Cross site request forgery (csrf)

HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...

siteman.noam.txt

!/usr/bin/perl -w Exploit by Noam Rathaus - Beyond Security Ltd. Exploit for the SiteMan vulnerability discovered by: "amironline452" use Digest::MD5 qwmd5 md5hex md5base64; use IO::Socket; use strict; ./siteman.pl / vulnerable.host my $Path = shift; my $Host = shift; my $Username = shift; my...

UltraBoard 1.6 - Denial of Service

UltraBoard 1.6 - Denial of Service source: https://www.securityfocus.com/bid/1175/info UltraBoard 1.6 and possibly all 1.x versions and the new beta Ultraboard 2000 are vulnerable to this Denial of Service attack. A remote user is able to expend all of the available resources of the webserver by...