This exploit is for Mail Enable Professional/Enterprise versions up to v2.35 on win32. It causes a denial of service (DoS) by triggering an out of bounds read.
This exploit targets MiniWebsvr version 0.0.6 and causes resource consumption, leading to high CPU usage. The exploit sends multiple GET requests to the server, which results in increased CPU usage.
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files. An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.
OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack (CVE-2003-0190). OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds (CVE-2006-5229). This is a simple shell script based on expect meant to remotely analyze timing differences in sshd "Permission denied" replies. Depending on OpenSSH version and configuration, it may lead to disclosure of valid usernames.
A buffer overflow is triggered when a long GET command is sent to the server.
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696 (CVE-2005-2428). According to testing, it's possible to dump all HTTPPassword hashes using the $defaultview view instead of $users. This saves a considerable amount of time.
The vulnerability allows an attacker to inject SQL commands into the 'id' parameter of the pollmentorres.asp script, which can lead to unauthorized access or manipulation of the poll database.
An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks. The exploit code extracts the session token from the current document's URI and uses it to inject an iframe that changes the user's signature on the fly.
This exploit allows an attacker to execute arbitrary code on a target system running Advanced Poll version 2.0.0 to 2.0.5-dev. The vulnerability is due to a lack of input validation in the 'tpl[display_head.html]' parameter, which can be manipulated to execute system commands. By injecting a command into the 'tpl[display_head.html]' parameter and sending a specially crafted request to the target server, an attacker can execute arbitrary code with the privileges of the web server.
This exploit targets a remote heap corruption vulnerability in WsMp3d. It allows an attacker to execute arbitrary code with root privileges on a vulnerable system.
Services By CQR