Recommendation:the Guangdong a University site detection notes(figure)-vulnerability warning-the black bar safety net

Recently by PPMM in a McDonald's cajoling, let me test out their school website, security how to,this thought can like our school like ten minutes away,I agreed, I did not expect...... The following start, in order not to cause unnecessary trouble, the removal of sensitive information. C:\ping...

Snort 2.4.2 - Back Orifice Parsing Remote Buffer Overflow

/ THCsnortbo 0.3 - Snort BackOrifice PING exploit by [email protected] THC PUBLIC SOURCE MATERIALS Bug was found by Internet Security Systems http://xforce.iss.net/xforce/alerts/id/207 v0.3 - removed/cleaned up info for public release v0.2 - details added, minor changes v0.1 - first release Greetz to al...

Flat Nuke Cross Site Scripting

Web Site: Vulnerable: FlatNuke = 2.5.6 This script is possibly vulnerable to Cross Site Scripting XSS attacks Malicious users may inject JavaScript, VBScript, ActiveX, into a vulnerable application to fool a user in order to gather data from them. Affects...

MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2)

Exploit for unknown platform in category dos / poc ================================================================== MS Windows Plug-and-Play Umpnpmgr.dll DoS Exploit MS05-047 2 ================================================================== // tested and approved /str0ke / Program: Denial of...

DCP - portal XSS & SQL attacks

Web Site: http://www.dcp-portal.org/ DCP Portal = v6 This script is possibly vulnerable to SQL Injection attacks AND Cross Site Scripting XSS attacks The script has been tested with these query variables: XSS : http://target/index.php?page=send&cid=scriptalertdocument.cookie;/script XSS - only PO...

PHP-Nuke 7.8 - SQL Injection / Remote Command Execution

?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

DIY perfect free kill flux 1.0-vulnerability warning-the black bar safety net

Objective: production of free to kill flux 1.0 Serviceend Tools: flux, 1.0, ASPACK, OllyDbg 1.09 C English version, the BoLer PEiD.exe and PEditor.exe and reloc, the UPXShell, features code locator CCL ----------------------------------------------------------------------- Modify the purpose and...

Fedora Core 3 : mysql-3.23.58-16.FC3.1 (2005-304)

Sat Apr 2 2005 Tom Lane 3.23.58-16.FC3.1 - Repair uninitialized variable in security2 patch. - Enable testing on 64-bit arches; continue to exclude s390x which still has issues. - Sat Mar 19 2005 Tom Lane 3.23.58-15.FC3.1 - Backpatch repair for CVE-2005-0709, CVE-2005-0710, CVE-2005-0711...

vBulletin <= 3.0.8 Accessible Database Backup Searcher (update 3)

Exploit for unknown platform in category web applications ================================================================= vBulletin include include include include include include define SERVERPORT 80 char getdateint b static char datestring40; timet ttt; int minustime; minustime=86400 b;...

MS Windows Plug-and-Play Service Remote Universal Exploit (spanish fix)

No description provided by source. / HOD-ms05039-pnp-expl-spanish.c 25.Aug.2005 Very slightly modified version by Roman Medina [email protected] Tested on Win2k SP4 Spanish. Original credits & comments follow. / / HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 Copyright c 2005 houseofdabus...

Ethereal 10.x - AFP Protocol Dissector Remote Format String

Ethereal 10.x - AFP Protocol Dissector Remote Format String / etherealv0.10.: AFP remote format string exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xethereal-afp-fmt.c -o xethereal-afp-fmt ethereal homepage/url: http://www.ethereal.com syntax: ./xethereal-afp-fmt -spSrPanc...

dosPlanet.txt

Software: PlanetFileServer Corporation: PlanetDNS Software Version: v2.0.1.3 Vulnerability: Denial of Service - Crash Vulnerability ------------------------------- BACKGROUND PlanetFileServer v2.0.1.3 is a BETA product PlanetDNS provides products and services that enable you to host your own web...

Mozilla FireFox <= 1.0.1 Remote GIF Heap Overflow Exploit

Exploit for unknown platform in category remote exploits ========================================================= Mozilla FireFox = 1.0.1 Remote GIF Heap Overflow Exploit ========================================================= / Mozilla FireFox = 1.0.1 Remote GIF Heap Overflow Exploit by...

[SECURITY] [DSA 727-1] New libconvert-uulib-perl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 727-1 [email protected] http://www.debian.org/security/ Martin Schulze May 20th, 2005 http://www.debian.org/security/faq -...

[Full-disclosure] Pico Server &#40;pServ&#41; Remote Command Injection

Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, =3.2 probably too...

Golden Ftp Server Pro - Directory Traversal Vuln

Product: Golden Ftp Server Pro Affected Versions : v2.52 Credit / Discovered by: Lachlan. H Date vendor notified: 02/05/2005 Patch Released: N/A Disclosure: 03/05/2005 External References: http://secunia.com/advisories/15175/ http://www.securityfocus.com/bid/13479/info/ Product Description: Golde...

BitchX &lt;= 1.0c20 Local Buffer Overflow Exploit

No description provided by source. / Tested on BitchX-1.0c19 /str0ke / / P.o.C Exploit Code for BitchX made for Version BitchX-1.0c20cvs -- Date 20020325 C 2004. GroundZero Security Research and Software Development http://www.groundzero-security.com released under the GNU GPL -...

ie_dhtml_poc.txt

Details and PoC code for MSIE DHTML Object handling vulnerabilities are available online at my website: http://www.edup.tudelft.nl/bjwever Note: page is not up-to-date, since it was written in August/September 2004. Additional information will be added when found during testing of MS05-20 patch...

Arbitrary file overwrite possible by Musicmatch ActiveX control

Hyperdose Security Advisory Name: Arbitrary file overwrite in Musicmatch Systems Affected: Musicmatch v10.00.2047 or earlier according to Yahoo v9.00.5059 and earlier are also affected Severity: Important Author: Robert Fly - [email protected] Advisory URL:...

-==CoolForum Path Disclosure & Possible SQL Injection==-

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 11 - 20/03/05 -------------------------------------------------------- Program: CoolForum Homepage: http://coolforum.net/ Vulnerable Versions: CoolForum v.0.8.1 beta & Lowers Risk: Low!! Impact: Path...