[Full-Disclosure] Disclosure of local file content in Mozilla Firefox and Opera

Disclosure of local file content in Mozilla Firefox and Opera Note: I don't know if it could be considered really a security problem, anyway i'll try to explain my ideas. Sorry for my bad english. Author: Giovanni Delvecchio Applications affected: - Firefox 1.0 - Mozilla 1.7 - Opera 7.54 maybe al...

Hydra: FTP

This plugin runs Hydra to find FTP accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Hydra: SMB

This plugin runs Hydra to find SMB accounts and passwords by brute force, using the smb2 module. To use this plugin, Hydra must be installed in the same machine as your scanner. To configure the a scan policy to use Hydra, go to 'Assessment Brute Force' and check the 'Always enable Hydra slow'...

CVE-2004-0243

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods...

TWiki 20030201 search.pm Remote Command Execution Exploit

Exploit for cgi platform in category web applications ========================================================= TWiki 20030201 search.pm Remote Command Execution Exploit ========================================================= !/usr/bin/perl "tweaky.pl" v. 1.0 beta 2 Proof of concept for TWiki...

Multiple XSS holes in TheFaceBook

Authors: Alex Lanstein, Ivo Parashkevov Date: November 12, 2004 Affected Software: TheFaceBook - All Versions Software URL: http://www.thefacebook.com TheFaceBook, a popular college networking social, not technological tool is vulnerable to many XSS holes in it's search and editing methods. In...

Potential Arbitrary File Access

Summary: A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. Patch Availability The patch for Samba 3.0.2a and earlier releases 3.0.x samba-3.0.2a-reducename.patch can be...

CVE-2002-0865

A certain class that supports XML Extensible Markup Language in Microsoft Virtual Machine VM 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Suppor...

Wireless Access Point (WAP) Detection (HTTP) (deprecated)

Binary data 1612.prm...

CVE-2004-0763

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method...

Distributed Network Protocol Version 3 (DNP3) Outstation Detection (SCADA)

Binary data 3553.prm...

IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities

Binary data 5077.prm...

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

Binary data 5076.prm...

KazaaClient Detection

Binary data 2062.prm...

CVE-2004-0652

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods...

goscript20.txt

GoScript Remote Command Execution Version verified: 2.0 Author: Pete Stein http://www.slack.net/pete/perl GoScript v2.0 allow remote commando execution as we can see below: http://www.server.com/go.cgi?|id| http://www.server.com/go.cgi?artarchive=|id| May be possible another methods of attack!...

GoScript Remote Command Execution

GoScript Remote Command Execution Version verified: 2.0 Author: Pete Stein http://www.slack.net/pete/perl GoScript v2.0 allow remote commando execution as we can see below: http://www.server.com/go.cgi?|id| http://www.server.com/go.cgi?artarchive=|id| May be possible another methods of attack!...

CVE-2004-0763

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method...

Fusion News Yet Another Unauthorized Account Addition Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP fusionphp.net Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Finder: r3d5pik...

Serena TeamTrack 6.1.1 - Remote Authentication Bypass

Serena TeamTrack 6.1.1 - Remote Authentication Bypass source: https://www.securityfocus.com/bid/10770/info It has been reported that Serena TeamTrack is affected by remote authentication bypass vulnerability. This issue is due to a design error that allows unauthenticated users to access sensitiv...