[Full-disclosure] HP Mercury Quality Center Any SQL execution

Vendor: HP Product: Mercury Quality Center Version: 9.0 build 9.1.0.4352 Vendor Informed: No HP Mercury Quality Center is test management product for companys to do software testing and quality insurance. HP Mercury Quality Center has additional guest command on server which allows any user who...

TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)

The remote host is running Mercury Quality Center, a web-based solution for automatic software testing. The version of Quality Center installed on the remote host hosts an ActiveX control affected by a buffer overflow vulnerability and will serve up a copy of that control if a connecting client...

XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection

XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection XOOPS Module RM+Soft Gallery 1.0categos.php BLIND SQL Injection Exploit //'=============================================================================================== //'Script Name: XOOPS Module RM+Soft Gallery 1.0 categos.php BLIND SQL...

Symantec (Multiple Products) - 'SPBBCDrv' Driver Local Denial of Service

// source: https://www.securityfocus.com/bid/23241/info Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver. A local attacker may exploit this issue to crash affected computer...

[Full-disclosure] Microsoft Internet Explorer Multiple Vulnerabilities(mshtml.dll)

Microsoft Internet Explorer Multiple Vulnerabilitiesmshtml.dll Discovered by:SaiedHacker Company of Program:Microsoft Tested On:Internet explorer 6.0.2900.2180 member of group:Siahacking,ArshamHacker,RHDS to find how IE crached you shoud type this code into a HTML file and save that...

Mercury/32 Mail Server 4.01b - 'check' Buffer Overflow (PoC)

!/usr/bin/perl mercurypown-v1.pl Mercury/32 Connected\n"; $buf = "1 LOGIN"." "x$LEN-$BUFLEN."\255\n"; sendSOCKET, $buf, 0; sleep$senddelay; print"- Sending payload\n"; $buf = $NOP x 255; sendSOCKET, $buf, 0; sleep$senddelay; print"- Sending payload 2\n"; $buf = $NOP x $BUFLEN; sendSOCKET, $buf, 0...

Use google to carry out penetration testing-vulnerability warning-the black bar safety net

Today we are penetration testers in the implementation of the attack before, often the first information-gathering, which is the vulnerability is confirmed and the final exploits, expanding the war fruit. Here we are now going to talk about is: One, use google to find is people who installed a ph...

Testing a Web application, whether there is cross-site scripting vulnerability-vulnerability warning-the black bar safety net

So far, for cross-site scripting attack has the very big threat that we no objection to it. If you are proficient with XSS and just wanted to see what test methods are available to draw on, then please skip directly to the article of the test section. If you know nothing about this, follow the...

Nortel SSL VPN Linux Client <= 6.0.3 Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Nortel SSL VPN Linux Client race condition Jon Hart The Linux client that is utilized by versions priot to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged local user to obtain root...

Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation

Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation !/bin/sh Nortel SSL VPN Linux Client race condition Jon Hart The Linux client that is utilized by versions priot to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged loc...

HP LoadRunner Agent Service Detection

An HP LoadRunner Agent is listening on the remote host. This agent enables a LoadRunner Controller to communicate with the LoadRunner Load Generator on the remote host for performance testing. Note that Hewlett-Packard acquired LoadRunner in November 2006 as part of its acquisition of Mercury...

WEB vulnerabilities mining techniques-vulnerability warning-the black bar safety net

Source: security focus Author: 7all sgh81at163.com WEB vulnerability Mining Technology |=---------------= WEB vulnerability Mining Technology=-----------------------------=| |=-----------------------------------------------------------------=| |=---------------= 7all7all7at163. com...

MOAB-30-01-2007: Multiple Apple Software Format String Vulnerabilities

Summary As MOAB begins to come to a close we have decided that it is time for a montage of some sort. By definition alone we can bring you nothing short of a closely juxtaposed composite of pure pwnage. Lucky for us Apple's AppKit framework and a few Apple Developers are all we need. Previously w...

votepro40-exec.txt

r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com Vote-Pro Code Injection 0day Exploit Software: Vote-Pro 4.0 Vendor: http://www.vote-pro.com/ Released: 2007/01/23 Discovered & Exploit By: r0ut3r writ3r at gmail.com Note: The information provided in this document is for Vote-Pro...

Ajax hacking (Monyer)-vulnerability warning-the black bar safety net

Author: dream light In the tenth period published the Ajax hacking, the users give me feedback onXSSthe technical aspects of the problem mainly by the following several. For what in Ajax hacking, withXSS for? It with the traditionalXSSwhat's the difference? They each have what the pros and cons o...

Backup implementation

Backup implementation I. Intro II. Tools III. Strategy Well, now let's talk about how to live with all this correctly. The backup process consists of three stages: planning, implementation and support. We have already talked a little about support and implementation, but planning is the most...

arpspoof 3.1 b officially released-vulnerability warning-the black bar safety net

Main features: ARP spoofing is carried out during data modification, and session hijacking attacks Description: This program is open source code, in order to exchange for more friends. Examples: cheating 1 9 2. 1 6 8. 0. 1 0 8 to access the Baidu website, the whole process note:after I added the...

MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041)

No description provided by source. !/usr/bin/python POC for MS06-041 Run the python script passing the local ip address as parameter. The DNS server will start listening on this ip address for DNS hostname resolution queries. This script is for testing and educational purpose and so to test this...

Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041)

Microsoft Windows - DNS Resolution Remote Denial of Service PoC MS06-041 !/usr/bin/python POC for MS06-041 Run the python script passing the local ip address as parameter. The DNS server will start listening on this ip address for DNS hostname resolution queries. This script is for testing and...

MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041)

Exploit for unknown platform in category dos / poc ================================================================= MS Windows DNS Resolution Remote Denial of Service PoC MS06-041 ================================================================= !/usr/bin/python POC for MS06-041 Run the python...