3350 matches found
Microsoft Virtual Machine Multiple JDBC Vulnerabilities
Description Microsoft Virtual Machine contains three vulnerabilities that could allow a remote attacker to execute code on the vulnerable system. Successful exploitation could lead to a complete system compromise. The first vulnerability allows remote execution of DLLs. These would be executed in...
CVE-2002-0422
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system which may be obscured by NAT via 1 a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or 2 via the WRITE or...
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (2)
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 2 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...
Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response
CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Handling Original release date: June 26, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected OpenSSH versions 2.3.1p1 through 3.3 Overview There are two...
cqure.net.20020412.bordermanager_36_mv1.a
cqure.net Security Vulnerability Report No: cqure.net.20020412.bordermanager36mv1.a ============================================== Vulnerability Summary --------------------- Problem: Multiple vulnerabilities identified in Novell Border Manager 3.6. During our brief look at Novell Border Manager...
JSP pages source code access
There are multiple ways to get a source code of JSP pages...
xNewsletter 1.0 - Form Field Input Validation
source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. xNewsletter does not sanitize dangerous characters fro...
IIS Unicode Strings
Some of unicodes ... collected by cd http://bastardo.de/ apache ; /MSADC/root.exe?/c+dir /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir...
HTTP NIDS Evasion
This plugin configures Nessus for NIDS evasion see the 'Prefs' panel. NIDS evasion options are useful if you want to determine the quality of the expensive NIDS you just bought. HTTP evasion techniques : - HEAD: use HEAD method instead of GET - URL encoding: - Hex: change characters to %XX - MS...
Xerver-2.10-File-Disclousure&DoS-attack
------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez...
Xerver-2.10.txt
------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez Thanks all...
Microsoft IIS 4.05.05.1 - Authentication Method Disclosure
Microsoft IIS 4.05.05.1 - Authentication Method Disclosure source: https://www.securityfocus.com/bid/4235/info Microsoft IIS supports Basic and NTLM authentication. Reportedly, the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of...
Login configurations
This plugin provides the username and password credentials for common servers, such as HTTP, FTP, NNTP, POP2, POP3, IMAP, IPMI, and SMB NetBios. Some plugins will use those credentials when needed. If you do not provide the credentials, those plugins will not be able to run. Note that this plugin...
Security Bulletin MS02-010
---------------------------------------------------------------------- Title: Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise Date: 21 February 2002 Software: Commerce Server 2000 Impact: Run code of attacker's choice. Max Risk: Critical Bulletin: MS02-010 Microsoft...
Дырка в zope :)
Класс DocumentTemplate содержит методы, которые позволяют изменить характеристики класса удаленно через DTML без авторизации. Кроме того проблеммы с классом ZClasses. Часть небезопасных методов могут быть вызваны ограниченным пользователем...
Обход защиты от javascript в mailsweeper (protection bypass)
Несколько вариантов вставить javascript в письмо...
Атака через web-формы (HTML Form Protocol Attack)
Содержимое формы может быть передано в любой порт эмулируя работу какого-либо протокола...
Advisory for Netcruiser
Advisory for NetCruiser 0.1.2.8 Netcruiser is made by Netcuiser Software Site: http://www.netcruiser-software.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0110 /-|=explanation=|- Netcruiser is a webserver. It has a simple path revealance bug. /-|=who is...
Savant 3.0 Denial Of Service
Not exactly sure what the problem is because it will handle the same request from a program that does the same thing. "Time is a factor" so pay attention man ;P Connect to the server using telnet or somthing and type in the following: GET / HTTP/1.1 Host:AAAAAAAAAAAAAAAAAAAA..... Where A x 260, h...
Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service (MS00-070)
Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service MS00-070 source: https://www.securityfocus.com/bid/1743/info LPC Local Procedure Call is a message-passing service that allows threads and processes to communicate with each other on a local machine as opposed to RPC Remote Procedur...