178 matches found
Mozilla FireFox <= 1.0.1 Remote GIF Heap Overflow Exploit
Exploit for unknown platform in category remote exploits ========================================================= Mozilla FireFox = 1.0.1 Remote GIF Heap Overflow Exploit ========================================================= / Mozilla FireFox = 1.0.1 Remote GIF Heap Overflow Exploit by...
Golden Ftp Server Pro - Directory Traversal Vuln
Product: Golden Ftp Server Pro Affected Versions : v2.52 Credit / Discovered by: Lachlan. H Date vendor notified: 02/05/2005 Patch Released: N/A Disclosure: 03/05/2005 External References: http://secunia.com/advisories/15175/ http://www.securityfocus.com/bid/13479/info/ Product Description: Golde...
SocialMPN - Arbitrary File Injection
!/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by zer0-c00l , Bug published at http://waraxe.us/ftopic-542-0-days0-orderasc-.html print " Remote Testing File Inclusion for SocialMPN by y3dips \n"; require LWP::UserAgent; if@ARGV == 2 $target=...
typo3sql.txt
Here is a POC for the typo3 issue to test if you are vulnerable. This doesn't pull the password, just the username : http://path/?&action=getviewcategory&categoryuid=-99%20UNION%20SELECT%20use rname%20FROM%20beusers%20WHERE%20uid=1/ Also, it's easy to pull lists of data from the database using th...
Apache 2.0.52 Multiple Space Header Denial of Service Exploit (v2)
Exploit for unknown platform in category dos / poc ================================================================== Apache 2.0.52 Multiple Space Header Denial of Service Exploit v2 ================================================================== / Apache Squ1rt, Denial of Service Proof of...
[EXPL] BlackJumboDog Remote Buffer Overflow Exploit Code
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
MySQL 4.15.0 - Zero-Length Password Authentication Bypass
MySQL 4.15.0 - Zero-Length Password Authentication Bypass !/usr/bin/perl The script connects to MySQL and attempts to log in using a zero-length password Based on the vuln found by NGSSecurity The following Perl script can be used to test your version of MySQL. It will display the login packet se...
Unreal engine updates and Battle Mages advisory
I have an update about the methods used to test the format string vulnerability in the Unreal engine I reported yesterday. I have solved a problem in the windows version of my proof-of-concept unrfs-poc now version 0.1.1: http://aluigi.altervista.org/poc/unrfs-poc.zip The following instead is a...
gwebTraversal.txt
Donato Ferrante Application: GWeb HTTP Server http://freshmeat.net/projects/gweb/ Version: 0.6 Bug: directory traversal bug Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2...
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator
/ Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version can be found here...
NFuse Cross Site Scripting vulnerability
Hi, NFuse provides several jsp or asp pages to make a portal. In one this page launch.jsp or launch.asp it's possible to use the method getLastError of the TemplateParser object in fact this method is inherited from the WebPNObject object. The CSS problem comes from the getLastError method. It do...
Advisory for Vdns
Advisory for VdnsServer VdnsServer is sold by ZFC and Hughestech Site: http://www.zfc.com | www.hughesnet.net by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0121 /-|=explanation=|- Virtual DNS Vdns allows users with DSL & ADSL type connections to run their own web serve...
Advisory for perl webserver
Advisory for Perl Web Server Site: http://perlwebserver.sourceforge.net by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0113 /-|=explanation=|- Perl Web Server has a simple dot dot bug bug. /-|=who is vulnerable=|- Tested to be vulnerable to the hex-encoded dot dot bug...
Advisory for GoAhead Webserver v2.1
Advisory for GoAhead Webserver v2.1 GoAhead Webserver is made by GoAhead. Site: http://www.goahead.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0104 /-|=explanation=|- GoAhead is well, a webserver. It has a denial of service. /-|=who is vulnerable=|- Anyone runnin...
Tru64 5 - su Env Local Stack Overflow
Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...
Oracle WebDb engine brain-damagse
Ladies and gentlemen, here's something tasty: // Standard disclaimer applies. This post expresses my personal beliefs // and convinctions only. I am speaking as a private person. All the // statements were been provided for informative purposes only, and have // to be verified by the reader. NONE...
ADV-150400.txt
------- Legion2000 - Russian Security Team ADV-1504001 ------- www.legion2000.cc ---- INFORMATION ---- Program Name : CERN Image Map Dispatcher Discovered By : Narrow [email protected] --------------------- Problem Description CERN Image Map Dispatcher /cgi-bin/htimage.exe comes by default with...
Netscape Messaging Server 3.63.543.55 - RCPT TO Denial of Service
Netscape Messaging Server 3.63.543.55 - RCPT TO Denial of Service // source: https://www.securityfocus.com/bid/748/info Netscape Messaging server will not de-allocate memory that is used to store the RCPT TO information for an incoming email. By sending enough long RCPT TO addresses, the system c...