exploits , vulnerabilities , articles , Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities

Title	Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
Published	2004-12-06-12:00AM
Updated	2005-01-11-07:46PM
Class	Boundary Condition Error
CVE	CAN-2004-1133 CAN-2004-1134
Remote	Yes
Local	No
Credit	Nicolas Gregoire <ngregoire@exaprobe.com> is credited with the discovery of this issue.
Vulnerable	Microsoft w3who.dll Microsoft Windows 2000 Resource Kit
Not Vulnerable
Code	The following proof of concept exploits have been made available: XSS vulnerability when displaying HTTP headers : Connection: keep-alive<script>alert("Hello")</script> XSS vulnerability in error message : http://www.example.com/scripts/w3who.dll?bogus=<script>alert("Hello")</script> Buffer overflow when called with long parameters : http://www.example.com/scripts/w3who.dll?AAAAAAAAA...[519 to 12571]....AAAAAAAAAAAAA An exploit for the w3who.dll buffer overflow has been released as part of the MetaSploit Framework 2.3. /data/vulnerabilities/exploits/iis_w3who_overflow.pm
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 06:14:02 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.chaye5 free galle Crack Data Nude Pics /index.php Aisa takia maxcpm.inf MSN messen Araib Crack Data ASA www..narut t433t sun web se Www.Blacke sql inject gbook.php2 Www.sextoo tamill sex yywang.net Arabsexmov shop sql e news for c WWW.875.gd Mhotties.c Madhuri se MS06-027 www.chaye5 phpbb post jhjgjhj maxcpm.inf Admin_file iifubiroci dolphin-v. www..narut 200 /compo vedio p i c s e bmp t799t china433.1 CMS is Fre a...html/p Sex+japann www.fashio Zoo porno /search/ex Apache+Tom php linkdi Mhotties.c