CVE-2005-2845

CVE-2005-2845 affects the Ariba Spend Management System. The issue is that username and password are sent to the server in plaintext via a POST request, enabling remote attackers to obtain sensitive information. The available documents state this plaintext credential exposure but do not provide a...

firefox & mozilla -- command line URL shell command injection

A Secunia Advisory reports: Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in th...

sphpblog_vulns.pl.txt

!/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1 Description: This program is for...

Solaris <= 10 LPD Arbitrary File Delete Exploit (metasploit)

Exploit for solaris platform in category remote exploits ============================================================ Solaris 'Solaris LPD Arbitrary File Delete', 'Version' = '$Revision: 1.6 $', 'Authors' = 'H D Moore ', 'Optyx ' , 'Arch' = , 'OS' = 'solaris' , 'UserOpts' = 'RHOST' = 1, 'ADDR',...

pluggedBlog.txt

Plugged-Blog XSS and SQL-Injection flaw & Remove Admin vendor url: http://www.pluggedout.com advisory: http://falcondeoro.blogspot.com/2005/07/plugged-blog-xss-and-sql-injection.html vendor notify: yes exploit available: yes Plugged-Blog is a CMS WebBlog-Portal content management systen, theinsta...

opera -- download dialog spoofing vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be...

FreeBSD : jdk -- jar directory traversal vulnerability (18e5428f-ae7c-11d9-837d-000e0c2e438a)

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. The jar tool does not check properly if the files to be extracted have the string '../' on its names, so it's possible for an attacker to create a malicio...

FreeBSD : mozilla -- code execution via javascript: IconURL vulnerability (eca6195a-c233-11d9-804c-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. - The problem is that 'IFRAME' JavaScript URLs are not properly protected from...

Debian DSA-749-1 : ettercap - format string error

A vulnerability was discovered in the ettercap package which could allow a remote attacker to execute arbitrary code on the system running ettercap. The old stable distribution woody did not include ettercap. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3)

Exploit for unknown platform in category remote exploits =================================================================== MS Windows Message Queuing BoF Universal Exploit MS05-017 v.0.3 =================================================================== / HOD-ms05017-msmq-expl.c: 2005-06-28:...

[SA15785] SGI IRIX arrayd Authentication Spoofing Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[Full-disclosure] Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow

Portcullis Security Advisory Wade Alcorn [email protected] - www.portcullis-security.com/advisory/advisory-05-013.txt [email protected] - www.bindshell.net/voip/advisory-05-013.txt Vulnerable System: This vulnerability affects Asterisk 1.0.7 and the development Asterisk branch known as...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix several security vulnerabilities and risks of data loss are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS that...

CVE-2004-1885

WS_FTP Server 4.0.2 is affected by CVE-2004-1885. The vulnerability allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify iFtpSvc options processed by iftpmgr.exe. This is a local/remote code-execution style impact described in the records, ...

Microsoft Internet Explorer Content Advisor contains a buffer overflow

Overview A buffer overflow in Microsoft Internet Explorer Content Advisor may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Content Advisor is used to control what content is viewable in Internet Explorer. A buffer overflow exists in the routines that...

Microsoft Word contains a buffer overflow vulnerability

Overview Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user. Description Microsoft Word contains a buffer overflow vulnerability that may be exploited by opening a maliciously-crafted word document. Successful...

GnuPG: OpenPGP protocol attack

Background GnuPG is complete and free replacement for PGP, a tool for secure communication and data storage. Description A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Impact An automated system using GnuPG that allows an attacker to repeatedly discover the...

serversAlive.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory information: Title: Servers Alive - Privilege Escalation CVE Candidate Number: CAN-2005-0352 Application: Servers Alive Versions known affected: 4.1, 5.0; other versions not tested. Classification: Privilege Escalation Author: Michael Starks...

Servers Alive: Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory information: Title: Servers Alive - Privilege Escalation CVE Candidate Number: CAN-2005-0352 Application: Servers Alive Versions known affected: 4.1, 5.0; other versions not tested. Classification: Privilege Escalation Author: Michael Starks...

ad20050303.txt

Gene6 FTP Server Local Privilege Escalation Vulnerability By Sowhat 03.Mar.2005 http://secway.org/Advisory/ad20050303.txt Product: Gene6 FTP Server Vendor: Gene6 Sarl Inc. 1 Introduction Gene6 FTP Server is a popular FTP Server for Microsoft Windows platforms. For more information:...