Lucene search
K

208 matches found

Prion
Prion
added 2014/03/21 10:55 a.m.16 views

Command injection

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...

4.3CVSS6.9AI score0.00981EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/03/21 10:0 a.m.44 views

CVE-2014-2567

The vulnerability CVE-2014-2567 affects Trojita prior to 0.4.1. The issue is in OpenConnectionTask::handleStateHelper in Trojita’s IMAP code, where a PREAUTH response can be exploited by a man-in-the-middle to force saving a message into the sent or draft folder over plaintext, bypassing STARTTLS...

4.3CVSS6.5AI score0.00981EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2013/10/16 12:0 a.m.20 views

Dolibarr ERP/CMS 3.4.0 SQL Injection

Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/10/15 12:0 a.m.37 views

Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/10/14 12:0 a.m.29 views

aMSN 0.98.9 Web App - Multiple Vulnerabilities

Exploit for php platform in category web applications from argparse import ArgumentParser import urllib2 import string import random """ Preauth LFI and SQLi in the web app packaged with aMSN 0.98.9 """ def lfioptions: """ exploit the LFI """ addr =...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.44 views

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

Hello lists, here you find the analysis of a vulnerability I recently discovered. Mikrotik RouterOS 5. and 6. sshd remote preauth heap corruption http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ Additionally it includes a way to drop into a...

1.5AI score
Exploits0
OSV
OSV
added 2013/03/04 12:0 a.m.2 views

UBUNTU-CVE-2012-1016

The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...

5CVSS7.1AI score0.02576EPSS
Exploits0References4
securityvulns
securityvulns
added 2013/02/04 12:0 a.m.85 views

DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability

DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.71 views

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit

DefenseCode Security Advisory UPCOMING: Cisco Linksys Remote Preauth 0day Root Exploit Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth root access vulnerability in default installation of their Linksys routers that we've discovered. We gave them detailed...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2012/12/03 1:54 p.m.38 views

Multiple MySQL database Zero-day vulnerabilities published

Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and Remote Preauth User Enumeration. Common Vulnerabilities and Exposures CVE assigned as : CVE-2012-5611 — MySQL Lin...

6.5CVSS7.7AI score0.31664EPSS
Exploits22
Saint
Saint
added 2010/12/06 12:0 a.m.42 views

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

9CVSS6.9AI score0.02243EPSS
Exploits12
Packet Storm
Packet Storm
added 2010/02/05 12:0 a.m.25 views

Samba Remote Directory Traversal

Samba Remote Directory Traversal logic fuckup discovered & exploited by Kingcope in 2010 It seems there was a quite similar bug found back in 2004: http://marc.info/?l=bugtraq&m=109658688505723&w=2 A remote attacker can read, list and retrieve nearly all files on the System remotely. Required is ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/09/16 12:0 a.m.76 views

Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS

Some days ago i have discovered a DoS in Windows Vista. Here is the advisory with a detailed description about the vulnerability that will help to Microsoft they have been already notified about the bug to correct it as soon as possible, and it will help you if you need to add any rule for your...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2008/04/17 12:0 a.m.21 views

BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)

No description provided by source. !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow 0day Matteo Memelli aka ryujin www.be4mind.com - www.gray-world.net 04/13/2008 Tested on Windows 2000 Sp4 English Vulnerable process is AntServer.exe Offset for SEH overwrite is 954 Bytes...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/04/17 12:0 a.m.27 views

BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)

PR: n/a I: 10,500 L: 0 LD: 246,240 I: 70400 Rank: 18167 Age: Feb 17, 2004 I: 0 whois source Density Links: 0|0 !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow 0day Matteo Memelli aka ryujin http://www.r57shell.in - http://adult.wikipediatr.com - http://www.wikipediatr.com...

1.1AI score
Exploits0
0day.today
0day.today
added 2008/04/15 12:0 a.m.25 views

BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)

Exploit for unknown platform in category remote exploits ============================================================ BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit 0day ============================================================ !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/01 12:0 a.m.62 views

[EXPL] Airsensor M520 HTTPD Preauth DoS and Buffer Overflow (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2007/09/20 12:0 a.m.37 views

Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC

No description provided by source. !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/09/18 12:0 a.m.36 views

Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC

Exploit for hardware platform in category dos / poc ================================================= Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC ================================================= !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/12/14 12:0 a.m.23 views

Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC

No description provided by source. !/usr/bin/env python kms1.py - Kerio MailServer 6.2.2 preauth remote DoS fixed in Kerio MailServer 6.3.1 Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided...

7.1AI score
Exploits0
Rows per page
Query Builder