85 matches found
davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at...
DSA-2177-1 pywebdav - SQL injection
Bulletin has no description...
DEBIAN-CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...
CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...
Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023) (Metasploit)
$Id: ms10022ievbscriptwinhlp32.rb 10504 2010-09-28 16:19:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Design/Logic Flaw
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a 1 local pathname, 2 UNC share pathname, or 3 WebDAV server with a...
IE Winhlp32.exe MsgBox F1
$Id: iewinhlp32.rb 8688 2010-03-02 12:23:17Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CVE-2009-1431
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 AMS2, as used in Symantec System Center SSS; Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus SAV Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10....
Gentoo Security Advisory GLSA 200405-04 (openoffice)
The remote host is missing updates announced in advisory GLSA 200405-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200405-01 (neon)
The remote host is missing updates announced in advisory GLSA 200405-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian Security Advisory DSA 487-1 (neon)
The remote host is missing an update to neon announced via advisory DSA 487-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: gnutls security update
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...
Bytehoard 2.1 (server.php) Remote File Include Vulnerability
No description provided by source. Script: Bytehoard 2.1 Epsilon/Delta www.bytehoard.org Discovered: beford xbefordx gmail com File: ./bytehoard/includes/webdav/server.php Vuln: Remote File Include code requireonce $bhconfig'bhfilepath'."/includes/webdav/parsepropfind.php"; /code...
Important: Red Hat Security Advisory: gnutls security update
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GN...
GLSA-200405-13 : neon heap-based buffer overflow
The remote host is affected by the vulnerability described in GLSA-200405-13 neon heap-based buffer overflow Stefan Esser discovered a vulnerability in the code of the neon library : if a malicious date string is passed to the nerfc1036parse function, it can trigger a string overflow into static...
GLSA-200405-15 : cadaver heap-based buffer overflow
The remote host is affected by the vulnerability described in GLSA-200405-15 cadaver heap-based buffer overflow Stefan Esser discovered a vulnerability in the code of the neon library see GLSA 200405-13. This library is also included in cadaver. Impact : When connected to a malicious WebDAV serve...
GLSA-200406-03 : sitecopy: Multiple vulnerabilities in included libneon
The remote host is affected by the vulnerability described in GLSA-200406-03 sitecopy: Multiple vulnerabilities in included libneon Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library GLSA 200405-01 and 200405-13. Current versio...
GLSA-200405-25 : tla: Multiple vulnerabilities in included libneon
The remote host is affected by the vulnerability described in GLSA-200405-25 tla: Multiple vulnerabilities in included libneon Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library GLSA 200405-01 and 200405-13. Current versions of...
Fedora Core 2 : neon-0.24.5-2.2 (2004-130)
Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which us...
RHEL 3 : openoffice.org (RHSA-2004:160)
Updated OpenOffice packages that fix a vulnerability in neon exploitable by a malicious DAV server are now available. OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. OpenOffice internally uses inbuilt code from neon, an HTTP and WebDAV client...