1851 matches found
Webspeed OpenEdge Dos exploit
Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...
CVE-2007-2506
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...
Code injection
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...
CVE-2007-2506
This CVE concerns WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e and some 9.x variants. The vulnerability allows remote attackers to cause a denial of service (infinite loop and daemon hang) by requesting a messenger URL that calls _edit.r with no additional parameters, demonstr...
Flaw in about.r OS and Progress version disclosure
about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1...
Information disclosure
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...
CVE-2007-2354
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...
CVE-2007-2354
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...
CVE-2007-2354
CVE-2007-2354 affects Progress Webspeed Messenger. The vulnerability arises from a WService parameter containing “wsbroker1/webutil/about.r” that can disclose operating system and product information to remote attackers, constituting an information-disclosure issue. The connected documents confir...
Code injection
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...
CVE-2007-2266
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...
CVE-2007-2266
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...
CVE-2007-2266
Progress Webspeed Messenger is affected by a vulnerability where an attacker can remotely read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated through the save, editor options usin...
Progress Webspeed exploit for all releases
Because of a flaw in cpyfile.p which is a default installed file it is possible to gain full control of a machine running Progress Webspeed Messenger. You can access, change and edit allmost any file on the server running the Webspeed Messenger even when the workshop is disabled. First you have t...
webspeed-exec.txt
Because of a flaw in cpyfile.p which is a default installed file it is possible to gain full control of a machine running Progress Webspeed Messenger. You can access, change and edit allmost any file on the server running the Webspeed Messenger even when the workshop is disabled. First you have t...
Progress 3.1 - Webspeed _CPYFile.P Unauthorized Access
Progress 3.1 - Webspeed CPYFile.P Unauthorized Access source: https://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute...
Progress 3.1 - Webspeed _CPYFile.P Unauthorized Access
source: https://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserve...
PHP Upload Progress Meter UploadProgress.C远程缓冲区溢出漏洞
Upload Progress Meter是一款基于PHP的文件上传应用程序。 Upload Progress Meter uploadprogress.c存在缓冲区溢出,远程攻击者可以利用漏洞进行拒绝服务攻击,存在执行任意指令可能。 efree函数中存在堆溢出,精心构建提交数据,可能导致覆盖内存而造成任意指令执行。 Bitflux Upload Progress Meter 8275 Bitflux Upload Progress Meter 8215 厂商解决方案 升级到最新程序: Bitflux Upload Progress Meter 8275 Bitflux...
CVE-2006-6361
Heap-based buffer overflow in the uploadprogressphprfc1867file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service crash or execute arbitrary code via crafted HTTP POST fileupload requests...
CVE-2006-6361
Heap-based buffer overflow in the uploadprogressphprfc1867file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service crash or execute arbitrary code via crafted HTTP POST fileupload requests...