PISG 0.54 - IRC Nick HTML Injection

source: https://www.securityfocus.com/bid/10195/info pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be used. If an attacker specifies HTML...

PT-2004-1386 · Openbsd · Openbsd

Name of the Vulnerable Software and Affected Versions: OpenBSD versions 3.4 and earlier Description: The issue allows remote attackers to cause a denial of service crash via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error. This...

CVE-2004-0164

KAME IKE daemon racoon does not properly handle hash values, which allows remote attackers to delete certificates via 1 a certain delete message that is not properly handled in isakmp.c or isakmpinf.c, or 2 a certain INITIAL-CONTACT message that is not properly handled in isakmpinf.c...

CVE-2004-0164

KAME IKE daemon racoon does not properly handle hash values, which allows remote attackers to delete certificates via 1 a certain delete message that is not properly handled in isakmp.c or isakmpinf.c, or 2 a certain INITIAL-CONTACT message that is not properly handled in isakmpinf.c...

apache2047.txt

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...

Opera 7.11/7.20 HREF - Malformed Server Name Heap Corruption

source: https://www.securityfocus.com/bid/8853/info A vulnerability has been discovered in the Opera web browser that could lead to remote code execution. The problem is said to trigger when handling malformed HTML HREF values and may result in a buffer overrun occuring within heap memory. As a...

Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal

Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal source: https://www.securityfocus.com/bid/7775/info A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the...

Truegalerie 1.0 - Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/7427/info A vulnerability has been reported for Truegalerie that may result in unauthorized administrative access. The vulnerability exists due to insufficient sanitization of some URI values. http://target/admin.php?loggedin=1...

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. A...

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)

source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. The methods can be called with certain types of...

List Site Pro 2.0 - User Database Delimiter Injection

source: https://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to inject arbitrary values via html inp...

CVE-2002-2272

Tomcat 4.0 through 4.1.12, using modjk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service desynchronized communications via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...

ColdFusion Heap Overflow -continued

Hi all, I am attempting to write exploit code for the coldfusion heap overflow still. On advice from various on the secfocus list i have installed softice and located the exception handler in question. The handler code starts at 0x77f82b95 The code I am trying to manipulate is at 0x77f8e43b Mov...

CVE-2002-0964

Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service resource exhaustion via multiple responses to the initial challenge with different cdkey values, which reaches the player limit and prevents other players from connecting until the original responses have...

OpenBB 1.0.0 RC3 - Cross-Site Scripting

OpenBB 1.0.0 RC3 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4824/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. It has been reported that OpenBB is vulnerable to a cross-site...

wolfmail.cgi.txt

+-..-+ WolfMail.cgi +-./.-+ by Dead Beat The Advanced Knowledge Network http://www.advknowledge.net Mailirritation possibillity fake and highfire an account Wolfmail is a script similar to formmail.cgi which allows users to send mails from the page without using their Mailclient. However I guess...

CVE-2001-0569

Zope 2.3.1b1 and earlier are affected by a vulnerability in the return values of ObjectManager, PropertyManager, and PropertySheet, per CVE-2001-0569. Advisories (Debian DSA-043-1, Mandrake MDKSA-2001:025) describe hotfixes and recommend upgrading to patched Zo pe packages; the mutability of meth...

CVE-2001-0569

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes 1 ObjectManager, 2 PropertyManager, and 3 PropertySheet...

CVE-2001-0328

TCP implementations that use random increments for initial sequence numbers ISN can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN...

CVE-2001-1436

Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password...