Lucene search
K

305 matches found

Prion
Prion
added 2007/11/05 7:46 p.m.17 views

Authorization

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

7.1CVSS6.7AI score0.05592EPSS
Exploits0References13Affected Software1
NVD
NVD
added 2007/11/05 7:46 p.m.15 views

CVE-2007-5824

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

7.1CVSS6.4AI score0.05592EPSS
Exploits0References13
CVE
CVE
added 2007/11/05 7:0 p.m.56 views

CVE-2007-5825

CVE-2007-5825 is a format-string vulnerability in the mt-daapd Firefly Media Server (ws_addarg in webserver.c) that can be triggered via the Authorization: Basic header (base64 username/password) in XML-RPC requests, allowing remote code execution. The issue affects Firefly MT‑DAAPD up to version...

7.5CVSS7.4AI score0.03723EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2007/11/05 7:0 p.m.35 views

CVE-2007-5824

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

6.3AI score0.05592EPSS
Exploits0References13
FreeBSD
FreeBSD
added 2007/11/05 12:0 a.m.28 views

mt-daapd -- denial of service vulnerability

US-CERT reports: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword...

7.1CVSS6.3AI score0.05592EPSS
Exploits0
seebug.org
seebug.org
added 2007/11/03 12:0 a.m.30 views

Firefly Media Server <= 0.2.4 Remote Denial of Service Exploit

No description provided by source. !C:\python25\python25.exe """ Advisory : UPH-07-02 mt-dappd/Firefly media server remote DoS Discovered by nnp http://www.unprotectedhex.com """ import sys import socket import time if lensys.argv != 3: sys.exit-1...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/11/02 12:0 a.m.22 views

uph0701.py.txt

!C:\python25\python25.exe """ Advisory : UPH-07-01 mt-dappd/Firefly media server remote DoS Discovered by nnp http://www.unprotectedhex.com """ import sys import socket import time if lensys.argv != 3: sys.exit-1 killmsg = """GET /xml-rpc?method=stats HTTP/1.1\r\n INVALIDLINE\r\n\r\n""" host =...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/05/02 10:19 p.m.32 views

CVE-2007-0771

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service system hang related to "MT exec + utraceattach spin failure mode," as demonstrated by ptrace-thrash.c...

4.9CVSS5.9AI score0.0038EPSS
Exploits0References1
Patchstack
Patchstack
added 2007/03/28 12:0 a.m.21 views

WordPress <= 2.1.2 - Cross Site Scripting

Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...

3.5CVSS2.3AI score0.01539EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2007/01/30 6:0 p.m.66 views

CVE-2007-0604

CVE-2007-0604 affects Movable Type (MT) before version 3.34, via the MTCommentPreviewIsStatic tag, enabling cross-site scripting (XSS) by remote attackers. The issue is described as a vulnerability distinct from CVE-2007-0231 and is documented across multiple sources (NVD and related records) wit...

6.8CVSS5.5AI score0.01035EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/10/05 12:0 a.m.19 views

FreeBSD : MT -- Search Unspecified XSS (350a5bd9-520b-11db-8f1a-000a48049292)

Secunia reports : Arai has reported a vulnerability in Movable Type and Movable Type Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks. Some unspecified input passed via the search functionality isn't properly sanitised before being returned to the use...

4.3CVSS5.9AI score0.01313EPSS
Exploits0References3
NVD
NVD
added 2006/07/13 12:5 a.m.12 views

CVE-2006-3557

MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...

5CVSS6.2AI score0.01162EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/07/13 12:0 a.m.18 views

CVE-2006-3557

MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...

6.2AI score0.01162EPSS
Exploits0References2
CVE
CVE
added 2006/07/13 12:0 a.m.41 views

CVE-2006-3557

CVE-2006-3557 affects MT Orumcek Toplist 2.2, which stores DB/orumcektoplist.mdb under the web root with insufficient access control, enabling remote attackers to obtain sensitive information via a direct request. The cited CVSSv2 base score is 5.0 (Network, Low attack complexity, No authenticati...

5CVSS6.6AI score0.01162EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/07/11 12:0 a.m.41 views

MT rmcek Toplist v2.2 Version Microsoft Access Driver &#40; MDB &#41; Download

Title : MT Цrьmcek Toplist v2.2 Version Microsoft Access Driver MDB Download - Site : http://www.Cyber-Warrior.org - Author : StorMBoY - Mail : [email protected] - Exploit : http://www.target.com/path/db/orumcektoplist.mdb - Code : Set baglanti = Server.CreateObject"ADODB.Connection"...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2006/07/09 12:0 a.m.36 views

MT &#214;r&#252;mcek Toplist v2.2 Version Microsoft Access Driver &#40; MDB &#41; Download

Title : MT rmcek Toplist v2.2 Version Microsoft Access Driver MDB Download - Site : http://www.Cyber-Warrior.org - Author : StorMBoY - Mail : [email protected] - Exploit : http://www.target.com/path/db/orumcektoplist.mdb - Code : Set baglanti = Server.CreateObject"ADODB.Connection" baglanti.Op...

1.7AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.15 views

Movable Type Initialization Script Disclosure Vulnerability - Active Check

mt-load.cgi is installed by the Movable Type Publishing Platform. SPDX-FileCopyrightText: 2004 Rich Walchuck Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.3AI score
Exploits0
NVD
NVD
added 2005/09/28 11:3 p.m.12 views

CVE-2005-3104

mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments...

2.6CVSS6.5AI score0.00992EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/09/23 12:0 a.m.32 views

Movable Type < 3.2 Multiple Vulnerabilities

The version of Movable Type installed on the remote host is affected by multiple vulnerabilities : - The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. CVE-2005-3101 -...

5CVSS5.8AI score0.01375EPSS
Exploits0References5
CVE
CVE
added 2005/03/26 5:0 a.m.49 views

CVE-2005-0883

CVE-2005-0883 describes two reflected XSS vulnerabilities in DigitalHive 2.0's base.php: (1) mt parameter to membres.php and (2) -afs-1- query string to msg.php. Attackers can inject arbitrary web script/HTML via these inputs. The provided documents do not specify a patch or workaround within thi...

4.3CVSS6.1AI score0.01784EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder