3360 matches found
CVE-2002-1254
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."...
CVE-2002-1290
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the 1 ClipBoardGetText and 2 ClipBoardSetText methods of the INativeServices class...
CVE-2002-1254
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."...
CVE-2002-1254
The vulnerability (CVE-2002-1254) affects Internet Explorer 5.5 and 6.0. Affected component: cross-domain verification via cached methods/objects. Root cause: security model bypass that allows remote attackers to access information on the local system or in other domains, and potentially execute ...
TFTPD32 Directory Traversal Vulnerability
Advisory available at: http://www.securiteam.com/windowsntfocus/6D00D2061G.html TFTPD32 Directory Traversal Vulnerability -------------------------------------------- SUMMARY http://tftpd32.jounin.net TFTPD32 is a Freeware TFTP server for windows 9x/NT/XP. It provides an implementation of the...
CVE-2002-1290
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the 1 ClipBoardGetText and 2 ClipBoardSetText methods of the INativeServices class...
iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.01.02 Sendmail smrsh bypass vulnerabilities DESCRIPTION It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium’s Restricted Shell SMRSH and execute a binary of his choosing by inserti...
idefense.smrsh.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.01.02 Sendmail smrsh bypass vulnerabilities DESCRIPTION It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortiums Restricted Shell SMRSH and execute a binary of his choosing by inserti...
Microsoft Virtual Machine Multiple JDBC Vulnerabilities
Description Microsoft Virtual Machine contains three vulnerabilities that could allow a remote attacker to execute code on the vulnerable system. Successful exploitation could lead to a complete system compromise. The first vulnerability allows remote execution of DLLs. These would be executed in...
CVE-2002-0422
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system which may be obscured by NAT via 1 a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or 2 via the WRITE or...
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (2)
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 2 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...
Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response
CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Handling Original release date: June 26, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected OpenSSH versions 2.3.1p1 through 3.3 Overview There are two...
cqure.net.20020412.bordermanager_36_mv1.a
cqure.net Security Vulnerability Report No: cqure.net.20020412.bordermanager36mv1.a ============================================== Vulnerability Summary --------------------- Problem: Multiple vulnerabilities identified in Novell Border Manager 3.6. During our brief look at Novell Border Manager...
JSP pages source code access
There are multiple ways to get a source code of JSP pages...
xNewsletter 1.0 - Form Field Input Validation
source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. xNewsletter does not sanitize dangerous characters fro...
IIS Unicode Strings
Some of unicodes ... collected by cd http://bastardo.de/ apache ; /MSADC/root.exe?/c+dir /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir...
HTTP NIDS Evasion
This plugin configures Nessus for NIDS evasion see the 'Prefs' panel. NIDS evasion options are useful if you want to determine the quality of the expensive NIDS you just bought. HTTP evasion techniques : - HEAD: use HEAD method instead of GET - URL encoding: - Hex: change characters to %XX - MS...
Xerver-2.10-File-Disclousure&DoS-attack
------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez...
Xerver-2.10.txt
------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez Thanks all...
Microsoft IIS 4.05.05.1 - Authentication Method Disclosure
Microsoft IIS 4.05.05.1 - Authentication Method Disclosure source: https://www.securityfocus.com/bid/4235/info Microsoft IIS supports Basic and NTLM authentication. Reportedly, the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of...