78 matches found
wu-ftpd 2.4.2/2.5 .0/2.6 .0/2.6.1/2.6.2 - FTP Conversion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2240/info Some FTP servers provide a conversion service that pipes a requested file through a program, for example a decompression utility such as tar, before it is passed to the remote user. Under some configurations whe...
RoomPHPlanning 1.5 Create User Exploit
!/usr/bin/perl -w use LWP::UserAgent; use HTML::Form; print "\n"; print "+=RoomPHPlanning\n"; print "+=v1.5\n"; print "+=Vul: Remote Create user with all permissions admin\n"; print "+=Author: Jonathan Salwan \n"; print "+=Web: http://www.shell-storm.org\n"; print "+=Mail: submit AT...
Online Event Registration 2.0 - 'save_profile.asp' Pass Change
User Name Email Phone Fax Password = ID Next Click "Profile" ajann,Turkey ... Im Not Hacker! -- milw0rm.com 2006-11-13...
Maxwebportal <= 1.36 password.asp Change Password Exploit (1 - html)
Exploit for unknown platform in category web applications ==================================================================== Maxwebportal -----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0,...
HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch
s700800 11.00 ftpd1M and ftp1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root...
Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems.
TITLE: Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems. BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest, most stable, secure and 100 virus free mail...
Debian DSA-048-3 : samba
Marcus Meissner discovered that samba was not creating temporary files safely in two places : - when a remote user queried a printer queue samba would create a temporary file in which the queue data would be written. This was being done using a predictable filename, and insecurely, allowing a loc...
Debian DSA-371-1 : perl - XSS
A cross-site scripting vulnerability exists in the startform function in CGI.pm. This function outputs user-controlled data into the action attribute of a form element without sanitizing it, allowing a remote user to execute arbitrary web script within the context of the generated page. Any progr...
SoX - .wav Local Buffer Overflow
SoX - .wav Local Buffer Overflow //--------------------------------- Begin Code: sox-exploiter.c --------------------------------- / Copyright Rosiello Security 2004 http://www.rosiello.org CVE Reference: CAN-2004-0557 Bug Type: Stack Overflow Date: 01/08/2004 Ulf Harnhammar reported that there a...
[NT] Serv-U LIST -l Parameter Buffer Overflow
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion
source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALSrootdp' and 'GLOBALSlanguagehome' variables in the 'db.php' and...
Xoops 2.0.x - 'viewtopic.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9497/info It has been reported that Xoops may be prone to a cross-site scripting vulnerability that may allow a remote user to execute HTML or script code in a user's browser. HTML and script code may be parsed via the 'topicid' and 'forum' URI parameters...
Sun One 5.1 IPlanet 5.05.1 - Administration Server Directory Traversal
Sun One 5.1 IPlanet 5.05.1 - Administration Server Directory Traversal source: https://www.securityfocus.com/bid/8367/info A problem in the checking of input by the Sun ONE Administration Server may lead to remote users escaping into restricted directories. This may allow an attacker to gain acce...
GuildFTPd 0.999.8 - CWD Denial of Service
GuildFTPd 0.999.8 - CWD Denial of Service source: https://www.securityfocus.com/bid/7951/info A denial of service condition exists in GuildFTPD that may allow a remote user to deny service to legitimate GuildFTPD users. The denial of service occurs when the server receives several successive...
unhappycgi.txt
Advisory URL: http://securitytracker.com/alerts/2003/May/1006707.html Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 Title: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands Description: Revin Aldi reported an input validation vulnerability in the...
Rediff Bol 2.0.2 - URL Handling Denial of Service
Rediff Bol 2.0.2 - URL Handling Denial of Service source: https://www.securityfocus.com/bid/6670/info It has been reported that a problem in Rediff Bol may allow remote users to log other users out of the Bol chat client. Due to improper handling of some types of requests, a remote user could sen...
Xynph FTP Server 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/6587/info A problem with the handling of input has been reported in Xynph FTP Server. Under some circumstances, it may be possible for a remote user to escape the FTP root directory using relative path notation. This could allow unauthorized access to...
SolarWinds TFTP Server Standard Edition 5.0.55 - Directory Traversal
source: https://www.securityfocus.com/bid/6045/info SolarWinds TFTP Server is distributed for the Microsoft Windows platform. The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary...
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. The search.cgi script...
Microsoft Windows NT/2000 - Terminal Server Service RDP Denial of Service
source: https://www.securityfocus.com/bid/3445/info Due to a flaw in the implementation of RDP in Windows 2000/NT Terminal Server, it is possible for a remote user to cause a host to stop responding. Sending malformed RDP packets to a host could cause a denial of services, potentially impacting t...