305 matches found
Authorization
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...
CVE-2007-5825
CVE-2007-5825 is a format-string vulnerability in the mt-daapd Firefly Media Server (ws_addarg in webserver.c) that can be triggered via the Authorization: Basic header (base64 username/password) in XML-RPC requests, allowing remote code execution. The issue affects Firefly MT‑DAAPD up to version...
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...
mt-daapd -- denial of service vulnerability
US-CERT reports: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword...
Firefly Media Server <= 0.2.4 Remote Denial of Service Exploit
No description provided by source. !C:\python25\python25.exe """ Advisory : UPH-07-02 mt-dappd/Firefly media server remote DoS Discovered by nnp http://www.unprotectedhex.com """ import sys import socket import time if lensys.argv != 3: sys.exit-1...
uph0701.py.txt
!C:\python25\python25.exe """ Advisory : UPH-07-01 mt-dappd/Firefly media server remote DoS Discovered by nnp http://www.unprotectedhex.com """ import sys import socket import time if lensys.argv != 3: sys.exit-1 killmsg = """GET /xml-rpc?method=stats HTTP/1.1\r\n INVALIDLINE\r\n\r\n""" host =...
CVE-2007-0771
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service system hang related to "MT exec + utraceattach spin failure mode," as demonstrated by ptrace-thrash.c...
WordPress <= 2.1.2 - Cross Site Scripting
Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...
CVE-2007-0604
CVE-2007-0604 affects Movable Type (MT) before version 3.34, via the MTCommentPreviewIsStatic tag, enabling cross-site scripting (XSS) by remote attackers. The issue is described as a vulnerability distinct from CVE-2007-0231 and is documented across multiple sources (NVD and related records) wit...
FreeBSD : MT -- Search Unspecified XSS (350a5bd9-520b-11db-8f1a-000a48049292)
Secunia reports : Arai has reported a vulnerability in Movable Type and Movable Type Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks. Some unspecified input passed via the search functionality isn't properly sanitised before being returned to the use...
CVE-2006-3557
MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...
CVE-2006-3557
MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...
CVE-2006-3557
CVE-2006-3557 affects MT Orumcek Toplist 2.2, which stores DB/orumcektoplist.mdb under the web root with insufficient access control, enabling remote attackers to obtain sensitive information via a direct request. The cited CVSSv2 base score is 5.0 (Network, Low attack complexity, No authenticati...
MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download
Title : MT Цrьmcek Toplist v2.2 Version Microsoft Access Driver MDB Download - Site : http://www.Cyber-Warrior.org - Author : StorMBoY - Mail : [email protected] - Exploit : http://www.target.com/path/db/orumcektoplist.mdb - Code : Set baglanti = Server.CreateObject"ADODB.Connection"...
MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download
Title : MT rmcek Toplist v2.2 Version Microsoft Access Driver MDB Download - Site : http://www.Cyber-Warrior.org - Author : StorMBoY - Mail : [email protected] - Exploit : http://www.target.com/path/db/orumcektoplist.mdb - Code : Set baglanti = Server.CreateObject"ADODB.Connection" baglanti.Op...
Movable Type Initialization Script Disclosure Vulnerability - Active Check
mt-load.cgi is installed by the Movable Type Publishing Platform. SPDX-FileCopyrightText: 2004 Rich Walchuck Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2005-3104
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments...
Movable Type < 3.2 Multiple Vulnerabilities
The version of Movable Type installed on the remote host is affected by multiple vulnerabilities : - The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. CVE-2005-3101 -...
CVE-2005-0883
CVE-2005-0883 describes two reflected XSS vulnerabilities in DigitalHive 2.0's base.php: (1) mt parameter to membres.php and (2) -afs-1- query string to msg.php. Attackers can inject arbitrary web script/HTML via these inputs. The provided documents do not specify a patch or workaround within thi...