Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

No description provided by source. $Id: ms09050smb2negotiatefuncindex.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container...

CVE-2013-1088

Cross-site request forgery CSRF vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container...

e107 v1.0.1 CSRF Resulting in Arbitrary Javascript Execution

Exploit for php platform in category web applications Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

.NET Cross Site Scripting

.Net Cross Site Scripting - Request Validation Bypassing ========================================== Seeker Research Center By Zamir Paltiel, August 2012 Overview ======== A vulnerability in the .Net Request Validation mechanism allows bypassing the filter and execution of malicious scripts in the...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0696

Technical details about CVE-2011-0696 are not publicly provided in the supplied documents; no affected products, versions, exploits, or fixes are stated here. Monitor for updates.

Cisco CSS / ACE multiple security vulnerabilities

Certificate validation vulnerability, insufficient Web request validation...

Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit)

$Id: ms09050smb2negotiatefuncindex.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Multiple Vulnerabilities in Gazelle CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Gazelle CMS which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in Gazelle CMS The vulnerability exists due to input sanitatio...

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

This module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates not RTM, and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw. This...

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

$Id: ms09050smb2negotiatefuncindex.rb 8656 2010-02-26 13:42:17Z sf $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2010-0020

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to...

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft...

IBM BladeCenter Advanced Management Module Multiple vulnerabilities

Louhi Networks Information Security Research Security Advisory Advisory: IBM BladeCenter Advanced Management Module Multiple vulnerabilities XSS type 2 & 1, CSRF, Information Disclosure Release Date: 2009-04-09 Last Modified: 2009-04-09 Authors: Henri Lindberg [email protected], CISA Device...

CVE-2008-3843

Request Validation aka the ValidateRequest filters in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a query string containing a "/" less-th...

Cross site scripting

Request Validation aka the ValidateRequest filters in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a query string containing a "/" less-th...

CVE-2008-3842

ASP.NET ValidateRequest filters in the Microsoft .NET Framework are vulnerable to bypass and enable cross-site scripting (XSS) when the MS07-040 update is not applied. The issue affects the request validation mechanism (ValidateRequest) used to filter user input, exemplified by a dangerous query ...

CVE-2008-3842

Request Validation aka the ValidateRequest filters in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a query string containing a "/"...