Medal of Honor - Remote Buffer Overflow (PoC)

Medal of Honor - Remote Buffer Overflow PoC / by Luigi Auriemma / include include include ifdef WIN32 include include include include "winerr.h" define close closesocket else include include include include include endif define VER "0.1" define BUFFSZ 4096 define PORT 12203 define TIMEOUT 3 defin...

CVE-2004-0652

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods...

Authenticated Check : OS Name and Installed Package Enumeration

This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase if the SSH public key is protected by a passphrase. TRUSTED...

CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow

include include include include include include include include include include include include include include typedef unsigned char uchar; void progressvoid; int brutecvsrootvoid; int bruteusernamevoid; int brutepasswordvoid; void hdlcrashedint; void bsdexploitationvoid; void tryexploitvoid; vo...

IBM ACPRunner 1.2.5 - ActiveX Control Dangerous Method

IBM ACPRunner 1.2.5 - ActiveX Control Dangerous Method source: https://www.securityfocus.com/bid/10561/info It is reported that the IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods...

IBM EGatherer 2.0 - ActiveX Control Dangerous Method

IBM EGatherer 2.0 - ActiveX Control Dangerous Method source: https://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods ma...

Simple Machines Forum (SMF) 1.0 - Size Tag HTML Injection

Simple Machines Forum SMF 1.0 - Size Tag HTML Injection source: https://www.securityfocus.com/bid/10281/info It has been reported that Simple Machines Forum SMF may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser...

Advanced Guestbook 2.2 - 'Password' SQL Injection

source: https://www.securityfocus.com/bid/10209/info It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application. This issue is reported to exist in Advanced Guestbook 2.2, however, it is...

BEA WebLogic Server internal methods may disclose sensitive information

Overview There is a vulnerability in BEA WebLogic Server that could allow users to obtain the credentials of the user who booted the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

CVE-2004-0243

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods...

GoAhead Web Server 2.1.x - Directory Management Policy Bypass

GoAhead Web Server 2.1.x - Directory Management Policy Bypass source: https://www.securityfocus.com/bid/9450/info GoAhead WebServer is prone to a vulnerability that may permit remote attackers to bypass directory management policy. It is reported that certain syntax may be used in HTTP GET reques...

CVE-2003-0249

PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache...

PT-2003-1462 · Apache +1 · Apache Httpd +1

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Apache httpd 2.0 Description: The issue allows attackers to bypass intended access restrictions if PHP is running on a server that passes on all methods. This is because PHP treats unknown methods, such as...

MS03-050: Word and/or Excel may allow arbitrary code to run (831527)

The remote host is running a version of Microsoft Word and/or Microsoft Excel that are subject to a flaw that could allow arbitrary code to be run. An attacker could use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue Word or Excel file to the owne...

Re: Internet Explorer and Opera local zone restriction bypass

There was not a lot of details in your post, so I will try to verify and clarify your findings. First things first, this is not a problem with Microsofts Internet Explorer, but with Macromedia and their Flash player. I could reproduce this issue successfully with a fresh install of the latest Fla...

Microsoft IIS Authentication Method Enumeration

The remote host appears to be running a version of IIS which allows remote users to determine which authentication schemes are required for confidential web pages. That is, by requesting valid web pages with purposely invalid credentials, you can ascertain whether or not the authentication scheme...

PT-2003-1880 · Mozilla · Mozilla Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla versions 1.4 and earlier Description: The issue allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. This is related to the...

FreeBSD-SA-03:15.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:15.openssh Security Advisory The FreeBSD Project Topic: OpenSSH PAM challenge/authentication error Category: core Module: openssh Announced: 2003-10-05 Credits...

ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)

/ proftpd 1.2.7/1.2.9rc2 remote root exploit by bkbll bkbllcnhonker.net, 2003/10/1 for FTPProFTPDTranslateOverflow found by X-force happy birthday, China. this code is dirty, there are more beautiful exploits of proftpd for this vuln in the world. this code want to provied u a method, not finally...

Pine <= 4.56 Remote Buffer Overflow Exploit

No description provided by source. / Mon Sep 15 09:35:01 CEST 2003 remote? Pine = 4.56 exploit by sorbo sorbox yahoo com darkirco Ok won't talk much about the bug since as usual idefense advisories are proper advisories and explain everything... exploiting the bug is trivial after reading the adv...