MTN Group: Information Disclosure Microsoft IIS Server service.cnf in a mtn website

Hi there i found a information disclosure Microsoft IIS Server service.cnf file in the website https://www.mtn.co.za/ using firefox. In the following steps i will demonstrate how to reproduce the vulnerability. POC: 1ºGo to the following url: https://www.mtn.co.za/vtipvt/service.cnf you will see:...

Exploit for Use After Free in Microsoft

CVE-2019-0708 - BlueKeep RDP RDP Connection Sequence:...

Microsoft MSDN - Cross Site Request Forgery Vulnerability

Document Title: =============== Microsoft MSDN - Cross Site Request Forgery Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2125 View Video: https://www.youtube.com/watch?v=xgKYZ4u-6lc Release Date: ============= 2018-06-11 Vulnerability Laboratory ID...

Microsoft MSDN - Cross Site Request Forgery Vulnerability

Document Title: =============== Microsoft MSDN - Cross Site Request Forgery Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2125 View Video: https://www.youtube.com/watch?v=xgKYZ4u-6lc Release Date: ============= 2018-06-10 Vulnerability Laboratory ID...

NetServe FTP Client 1.0 - Local Denial of Service

NetServe FTP Client 1.0 - Local Denial of Service Exploit Title: NetServe FTP Client 1.0 DOS Overflow. Date: 8/12/2015 Exploit Author: UnN0n Software Link: http://netserve-ftp-client.en.softonic.com/ Version: Version 1.0.0 Tested on: Windows 7 x6464 BIT Steps to Produce the Crash: 1- Open up...

HTML Help Workshop 1.4 - (SEH) Buffer Overflow

HTML Help Workshop version 1.4 SEH buffer overflow exploit. ---------------------------------------------------------------------------------------------------- Exploit Title: HTML Help Workshop - SEH Buffer Overflow Date: August 24 2014 Exploit Author: Moroccan Kingdom MKD Software Link:...

Microsoft MSDN Flash Cross Site Scripting

Title: ====== Microsoft MSDN - Persistent Web Service Vulnerability Date: ===== 2012-04-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=450 MSRC ID1: 12152 MSRC ID2: 12228 VL-ID: ===== 450 Introduction: ============= The Microsoft Developer Network MSDN is the portio...

Microsoft MSDN - Persistent Web Service Vulnerability

Document Title: =============== Microsoft MSDN - Persistent Web Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=450 MSRC ID1: 12152 MSRC ID2: 12228 Release Date: ============= 2012-04-07 Vulnerability Laboratory ID VL-ID:...

Microsoft MSDN - Persistent Web Service Vulnerability

Document Title: =============== Microsoft MSDN - Persistent Web Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=450 MSRC ID1: 12152 MSRC ID2: 12228 Release Date: ============= 2012-04-07 Vulnerability Laboratory ID VL-ID:...

Microsoft BlueHat Security contest - Mega Prize $250,000

Microsoft BlueHat Security contest - Mega Prize $250,000 Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's "BlueHat Prize" contest easily dwarfs any bug bounty...

webMathematica XSS Vulnerability

No description provided by source. In some installations, the MSP script of webMathematica is vulnerable to reflected XSS. Just insert a backslash after the script name MSP, which is normally located under the "webMathematica" folder: http://www.example.com/webMathematica/MSP\scriptalert'a'/scrip...

webMathematica Cross Site Scripting

Hi list I tried to follow the RainForest Puppy Policy, but Wolfram didn't respond to my email within 5 days. In some installations, the MSP script of webMathematica is vulnerable to reflected XSS. Just insert a backslash after the script name MSP, which is normally located under the...

Microsoft VFP_OLE_Server ActiveX控件远程命令执行漏洞

Microsoft Visual FoxPro是一款数据库管理和应用软件开发系统。 Microsoft VFPOLEServer ActiveX控件存在设计问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意命令。 问题是Microsoft VFPOLEServer控件不安全使用"foxcommand"函数，直接传递运行应用程序作为参数，可导致应用程序权限执行。 Microsoft VFPOLEServer ActiveX Control 0 + Microsoft Internet Explorer 6.0 + Microsoft Internet Explorer 5.5 SP2 ...

msxss2.txt

Hello, for what it's worth.. http://forums.microsoft.com/MSDN/Search/Search.aspx?words=ms&localechoice=9&SiteID=1&searchscope='%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E&ForumID=45 Greets, Thomas...

MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit

No description provided by source. / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof PoC File:...

Microsoft IIS 5.0 - 500-100.asp Server Name Spoof

Microsoft IIS 5.0 - 500-100.asp Server Name Spoof / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof P...