EUVD-2003-1296

Malware in sbrugna...

CVE-2003-1306

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information server name and version via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response...

Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources

xurlfind3r is a command-line interface CLI utility to find domain's known URLs from curated passive online sources. Features Fetches URLs from curated passive sources to maximize results: AlienVault's OTX BeVigil Common Crawl URLScan Github Intelligence X Wayback Machine With Wayback Machine,...

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive...

Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. | |/ | | / / | |/ | | | | '| | || |...

Sigurls - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h | | / | |/ | | | | '| / | \ \ | | | || | | | \ \ |/|, |,|| ||/ v1.3.1 |/ USAGE: sigurls...

Mitaka - A Browser Extension For OSINT Search

Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text. E.g. example.com to example.com, testatexample.com to [email protected], hxxp://example.com to http://example.com, etc. Search / scan it on various engines. E.g. VirusTotal,...

Microsoft IIS UrlScan Module Bypass Vulnerability

Exploit for windows platform in category remote exploits Paper Title: Microsoft IIS UrlScan Module Bypass Software Link: https://www.iis.net/downloads/microsoft/urlscan Author: Steven Kaun Gh0st Contact: https://twitter.com/AngryMilks Website: https://gh0sthacks.blogspot.com/ Preface Identified...

Microsoft IIS UrlScan Module Bypass

Paper Title: Microsoft IIS UrlScan Module Bypass Date: 16 AUG 2017 Software Link: https://www.iis.net/downloads/microsoft/urlscan Author: Steven Kaun Gh0st Contact: https://twitter.com/AngryMilks Website: https://gh0sthacks.blogspot.com/ Category: WAF Bypass Gh0st oooooooooooooooooooo...

ownCloud: test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

DOMAIN: test1.owncloud.com PORT: 443 THREAT: The Web server was detected that supports the HTTP TRACE method. This method allows debugging and connection trace analysis for connections from the client to the Web server. Per the HTTP specification, when this method is used, the Web server echoes...

Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8419/info A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the...

Workarounds Not Enough to Protect Against ASP.NET Attacks

Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability, suggesting that customers use a technique to block requests that specify an application error. However, the researchers who developed the attack on ASP.NET have said that the workaround is not...

dotnetnuke-xss.txt

www.BugReport.ir AmnPardaz Security Research Team Title: Dot Net Nuke DNN XSS Vulnerability. Vendor: www.dotnetnuke.com Vulnerable Version: 4.8.3 and prior versions Exploit: N/A Impact: Low Fix: N/A Original Advisory: http://bugreport.ir/index.php?/38 1. Description: DotNetNuke is an open source...

cisco-sql.txt

SUMMARY ======= A SQL injection vulnerability exists in the Log On page of the web interface for Cisco CallManager AKA Unified Communications Manager. An unauthenticated attacker who is able to access the Log On page could exploit this vulnerability to run arbitrary SQL commands as the logged in...

CVE-2003-1306

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information server name and version via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response...

CVE-2003-1306

Microsoft URLScan 2.5 contains an information disclosure where the RemoveServerHeader option fails to suppress the Server header in certain HTTP error responses (e.g., 400 Bad Request), allowing remote attackers to learn the server name and version. Affected: URLScan 2.5. Root cause: error respon...

Microsoft IIS .IDA ISAPI Filter Applied - Active Check

Indexing Service filter is enabled on the remote Web server. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2003-1306

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information server name and version via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response...

Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration

source: https://www.securityfocus.com/bid/8419/info A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list. When the...

Microsoft URLScan 2.5RSA Security SecurID 5.0 - Configuration Enumeration

Microsoft URLScan 2.5RSA Security SecurID 5.0 - Configuration Enumeration source: https://www.securityfocus.com/bid/8419/info A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in whi...