Lucene search
K

500 matches found

Packet Storm
Packet Storm
added 2006/07/26 12:0 a.m.29 views

sipXtapi.txt

!/usr/bin/perl Remote Buffer Overflow in sipXtapi bad char 0x00 0x09 0x0a 0x0d 0x20 use IO::Socket; use strict; print "\n\n"; print "sipXtapi original Exploit by Michael Thumann added a real shellcode by acaro\n\n"; print "tested on sipXphone 2.6.0.27 read the code for ret address\n\n"; if not...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/07/04 12:0 a.m.25 views

Multiple vulnerabilities in TK8 Safe v.3.0.5

Multiple vulnerabilities in TK8 Safe v.3.0.5 July 3, 2006 ---- Summary: TK8 Safe www.tk8.com is a password management application, which stores authentication details and other sensitive data in encrypted local folders. A number of issues have been discovered in version 3.0.5 of the application...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2006/04/12 12:0 a.m.31 views

[SA19638] Sun Solaris LDAP2 Client Commands Security Issue

TITLE: Sun Solaris LDAP2 Client Commands Security Issue SECUNIA ADVISORY ID: SA19638 VERIFY ADVISORY: http://secunia.com/advisories/19638/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Sun Solaris 8 http://secunia.com/product/94/ Sun Solar...

7.4AI score
Exploits0
Prion
Prion
added 2006/02/23 11:2 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...

4.3CVSS6.1AI score0.01384EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2006/02/23 11:2 p.m.12 views

Design/Logic Flaw

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...

5CVSS7.1AI score0.01582EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2006/02/23 11:0 p.m.40 views

CVE-2006-0859

CVE-2006-0859 affects Michael Salzer Guestbox 0.6 and earlier versions up to 0.7/0.8 pre-release? It describes a vulnerability where remote attackers can post an admin comment to a guestbook entry via a modified form, possibly related to the nummer parameter. The connected sources corroborate the...

5CVSS6.8AI score0.01491EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/02/23 11:0 p.m.37 views

CVE-2006-0860

CVE-2006-0860 affects Michael Salzer Guestbox 0.6 and other versions before 0.8, where multiple XSS vulnerabilities exist. The underlying issue is that HTML tags following a "http://" string bypass a regex check, enabling remote injection of script/HTML; other attack vectors are also noted. No pu...

4.3CVSS5.8AI score0.01384EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2006/02/23 11:0 p.m.38 views

CVE-2006-0861

The CVE-2006-0861 entry concerns Michael Salzer Guestbox 0.6 and earlier than 0.8, where a direct request to /gb/gblog can disclose the source IP addresses of guestbook entries. The NVD summary notes a network-accessible issue with low attack complexity and no authentication, yielding partial con...

5CVSS6.6AI score0.01582EPSS
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2006/02/22 12:0 a.m.41 views

[SA18963] Mac OS X "__MACOSX" ZIP Archive Shell Script Execution

TITLE: Mac OS X "MACOSX" ZIP Archive Shell Script Execution SECUNIA ADVISORY ID: SA18963 VERIFY ADVISORY: http://secunia.com/advisories/18963/ CRITICAL: Extremely critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION:...

6.7AI score
Exploits0
CVE
CVE
added 2005/12/17 11:0 a.m.36 views

CVE-2005-4327

CVE-2005-4327 describes multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04. The issue allows remote attackers to inject arbitrary scripting/HTML via (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entrie...

4.3CVSS6.1AI score0.01744EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/08/02 12:0 a.m.28 views

[SA16291] jabberd "jid.c" Buffer Overflow Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

1.3AI score
Exploits0
0day.today
0day.today
added 2005/07/13 12:0 a.m.26 views

Mozilla Firefox <= 1.0.4 "Set As Wallpaper" Code Execution Exploit

Exploit for unknown platform in category remote exploits ================================================================== Mozilla Firefox Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image go...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.25 views

FreeBSD : mozilla -- arbitrary code execution vulnerability (cbfde1cd-87eb-11d9-aa18-0001020eed82)

A Mozilla Foundation Security Advisory reports : Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's 'Fireflashing' example demonstrates that an attacker can op...

5.1CVSS6.2AI score0.07322EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2005/07/13 12:0 a.m.64 views

Mozilla Firefox 1.0.4 - &#039;Set As Wallpaper&#039; Code Execution

// Exploit by Michael Krax Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image got loaded window.setTimeout"window.stop",1000; Firewalling - Proof-of-Concept The "Set As Wallpaper" dialog takes...

7AI score
Exploits0
Mozilla
Mozilla
added 2005/05/11 12:0 a.m.17 views

"Wrapped" javascript: urls bypass security checks — Mozilla

Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...

7.8AI score
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2005/04/01 12:0 a.m.18 views

Mandrake Linux Security Advisory : htdig (MDKSA-2005:063)

A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security...

6.8CVSS5AI score0.02273EPSS
Exploits0References1
securityvulns
securityvulns
added 2005/02/22 12:0 a.m.29 views

[SA14367] Verity Ultraseek Search Request Cross-Site Scripting

TITLE: Verity Ultraseek Search Request Cross-Site Scripting SECUNIA ADVISORY ID: SA14367 VERIFY ADVISORY: http://secunia.com/advisories/14367/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Verity Ultraseek 5.x http://secunia.com/product/3457/ DESCRIPTION: Micha...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/01/06 12:0 a.m.29 views

[SA13701] Bugzilla Internal Error Response Cross-Site Scripting

TITLE: Bugzilla Internal Error Response Cross-Site Scripting SECUNIA ADVISORY ID: SA13701 VERIFY ADVISORY: http://secunia.com/advisories/13701/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Bugzilla 2.x http://secunia.com/product/396/ DESCRIPTION: Michael Krax...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2001/03/09 12:0 a.m.18 views

Michael Lamont Savant Web Server 3.0 - Denial of Service

Michael Lamont Savant Web Server 3.0 - Denial of Service source: https://www.securityfocus.com/bid/2468/info A denial of service condition exists in Michael Lamont Savant web server. Requesting a specially crafted URL composed of '%' characters could cause the server to stop responding...

Exploits0
Exploit DB
Exploit DB
added 2001/03/09 12:0 a.m.24 views

Michael Lamont Savant Web Server 3.0 - Denial of Service

source: https://www.securityfocus.com/bid/2468/info A denial of service condition exists in Michael Lamont Savant web server. Requesting a specially crafted URL composed of '%' characters could cause the server to stop responding. www.target/%%%...

7.4AI score
Exploits0
Rows per page
Query Builder