Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass

The version of Microsoft Commerce Server 2002 installed on the remote host may enable an attacker to bypass authentication if the sample files from the 'AuthFiles' folder are installed under the web server's document root. Note that successful exploitation of this issue requires knowledge of the...

Immunity Canvas: HORDE_EVAL

Name| hordeeval ---|--- CVE| CVE-2006-1491 Exploit Pack| CANVAS Description| Horde Eval Notes| CVE Name: CVE-2006-1491 VENDOR: Horde.org Notes: Try using nc -e /bin/sh as your command and having a nc -vlp Repeatability: Infinite CVE Url: https://vulners.com/cve/CVE-2006-1491 CVSS: 7.5...

[SA19308] BEA WebLogic Portal JSR-168 Portlets Rendering Security Issue

TITLE: BEA WebLogic Portal JSR-168 Portlets Rendering Security Issue SECUNIA ADVISORY ID: SA19308 VERIFY ADVISORY: http://secunia.com/advisories/19308/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: BEA WebLogic Portal 8.x...

Immunity Canvas: VSPLOIT_MERCURIMAP

Name| vsploitmercurimap ---|--- CVE| CVE-2006-1255 Exploit Pack| CANVAS Description| Mercur Imap 5.0 Remote Buffer Overflow Notes| CVE Name: CVE-2006-1255 VENDOR: Mercur Repeatability: One time Date public: 03/16/2006 CVE Url: https://vulners.com/cve/CVE-2006-1255 CVSS: 10.0...

Microsoft Commerce Server 2002: Logon as known user with a false password

Microsoft Commerce Server 2002: Logon as known user with a false password Vulnerable: Microsoft Windows Server 2000/2003 + Internet Information Server 5/6 + Commerce Server 2002 Discussion: Microsoft Commerce Server is used by company's who want to give customers the opportunity to change there o...

Microsoft Commerce Server authentication bypass

It's possible to login with known username without password. Fixed with Service Pack 2...

Microsoft Windows - Telephony Service Command Execution (MS05-040)

// by Cesar Cerrudo - Argeniss - www.argeniss.com // // TAPI Vulnerability- MS05-040 // // Should work on Win2k sp0,sp1,sp2,sp3,sp4 any language // If Telephony Service is not running you can start it by net start "Telephony Service" include "windows.h" include "stdio.h" include "tapi.h" typedef...

Microsoft Security Bulletin MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

Microsoft Security Bulletin MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution 911564 Published: February 14, 2006 Version: 1.0 Summary Who should read this document: Customers who use a Microsoft Windows Media Player...

CVE-2006-0634

Borland C++Builder 6 BCB6 with Update Pack 4 Enterprise edition entupd4 evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...

Integer overflow

Borland C++Builder 6 BCB6 with Update Pack 4 Enterprise edition entupd4 evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...

CVE-2006-0634

Borland C++Builder 6 BCB6 with Update Pack 4 Enterprise edition entupd4 evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...

CVE-2006-0634

CVE-2006-0634 — The provided materials identify Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise (ent_upd4) as affected. The root cause described is that evaluating the expression i > sizeof(int) yields false when i equals -1, which could introduce integer overflow vulnerabilities in ...

Microsoft Windows privilege escalation vulnerability

Overview Microsoft Windows access controls may be improperly configured potentially allowing a local attacker to gain elevated privileges on a vulnerable system. Description Microsoft Windows provides numerous, fine grained permissions and privileges to control access to Windows components, such ...

Immunity Canvas: VSPLOIT_EXCHANGEPOP3

Name| vsploitexchangepop3 ---|--- CVE| CVE-2006-0537 Exploit Pack| CANVAS Description| Exchange pop3 rcpt to overflow Notes| CVE Name: CVE-2006-0537 VENDOR: Kinesphere Repeatability: References: http://www.morx.org/adv.txt CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0537...

CVE-2005-4679

Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site...

CVE-2005-4679

This CVE affects Internet Explorer 6 for Windows XP SP2 . The vulnerability allows remote attackers to spoof the URL in the status bar by abusing the title attribute of an image linked to a trusted site within a form, leading to potential user deception. The description does not specify affected ...

Immunity Canvas: SAMIFTP

Name| samiftp ---|--- CVE| CVE-2006-0441 Exploit Pack| CANVAS Description| samiftp Notes| CVE Name: CVE-2006-0441 VENDOR: Karjasoft URL: http://www.securitynull.com/advisories/secnull-11-14-2005-0x2.txt Repeatability: This exploit is non repeatable... CVE Url:...

WinRAR 3.30 - 'Filename' Local Buffer Overflow (2)

/ IHS public source code WinRAR 3.3.0 and below local BOF exploit author : c0d3r , kaveh razavi advisory : http://www.securityfocus.com/archive/1/420679 tnx to alpha who reported the vulnerability workaround: use the lastest version special tnx to LorD and NT of IHS my workmates and best friends...

Immunity Canvas: WMF_SETABORT

Name| wmfsetabort ---|--- CVE| CVE-2005-4560 Exploit Pack| CANVAS Description| WMF SetAbort MS06-001 Notes| CVE Name: CVE-2005-4560 VENDOR: Microsoft MSADV: MS06-001 Repeatability: Infinite MSRC: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx CVE Url:...

security flaw

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...