MSSQL 7.0 Remote Denial of Service Exploit

No description provided by source. / Microsoft mssql 7.0 server is vulnerable to denial of service attack By sending a large buffer with specified data an attacker can stop the service "mssqlserver" the error noticed is different according to services' pack but the result is always the same one...

CGIWrap error page cross-site scripting vulnerability

Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...

PT-2007-6075 · Linden · Second Life

Name of the Vulnerable Software and Affected Versions: Linden Lab Second Life affected versions not specified Description: The issue concerns the login to simulator method, which sends an MD5 hash in cleartext in the passwd field. This allows remote attackers to login to an account by sniffing th...

PT-2007-3853 · Phphoo3 · Phphoo3

Name of the Vulnerable Software and Affected Versions: phpHoo3 affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the ADMIN USER and ADMIN PASS parameters during a login in the admin.php file. However, it is noted that ADMIN USER a...

PT-2006-6618 · Evolve · Evolve Shopping Cart

Name of the Vulnerable Software and Affected Versions: Evolve shopping cart affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the zoneid parameter in the "viewcart.asp" file. This enables attackers to manipulate the database by...

On the s6 su Admin Password Sniffer-vulnerability warning-the black bar safety net

A long time ago ago, FlashSky in the security focus of the above is a review Paper On Introduction to the use of the port dynamic re-binding technology Sniffer. The principle is very simple, I will not repeat it, interested can turn out to look. I this little tool is in Him is given the code base...

ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion

source: https://www.securityfocus.com/bid/13086/info ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script. ModernBill 4.3 and prior versions are...

ModernGigabyte ModernBill 4.3 - news.php File Inclusion

ModernGigabyte ModernBill 4.3 - news.php File Inclusion source: https://www.securityfocus.com/bid/13086/info ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the...

cdrecord privilege escalation

Privileges are not dropped on user specified program invocation...

ssmtp insecure file creation

Hi, ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile is user specified. It's possible to overwrite any file with the permissons of the ssmtp program normally root. The vulnerable call is in logevent. logevent vulnerable call: ifdef LOGFILE iffp = fopen"/tmp/ssmtp.log", "a" !...

KPhone 2.x/3.x/4.0.1 - Malformed STUN Packet Denial of Service

source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths,...

PayPal Store Front 3.0 - index.php Remote File Inclusion

PayPal Store Front 3.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an...

PT-2003-1862 · Icq · Icq Web Front

Name of the Vulnerable Software and Affected Versions: ICQ Web Front affected versions not specified Description: A cross-site scripting XSS issue exists in the guestbook component of ICQ Web Front, specifically in the guestbook.html file. This allows remote attackers to inject arbitrary web scri...

Multiple Vulnerabilities and Enhancements in ftpd on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Multiple Vulnerabilities and Enhancements in ftpd Number : 20030304-01-P Date : March 24, 2003 Reference: CERT CA-1997-27 Reference: CERT VU2558 Reference: CERT VU258721 Reference: CVE CVE-1999-0017 Reference: CVE CVE-1999-0097...

web602dir.pl

/usr/bin/perl web602 cezch version driectory tree exploit.. Written by eip aka deadbeat aka AnGrYSQl use IO::Socket; print "\nWeb602 czech version Directory Tee Exploit\n"; if !$ARGV\n"; $host = $ARGV0; $sox = IO::Socket::INET-new Proto="tcp", PeerPort="80", PeerAddr=$host, ; print "Connected..DO...

phpMyNewsletter 0.6.10 - Remote File Inclusion

phpMyNewsletter 0.6.10 - Remote File Inclusion source: https://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow...

PT-1999-1479 · Mutt · Mutt

Name of the Vulnerable Software and Affected Versions: mutt affected versions not specified Description: The issue allows remote attackers to execute commands via malformed MIME messages due to a buffer overflow in the mutt mail client. Recommendations: At the moment, there is no information abou...

PT-1999-1453 · Sccw · Sccw

Name of the Vulnerable Software and Affected Versions: sccw affected versions not specified Description: The issue allows local users to read arbitrary files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-1999-1023 · Linux · Linux

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue allows an attacker to gain root access to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-1999-1189 · Unix · Unix

Name of the Vulnerable Software and Affected Versions: Unix affected versions not specified Description: The issue arises when two or more Unix accounts share the same user ID UID, potentially leading to unauthorized access and privilege escalation. Recommendations: At the moment, there is no...