SIGMA Lite & Lite + Security Vulnerabilities

Free Photo Gallery Site Script (path) File Disclosure Vulnerability

No description provided by...

phpBB Add-on Fishing Cat Portal Remote File Inclusion Exploit

No description provided by...

phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion

...

Free Photo Gallery Site Script (path) File Disclosure Vulnerability

Exploit for unknown platform in category web...

phpBB Addon Fishing Cat Portal - Remote File Inclusion

phpBB Addon Fishing Cat Portal - Remote File...

phpBB Addon Fishing Cat Portal - Remote File Inclusion

...

phpBB Add-on Fishing Cat Portal Remote File Inclusion Exploit

Exploit for unknown platform in category web...

Free Photo Gallery Site Script - 'path' File Disclosure

...

phpBB Fishing Cat Portal Addon - functions_portal.php Remote File Inclusion

phpBB Fishing Cat Portal Addon - functions_portal.php Remote File...

Free Photo Gallery Site Script - path File Disclosure

Free Photo Gallery Site Script - path File...

CVE-2008-1323

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete...

Cross site request forgery (csrf)

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete...

CVE-2008-1323

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete...

CVE-2008-1323

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete...

woltlab-csrf.txt

...

WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability

WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability Vendor: woltlab.de Version: Lite 2 Beta 1 (Released: March 6 2008) Bug found by NBBN on March 8 2008 ::Example <html><head></head><body onLoad="javascript:document.attack.submit()"> <form...

CVE-2008-0458

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to...

CVE-2008-0458

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to...

Directory traversal

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to...

CVE-2008-0458

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to...

SLAED CMS 'index.php'本地文件包含漏洞

BUGTRAQ ID: 27426 CNCAN ID:CNCAN-2008012406 SLAED CMS是一款基于PHP的WEB应用程序。 SLAED CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的'newlang'参数处理缺少充分过滤，提交本地系统文件作为包含对象，可导致以WEB权限查看系统文件内容。 SLAED CMS 2.5 Lite 厂商解决方案 目前没有详细解决方案提供：...

slaed-lfi.txt

...

SLAED CMS 2.5 Lite (newlang) Local File Inclusion Vulnerability

Exploit for unknown platform in category web...

SLAED CMS 2.5 Lite - 'newlang' Local File Inclusion

...

SLAED CMS 2.5 Lite (newlang) Local File Inclusion Vulnerability

No description provided by...

SLAED CMS 2.5 Lite - newlang Local File Inclusion

SLAED CMS 2.5 Lite - newlang Local File...

Debian: Security Advisory (DSA-1228-1)

The remote host is missing an update for the...

Debian Security Advisory DSA 1380-1 (elinks)

The remote host is missing an update to elinks announced via advisory DSA...

Debian: Security Advisory (DSA-1380-1)

The remote host is missing an update for the...

Debian Security Advisory DSA 1228-1 (elinks)

The remote host is missing an update to elinks announced via advisory DSA 1228-1. Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell...

Woltlab Burning Board Lite Search.PHP多个SQL注入漏洞

BUGTRAQ ID: 26973 CNCAN ID:CNCAN-2007122403 Woltlab Burning Board Lite是一款基于PHP的WEB应用程序。 Woltlab Burning Board Lite不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题是'Search.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 WoltLab Burning Board Lite 1.0.2 目前没有解决方案提供：...

CVE-2007-6518

Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder...

CVE-2007-6518

Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder...

Sql injection

Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder...

CVE-2007-6518

Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress <= 2.0.9: crossite...

FreeBSD : wireshark -- multiple vulnerabilities (8a835235-ae84-11dc-a5f9-001a4d49522b)

The Wireshark team reports of multiple vulnerabilities : Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The ANSI MAP...

Woltlab Burning Board Lite "search.php" SQL Injection Vulnerabilities

Multiple vulnerabilities have been identified in Woltlab Burning Board Lite, which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the "search.php" script when processing the "showposts", "sortby" and "sortorder"...

Woltlab Burning Board Lite Search.PHP SQL注入漏洞

BUGTRAQ ID: 26973 CNCAN ID:CNCAN-2007122407 Woltlab Burning Board Lite是一款基于PHP的WEB应用程序。 Woltlab Burning Board Lite不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 WoltLab Burning Board Lite 1.0.2 目前没有解决方案提供：...

Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability

In Woltlab Burning Board Lite(1.0.2) is a SQL-Injection Vulnerability in file: search.php : Line: 510-515 if(!$savepostids) eval("error("".$tpl->get("error_searchnoresult")."");"); $result=$db->query_first("SELECT searchid FROM bb".$n."_searchs WHERE postids='$savepostids' AND...

wbb-sql.txt

...

wireshark -- multiple vulnerabilities

The Wireshark team reports of multiple vulnerabilities: Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The...

coolshot-sql.txt

...

Satel Lite - 'Satellite.php' Local File Inclusion

...

Satel Lite - Satellite.php Local File Inclusion

Satel Lite - Satellite.php Local File...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: CAPTCHA...

Aria-Security.net: CoolShot E-Lite POS 1.0

Aria-Security Team http://aria-security.net CoolShot E-Lite POS 1.0 http://coolshot.net/index.php/works/49-e-lite-pos Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108 Published on November 24 2007 users.user_id users.user_name users.user_email users.user_admin...

CoolShot E-Lite POS 1.0 - Login SQL Injection

...

CoolShot E-Lite POS 1.0 - Login SQL Injection

CoolShot E-Lite POS 1.0 - Login SQL...

coolkey security and bug fix update

[1.1.0-5] - 1777 is not octal and does not set the correct bits should be 01777 [1.1.0-4] - fix cache location to be more secure [1.1.0-3] - replace the install stuff [1.1.0-2] - Back out RHEL-4 version of spec from CVS, add pcsc-lite-lib requires. [1.1.0-1] - Pick up lates...