GLIBC locale - Format Strings

GLIBC locale - Format Strings / su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a"...

CVE-2002-1751

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

PT-2002-2474 · Cgiscript.Net · Cschat-R-Box

Name of the Vulnerable Software and Affected Versions: CGIScript.net csChat-R-Box affected versions not specified Description: The issue allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. This can be exploited through the...

PT-2002-2475 · Csnews · Csnewspro

Name of the Vulnerable Software and Affected Versions: csNews Professional csNewsPro affected versions not specified Description: The issue allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. This can be exploited through t...

PT-2002-2472 · Cgiscript.Net · Cgiscript.Net Csguestbook

Name of the Vulnerable Software and Affected Versions: CGISCRIPT.NET csGuestbook version 1.0 Description: The issue allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. This can be exploited through the /csGuestbook.cgi API...

Linksys router vulnerability

SUMMARY: Linksys products running affected firmware versions are susceptible to a bug that allows unauthenticated access to the management interface. This bug affects both local and remote management if enabled. AFFECTED PRODUCTS per Linksys support: BEFSR41, BEFSR11, BEFSRU31: firmware versions...

IBM AIX FC contains buffer overflow exploitable during session setup

Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...

CVE-2002-0492

dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter...

CVE-2002-0492

DCShop 1.002 Beta is affected by CVE-2002-0492. The vulnerability lies in dcshop.cgi, allowing remote attackers to delete arbitrary setup files via a null character in the database parameter. Practical impact described in sources is the unauthorized deletion of setup files; no further exploit det...

DCShop Beta 1.0 - Form Manipulation

source: https://www.securityfocus.com/bid/4356/info DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is possible to overwrite setup files .setup by submitting attacker-supplied...

netgear.txt

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ NetGear RO318 HTTP Filter Advisory =+ =+ Null Byte Security =+ =+ http://home.tampabay.rr.com/nbs/ =+ =+ don't call it a come back =+ =+ [email protected] =+...

Cisco PIX Security Notes

Cisco PIX Notes -- Introduction This is a simples paper on which i wrote down some note about "Cisco PIX Firewall" so it isn't well organized or talk specifically about a vulnerability . All test it's about THE latest pix release on this pix: Cisco Secure PIX Firewall Version 5.31 Hardware: SE442...

Дырка в ascsc (buffer overflow)

переполнение буфера при разборе аргументов командной строки. Программа не-suid в установке по-умолчанию...

CVE-2000-0381

CVE-2000-0381 affects the Gossamer Threads DBMan DBMan CGI script (db.cgi). The vulnerability arises when a non-existent database is referenced via the db parameter, allowing remote attackers to view environment variables and setup information (server information leakage). The OpenVAS NASL entrie...

Security Bulletin (MS00-042)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Patch Available for "Active Setup Download" Vulnerability Originally Posted: June 29,...

CVE-2000-0329

The CVE concerns a Microsoft ActiveX control vulnerability in the Active Setup Control that allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML email. Affected component is an ActiveX control; impact is remote code execution with partia...

PT-2000-1324 · Gossamer Threads · Gossamer Threads Dbman

Name of the Vulnerable Software and Affected Versions: Gossamer Threads DBMan version db.cgi Description: The issue allows remote attackers to view environmental variables and setup information. This is achieved by referencing a non-existing database in the db parameter. Recommendations: For...

unsigned.cab.exploit.txt

Vulnerability details and example exploit for Microsoft Active Setup control's unsigned CAB file execution vulnerability. Introduction Microsoft's Active Setup Control asctrls.ocx shipped with Internet Explorer 4 and above has a vulnerability in it as discovered by Juan Carlos Garcia Cuartango ,...

CVE-2000-0160

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft...

CVE-2000-0160

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft...