Multiples holes in PHP services.

The url http://www.host.com/index.php?loggedin=true&action=auser&newun=test&newpw=test&newpw1=test&newlevel=1&submit=Save allow to create an admin access nick : test, password : test on a nWebSystems Voting System site. More details in french : http://balteam.multimania.com/Tuts/nwebsystemsvs.txt...

PHP-Nuke sql_debug Information Disclosure

In PHP-Nuke, the sqllayer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators. %NASLMINLEVEL 70300 This script was written by Georges Dagousset Script aud...

Shoutcast server 1.8.3 win32

I found a problem with the latest version of shoutcast for windows. By entering http://some-shoutcast- server:8888/admin.cgi? &...

kebi-webmail_vul.txt

kebi-Webmail Solution vulnerability Tested by secret e-mail: [email protected] Summary : Get webmail server's admin competence by remote attack in kebi-Webmail Solution. Platform: Attacker platform : All Operating Systems + Web browser Target platform: All kebi Webmail solution loading server ke...

CVE-2001-0953

Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root...

easynews 1.5 let's remote users modify database

Hey, that's my first submission so don't expect anything spectacular. There are a few bugs in Easynews 1.5: Short Description: Easynews 1.5 - database and templates remotly modifieable, cross site scripting, local users gain admin pass, and stuff : Found by: markus [email protected] Vendor...

CVE-2001-0771

CVE-2001-0771 affects Spytech SpyAnywhere 1.50. The NVD entry states remote attackers can gain administrator access by exploiting a single character in the loginpass field. Metrics indicate a network-based, low-attack-complexity, no-auth scenario with partial confidentiality, integrity, and avail...

3 phpnuke bugs (2 possibly lead to admin privs)

phpnuke www.phpnuke.org is an opensource webpage portal powers many websites on the net. Version 5.x of phpnuke does not properly check some variables, and is vulnerable to an attack that gives an intruder admin privileges. This is only possible if the intruder knows the database name that phpnuk...

Дырка в Spy Anywhere (unprotected admin access)

Используя парль из одного символа можно подключиться с привилегиями администратора...

SpyAnywhere Authentication Bypassing Vulnerabilities

Strumpf Noir Society Advisories ! Public release ! -- -= SpyAnywhere Authentication Bypassing Vulnerabilities =- Release date: Tuesday, May 22, 2001 Introduction: Spytech's SpyAnywhere application is a remote PC monitoring and administration package for the MS Windows OS. SpyAnywhere can be...

NewsDaemon does not adequately filter user input to $user_username

Overview NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. Description NewsDaemon is a PHP-based tool used to allow readers to submit and comments on news items and stories over the web. It also allows for...

INDEXU Authentication By-Pass

UNDERSEC SECURITY ADVISORY 4th March 20001 ======================================================================= PROGRAM: INDEXU VERSIONS: All versions prior to 2.0Beta 2.0Beta included OS: All REMOTE: YES LOCAL: YES CLASS: Authentication bypass POSTED BY: Sp4rK [email protected] BACKGROUND...

Дырка в Oracle WebDB

часть URL интерпретируется как SQL-запрос. Кроме того, по-умолчанию устанавливается административный доступ без пароля...

Дырка в phpWebLog

Из-за некорректной инициализации переменных пользователь может получить доступ к администрированию...

WinVNC 3.3.x

So, you use WinVNC and Windows NT4 Workstation/Server...? During the InstallShield setup utility, it creates the registry key: HKEYLOCALMACHINESoftwareORLWinVNC3 which is used to store all of WinVNC's default settings. By default, Administrator and SYSTEM have full control, and Everybody has...

Vuln. in all sites using PHP-Nuke, versions less than 3

Greetings, PHP-Nuke is a Web Portal System, storytelling software also an automated web site to distribute news and articles with users system. Exploit: ------- The problem is when somebody does a http://example.com/admin.php3?admin=whatever, can have full access as an admin, that means posting...

Microsoft Windows SMB Registry : Registry HKLM_LOCAL_MACHINE Permissions

The registry key HKEYLOCALMACHINE is writeable by users who are not in the admin group. This allows these users to create a lot of keys on that machine, thus they can probably to get admin easily. Such a configuration probably means that the system has been compromised. C Tenable Network Security...

NetStructure 7110 console backdoor

@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: NetStructure 7110 console backdoor Release Date: May 8th, 2000 Application: Intel NetStructure 7110 previously the Ipivot Commerce Accelerator 1000 Severity: Box can be compromised through configuration...

CVE-1999-0562

Technical details on CVE-1999-0562 are not publicly provided in the connected documents. The sources reiterate that the Windows NT registry can be accessed remotely by non-administrators. Monitor for updates for concrete impact, affected versions, and remediation.

lyris.txt

Date: Sun, 20 Sep 1998 01:40:16 -0400 From: Jimmy Lee Alderson Subject: Vulnerability in Lyris Listserver The following is associated with a post to NTbugtraq. The original post vaguely describes a security problem inherent in a popular server. I recently found this problem on my own, and was goi...