229 matches found
Re: The Weakness of Windows Impersonation Model
Hi Brian, I wrote a paper on this subject last year, "Snagging Security Tokens to Elevate Privileges" http://www.databasesecurity.com/dbsec-briefs.htm after Tim Mullen and thrashed out a few details at Blackhat last year over a few White Russians. The paper discusses the problem in the context of...
Lyris ListManager MSDE Weak sa Password
The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager on the remote host was installed using Microsoft SQL Server Desktop Engine MSDE for its database backend along with a weak password for the 'sa'...
phpbb2.0.19 fixes security issues
re: http://www.phpbb.com/phpBB/viewtopic.php?t=352966 Sec fixed XSS issue only valid for Internet Explorer within the url bbcode Sec fixed XSS issue only valid for Internet Explorer if html tags are allowed and enabled Sec added configurable maximum login attempts to prevent dictionary attacks...
BrightStor ARCserve Backup agent for MS-SQL buffer overflow
Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...
BrightStor ARCserve Backup agent for MS-SQL buffer overflow
Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...
BrightStor ARCserve Backup agent for MS-SQL buffer overflow
Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...
BrightStor ARCserve Backup agent for MS-SQL buffer overflow
Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...
IISWorks ASP KnowledgeBase 2.x XSS vuln.
IISWorks ASP KnowledgeBase 2.x XSS vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/iisworks-asp-knowledgebase-2x-xss-vuln.html vendor:http://www.iisworks.com/aspkb/ affected version:2.x and prior Product Description: 100 ASP based Knowledge ba...
phpBB Blog 2.2.2 SQL inj. vuln.
phpBB Blog 2.2.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html vendor:http://www.outshine.com/phpbbblog/ affected version:2.2.2 and prior Product Description: This is a blog system for phpBB. It...
CactuShop XSS and SQL injection flaws
The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...
CA BrightStor MS-SQL Server ARCserve Backup Agent Buffer Overflow (CAN-2005-1272)
...
Echo Security Advisory 2005.21
--------------------------------------------------------------------------- ECHOADV21$2005 MUltiple Vulnarable In ActiveBuyAndSell --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 24th 2005 Location: Indonesia, Jakarta Web:...
phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code)
No description provided by source. / -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower...
phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code)
Exploit for unknown platform in category web applications ================================================================== phpBB = 2.0.15 Register Multiple Users Denial of Service c code ================================================================== /...
php2014.txt
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...
Multiple Vulnerabilities in MetaCart e-Shop
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV13$2005 --------------------------------------------------------------------------- Multiple Vulnerabilities in MetaCart e-Shop --------------------------------------------------------------------------- Author: Dedi Dwianto Date: May, 16t...
MS-SQL Monitor Protocol (CVE-2002-0649; CVE-2002-0650)
...
MS-SQL Server Protocol - General Settings (CAN-2000-1209; CVE-2002-1123)
...
Hydra: MS SQL
This plugin runs Hydra to find MS SQL passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
MS SQL Server 7 buffer overflow
No description provided...