Clicky Web Pseudo-frames 1.0 - Remote File Inclusion

Clicky Web Pseudo-frames 1.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located...

Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)

source: https://www.securityfocus.com/bid/4411/info The Cascading Style-Sheets CSS interpreter for Microsoft Internet Explorer is prone to an issue which may allow an attacker to read the contents of files on a web user's system. It is possible to use the cssText property of the styleSheet to rea...

PHProjekt 3.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/4284/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. PHProjekt is prone ...

Sawmill 6.2.x - Admin Password Insecure Default Permissions

Sawmill 6.2.x - Admin Password Insecure Default Permissions source: https://www.securityfocus.com/bid/4077/info Sawmill is commercial log analysis software. It runs on most Unix and Linux variants, Microsoft Windows NT/2000 operating systems and MacOS. Sawmill creates the file AdminPassword with...

CVE-2001-1023

Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header...

Sun Java Virtual Machine 1.2.21.3.1 - Segmentation Violation

Sun Java Virtual Machine 1.2.21.3.1 - Segmentation Violation source: https://www.securityfocus.com/bid/3992/info Java programs run in an intepreted environment, the Java Virtual Machine JVM. Sun has provided a reference JVM implementation for multiple platforms, including Solaris, Windows and...

AHG Search Engine 1.0 - 'search.cgi' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. The search.cgi script included with the AHG Search Engine does not adequately filter...

EServ 2.9x - Password-Protected File Access

source: https://www.securityfocus.com/bid/3838/info EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver, suc...

QPopper 4.0.x - PopAuth Trace File Shell Command Execution

QPopper 4.0.x - PopAuth Trace File Shell Command Execution source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctl...

[SECURITY] [DSA-087-1] wu-ftpd buffer overflow in glob code

Package : wu-ftpd Problem type : remote root exploit Debian-specific: no CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code this is the code that handles filename wildcard expansion. Any logged in user including anonymous ftp users can exploit the bug to gain root...

EasyNews 1.5 - NewsDatabase/Template Modification

source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderate...

ActivePerl perlIS.dll Remote Buffer Overflow

An attacker can run arbitrary code on the remote computer. This is because the remote IIS server is running a version of ActivePerl prior to 5.6.1.630 and has the Check that file exists option disabled for the perlIS.dll. %NASLMINLEVEL 70300 This script was written by Drew Hintz http://guh.nu It ...

macosxsetuidroot.txt

Dump to text file if you find easier. http://www.securemac.com/macosxsetuidroot.php Operating System: Max OS X Version Affected: up to 10.1 Security Risk: High Remote: No Fixed: No About: Mac OS X over the past few months have started to splout security concerns, this being one of the first most...

Linux Kernel 2.22.4 - Deep Symbolic Link Denial of Service

Linux Kernel 2.22.4 - Deep Symbolic Link Denial of Service source: https://www.securityfocus.com/bid/3444/info A denial-of-service vulnerability exists in several versions of the Linux kernel. The problem occurs when a user with local access creates a long chain of symbolically linked files. When...

Microsoft IIS 5.0 - In-Process Table Privilege Escalation

Microsoft IIS 5.0 - In-Process Table Privilege Escalation source: https://www.securityfocus.com/bid/3193/info A vulnerability exists in Microsoft's Internet Information Services 5.0 which could allow a user with write permission to run any code with System privileges...

[SECURITY] [DSA-071-1] fetchmail remote exploit

Package : fetchmail Problem type : memory corruption Debian-specific: no Salvatore Sanfilippo found two remotely exploitable problems in fetchmail while doing a security audit. In both the imap and pop3 code the input is not verified and used to store a number in an array. Since no bounds checkin...

Fetchmail 5.x - IMAP Reply Signed Integer Index

Fetchmail 5.x - IMAP Reply Signed Integer Index // source: https://www.securityfocus.com/bid/3166/info Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. Th...

top format string bug exploit code (exploitable)

hi. It still seems to be affected under 3.5beta9 including this version someone said it's not the problem of exploitable vulnerability about 8 month ago , but it's possible to exploit though situation is difficult. following code and some procedure comments demonstrate it. possible to get kmem...

FreeBSD - '/usr/bin/top' Format String

/ freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3. run top, then find "your parted...

CVE-2001-1078

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands 1 HELO, 2 EHLO, 3 MAIL FROM, or 4 RCPT TO, and the POP3 commands 5 USER and 6 other commands that can be executed after POP3...