaceBook, a popular college networking social, not technological tool is vulnerable to many XSS holes in it's search and editing methods. In...

Potential Arbitrary File Access

Summary: A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. Patch Availability The patch for Samba 3.0.2a and earlier releases 3.0.x samba-3.0.2a-reducename.patch can be...

CVE-2002-0865

A certain class that supports XML Extensible Markup Language in Microsoft Virtual Machine VM 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Suppor...

Wireless Access Point (WAP) Detection (HTTP) (deprecated)

Binary data 1612.prm...

CVE-2004-0763

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method...

Distributed Network Protocol Version 3 (DNP3) Outstation Detection (SCADA)

Binary data 3553.prm...

IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities

Binary data 5077.prm...

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

Binary data 5076.prm...

KazaaClient Detection

Binary data 2062.prm...

CVE-2004-0652

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods...

goscript20.txt

GoScript Remote Command Execution Version verified: 2.0 Author: Pete Stein http://www.slack.net/pete/perl GoScript v2.0 allow remote commando execution as we can see below: http://www.server.com/go.cgi?|id| http://www.server.com/go.cgi?artarchive=|id| May be possible another methods of attack!...

GoScript Remote Command Execution

GoScript Remote Command Execution Version verified: 2.0 Author: Pete Stein http://www.slack.net/pete/perl GoScript v2.0 allow remote commando execution as we can see below: http://www.server.com/go.cgi?|id| http://www.server.com/go.cgi?artarchive=|id| May be possible another methods of attack!...

CVE-2004-0763

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method...

Fusion News Yet Another Unauthorized Account Addition Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP fusionphp.net Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Finder: r3d5pik...

Serena TeamTrack 6.1.1 - Remote Authentication Bypass

Serena TeamTrack 6.1.1 - Remote Authentication Bypass source: https://www.securityfocus.com/bid/10770/info It has been reported that Serena TeamTrack is affected by remote authentication bypass vulnerability. This issue is due to a design error that allows unauthenticated users to access sensitiv...

Medal of Honor - Remote Buffer Overflow (PoC)

Medal of Honor - Remote Buffer Overflow PoC / by Luigi Auriemma / include include include ifdef WIN32 include include include include "winerr.h" define close closesocket else include include include include include endif define VER "0.1" define BUFFSZ 4096 define PORT 12203 define TIMEOUT 3 defin...

CVE-2004-0652

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods...

Authenticated Check : OS Name and Installed Package Enumeration

This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase if the SSH public key is protected by a passphrase. TRUSTED...

CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow

include include include include include include include include include include include include include include typedef unsigned char uchar; void progressvoid; int brutecvsrootvoid; int bruteusernamevoid; int brutepasswordvoid; void hdlcrashedint; void bsdexploitationvoid; void tryexploitvoid; vo...