Multiple AntiVirus - '.zip' Detection Bypass

/ zipbrk.c - Proof-of-Concept for CAN-2004-0932 - CAN-2004-0937 Copyright C 2004 oc.192 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at yo...

SudoEdit 1.6.8 Local Change Permission Exploit

No description provided by source. / Copyright © Rosiello Security 2004 http://www.rosiello.org sudoedit Exploit SOFTWARE : sudoedit REFERENCE: http://www.sudo.ws/sudo/alerts/sudoedit.html DATE: 18/09/2004 Summary: A flaw in exists in sudo's -u option aka sudoedit in sudo version 1.6.8 that can...

WinAmp => 5.04 XML Remote Code exec

hello.. security.nnov.ru team i just coded an exploit to the WinAmp = 5.04 XML Remote Code exec bug if you like.. check The exploit http://blackhat.tv/skinhead.tgz a readme http://blackhat.tv/skinhead/README a working sample http://blackhat.tv/skinhead/ let it go out to the wild! greetings Daniel...

[Full-Disclosure] Get admin rights using Doro (pdf creator)

Hi, a few days ago i discovered a bug in Doro. Doro is a free tool to create pdf files from any windows program. After installing Doro you have a new printer called 'Doro PDF Writer'. If you select 'Print' the spooler calls the printer filter 'doro.dll'. The 'doro.dll' then starts 'doro.exe' and ...

[Full-Disclosure] [bWM#017] Cross-Site-Scripting @ PHPKIT

http://badWebMasters.net ben moeckel security research ------------------------------------------------- badWebMasters security advisory 017 Cross Site Scripting @ PHP-Kit Discovery date: 2003-09 Original advisory: http://badwebmasters.net/advisory/017/ text/html Legal Notice: Copyright 2003 by...

Tellurian TftpdNT buffer overflow

Buffer overflow on oversized filename...

WFVote

Product : WFVote Version : 0.2 WebSite : http://jid.2yd.ru Problem : Admin access rus Description: ------------ setadmpw.php ========= ... myflock; $f=fopen"votepwd.dat","w"; fputs$f,md5$admpwd1; fclose$f; myfunlock; ... ========= votepwd.dat ======= 21232f297a57a5a743894a0e4a801fc3 =======...

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure 2 source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software...

CVE-2002-1403

dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script...

CVE-2002-0455

Product affected: IncrediMail. Vulnerability: attachments stored in a directory with a fixed name, enabling a predictable path. Impact (per sources): could facilitate exploitation of vulnerabilities in other software that rely on known directory pathnames when installing or reading files. Root ca...

OpenBB 1.0 - Unauthorized Moderator Access

OpenBB 1.0 - Unauthorized Moderator Access source: https://www.securityfocus.com/bid/4823/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. OpenBB is reported to be vulnerable to a condition that will...

ISC DHCPD 2.0/3.0.1 - NSUPDATE Remote Format String

// source: https://www.securityfocus.com/bid/4701/info The ISC DHCPD Dynamic Host Configuration Protocol is a collection of software implementing the DHCP protocol. It is available for a range of operating systems, including BSD and Solaris. A remote format string vulnerability has been reported ...

uucp --config patch -- not sufficient

Problem: uucp patch from RedHat possibly others prevents original exploit, but not variations. Severity: Potential for local root on some distributions, uucp.uucp on others. https://bugzilla.redhat.com/bugzilla/showbug.cgi?id=54466 I had seen this report some time ago, and thought: "Good. They've...

Дырка в bbs_forum.cgi

Обратный путь в директориях позволяет получить любой файл с сервера...

CVE-2000-1025

CVE-2000-1025 affects eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier. A remote attacker can cause a denial of service by requesting a URL containing the '/servlet/' path, which invokes the ServletExec servlet and triggers an exception if it is already running. Impact: partia...

CVE-2000-0698

Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack...

DoS против IE/Outlook через Microsoft Media Player

Некорректный OCX-Active X приводит к закрытию почтового клиента с ошибкой...

Any LAN user can crash Sygate

This is just a nuisance to some, as I do not know of many corporate networks that rely on a product such as Sygate. In fact I hope no corporate network relies on Sybergen software considering the way they treat security issues. They were contacted about this hole a while ago. They pretty much did...

Дырка в DBMAN

db.cgi позволяет получить атакующему некоторые переменные окружения...

CVE-2010-4014

...