SIGMA Lite & Lite + Security Vulnerabilities

CVE-2004-2196

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and...

CVE-2004-2196

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and...

CVE-2004-2195

PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc...

CVE-2002-1742

SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to...

CVE-2002-1742

SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to...

High Risk Vulnerability in L-Soft's LISTSERV Server

Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a high risk rating. Affected versions include: LISTSERV version 14.3, including LISTSERV Lite and HPO LISTSERV version 1.8e, including LISTSERV Lite.....

PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities

According to its banner, the version of AutoTheme for PostNuke on the remote host suffers from multiple, unspecified vulnerabilities affecting the 'Blocks' module. Reportedly, some of these issues may allow a remote attacker to gain unauthorized access to the remote host. Note that the...

Woltlab Burning Board verify_email Function SQL Injection

The version of Burning Board or Burning Board Lite installed on the remote host suffers from a SQL injection vulnerability in the way it verifies email addresses when, for example, a user registers. An attacker can exploit this flaw to affect database...

CVE-2005-1608

Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown...

CVE-2005-1617

Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive...

CVE-2005-1608

Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown...

CVE-2005-1617

Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive...

CVE-2005-1608

Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown...

CVE-2005-1617

Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive...

Woltlab Burning Board pms.php folderid Parameter XSS

The version of Burning Board or Burning Board Lite installed on the remote host may be prone to cross-site scripting attacks due to its failure to properly sanitize input passed to the 'folderid' parameter of the 'pms.php' script. An attacker may be able to exploit this flaw to cause arbitrary...

Woltlab Burning Board Detection

The remote host is running Burning Board or Burning Board Lite, message forum software packages that use PHP and...

CVE-2004-1846

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to...

CVE-2004-1847

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN...

CVE-2004-1911

Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to...

CVE-2004-1845

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to...

CVE-2004-1846

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to...

CVE-2004-1845

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to...

CVE-2004-1847

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN...

ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports: An aggressive testing program as well as independent discovery has turned up a multitude of security issues Please reference CVE/URL list for...

CVE-2005-0216

Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid...

CVE-2005-0301

comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the...

CVE-2005-0302

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP...

CVE-2005-0303

Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error...

CVE-2005-0303

Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error...

CVE-2005-0216

Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid...

CVE-2005-0301

comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the...

CVE-2005-0302

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP...

Microsoft Windows - WINS Vulnerability + OS/SP Scanner

...

MS Windows WINS Vulnerability and OS/SP Scanner

Exploit for unknown platform in category remote...

Microsoft Windows - WINS Vulnerability + OSSP Scanner

Microsoft Windows - WINS Vulnerability + OSSP...

Download Center Lite (DCL) <= 1.5 Remote File Inclusion

No description provided by...

Download Center Lite (DCL) 1.5 - Remote File Inclusion

...

Download Center Lite (DCL) <= 1.5 Remote File Inclusion

Exploit for unknown platform in category web...

Download Center Lite (DCL) 1.5 - Remote File Inclusion

Download Center Lite (DCL) 1.5 - Remote File...

ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports: Issues have been discovered in the following protocol dissectors: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the "ignore cipher bit" option was...

CVE-2005-0680

PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the...

CVE-2005-0680

PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the...

CVE-2005-0680

PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the...

dcl15.txt

...

Download Center Lite &#40;DCL&#41; - Arbitrary File Inclusion &#40;VXSfx&#41;

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: Download Center Lite (DCL) Version: &lt;= 1.5 (free/commercial) Homepage: http://www.stadtaus.com/ Author: Filip Groszynski (VXSfx) Date: 4 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == --...

Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion

Stadtaus.Com Download Center Lite 1.5 - PHP Remote File...

Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion

...

[SA14450] Woltlab Burning Board SQL Injection Vulnerability

Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l TITLE: Woltlab Burning Board SQL Injection Vulnerability SECUNIA ADVISORY ID:...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting,...

CVE-2004-1707

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified...