CVE-2008-5160

CVE-2008-5160 targets MyServer 0.8.11, described as an unspecified remote DoS that crashes the daemon via multiple invalid HTTP requests (GET/DELETE/OPTIONS and possibly others) related to a “204 No Content error.” OpenVAS entries corroborate a MyServer remote DoS vulnerability, with references t...

Osmotic pre-Flash to get shell shortcut/Ewebeditor/ASP/ASPX/PHP the version of vulnerability-vulnerability warning-the black bar safety net

Recent thinking from the new writing blog, I always take someone else's stuff posted Today in the blog on yourself to write something, nothing technical content, even if a summary. Hope the newbies some help, the cattle people to the table to laugh at me, huh? ewebeditor, believe play the Black...

Autodesk LiveUpdate ActiveX Control Code Execution (CVE-2008-4471; CVE-2008-4472)

Autodesk provides several software products for professional designing of buildings and other infrastructure. A code execution vulnerability has been reported in Autodesk LiveUpdate ActiveX control within multiple products. The vulnerability is due to an error in the Autodesk LiveUpdate ActiveX...

CVE-2008-4924

Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control BARCODELib.MW6Barcode, Barcode.dll 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the 1 SaveAsBMP and 2 SaveAsWMF methods...

CVE-2008-4924

Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control BARCODELib.MW6Barcode, Barcode.dll 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the 1 SaveAsBMP and 2 SaveAsWMF methods...

MW6 Barcode ActiveX (Barcode.dll) Insecure Method Exploit

No description provided by source. !-- By Dr.Pantagon DeltaSecurityCenter www.DeltaSecurity.ir Description : 1D Barcode ActiveX ver : 3.0.0.1 CopyRight : MW6 Technologies, Inc. Download Link : http://www.mw6tech.com/barcode/try/MW6Barcode.zip This was written for educational purpose. Use it at...

mw6aztec-insecure.txt

Test Exploit page targetFile = "C:\WINDOWS\system32\Aztec.dll" prototype = "Sub SaveAsBMP ByVal FileName As String " memberName = "SaveAsBMP" progid = "AZTECLib.MW6Aztec" argCount = 1 arg1="c:\windows\system.ini" target.SaveAsBMP arg1 'target.SaveAsWMF arg1...

Microsoft Internet Explorer address bar spoofing

There are few methods of address bar spoofing...

ruby: multiple insufficient safe mode restrictions

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

ruby: multiple insufficient safe mode restrictions

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

ruby: multiple insufficient safe mode restrictions

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

Autodesk DWF Viewer ActiveX multiple security vulnerabilities

Insecure methods allow to save and execute files...

Make XWork ParametersInterceptor safe from parameter injection attacks

The XWork ParametersInterceptor is a security nightmare as it gives user input submitted form parameters unfettered access to getter/setter methods on action objects. In addition, the interceptor has been shown in the past to be vulnerable to Unicode attacks. Rather than fight a constant and ofte...

Microsoft Windows Media Encoder ActiveX code execution

Control supports unsafe methods...

Ruby multiple insufficient safe mode restrictions

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

ruby -- multiple vulnerabilities in safe level

The official ruby site reports: Several vulnerabilities in safe level have been discovereds:. untracevar is permitted at safe level 4; $PROGRAMNAME may be modified at safe level 4; insecure methods may be called at safe level 1-3; syslog operations are permitted at safe level 4; dl doesn't check...

GreenCart PHP Shopping Cart (id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== GreenCart PHP Shopping Cart id Remote SQL Injection Vulnerability =================================================================== || | | GreenCart PHP Shopping Cart id...

GreenCart PHP Shopping Cart - id SQL Injection

GreenCart PHP Shopping Cart - id SQL Injection || | | GreenCart PHP Shopping Cart id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...

plugin Rss Remote File Inclusion Vulnerability

plugin Rss Remote File Inclusion Vulnerability Ghost Hacker, http://gh0st10.wordpress.com |, .-. .-. ,| | o/ o | R-H team |/ / | Found by : Ghost Hacker HomePage : real-hack.net Email : [email protected] Name Script : plugin Rss Download Script :...

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...