1680 matches found
DSA-353 sup - insecure temporary file
Bulletin has no description...
Mini SQL 1.0/1.3 - Remote Format String
// source: https://www.securityfocus.com/bid/8295/info Mini SQL mSQL has been reported prone to a remotely exploitable format string vulnerability, when handling user-supplied data. Reportedly a remote attacker may send malicious format specifiers to trigger the issue. This vulnerability could...
Novell Netware Enterprise Web Server 5.16.0 - CGI2Perl.NLM Buffer Overflow (PoC)
Novell Netware Enterprise Web Server 5.16.0 - CGI2Perl.NLM Buffer Overflow PoC source: https://www.securityfocus.com/bid/8251/info Novell Netware Enterprise Web Server cgi2perl.nlm has been reported prone to a buffer overflow vulnerability. The issue presents itself, likely due to insufficient...
Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/8251/info Novell Netware Enterprise Web Server cgi2perl.nlm has been reported prone to a buffer overflow vulnerability. The issue presents itself, likely due to insufficient bounds checking performed on user-supplied data. It has been reported that a remo...
ChangshinSoft EZTrans Server - 'download.php' Directory Traversal
source: https://www.securityfocus.com/bid/8155/info It has been reported that a problem in ChangshinSoft ezTrans Server exists in the download.php script that may allow an attacker to view arbitrary files. This may result in the disclosure of potentially sensitive information...
IPNetSentryX IPNetMonitorX - Unauthorized Network Reconnaissance
IPNetSentryX IPNetMonitorX - Unauthorized Network Reconnaissance source: https://www.securityfocus.com/bid/8365/info It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network...
CVE-2003-0386
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...
SPChat 0.8 Module - Remote File Inclusion
SPChat 0.8 Module - Remote File Inclusion source: https://www.securityfocus.com/bid/7780/info SPChat has been reported prone to a remote file include vulnerability. The issue presents itself due to insufficient sanitization performed on the user-supplied URI variable 'statussess' by the SPChat...
Maelstrom Server 3.0.x - Argument Buffer Overflow (1)
Maelstrom Server 3.0.x - Argument Buffer Overflow 1 source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is...
CVE-2003-0237
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack...
FlashFXP 1.4 - User Password Encryption
FlashFXP 1.4 - User Password Encryption // source: https://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credential...
Alt-N WebAdmin 2.0.x - Remote File Disclosure
source: https://www.securityfocus.com/bid/7439/info Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information...
XMB 1.8 Partagium SQL Injection Bug
Binary Bugs Advisory BB-2003-1 XMB SQL injection - Product: XMB 1.8 Partagium Final Vendor: http://www.xmbforum.com Versions affected: 1.8, possibly others Impact: SQL injection vulnerability Risk: Medium/High Vendor status: Notified/New version available Release date: April 22, 2003 I. Overview...
MPCSoftWeb 1.0 - Database Disclosure
MPCSoftWeb 1.0 - Database Disclosure source: https://www.securityfocus.com/bid/7390/info MPCSoftWeb does not sufficiently secure the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as administrative credentials for the...
Ocean12 ASP Guestbook Manager 1.0 - Information Disclosure
source: https://www.securityfocus.com/bid/7328/info Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Guestbook Manager. Guestbook...
PHPay 2.2 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for a remote attacker to create a...
CVE-2001-0724
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of...
PHP-Nuke 6.06.5 Forum Module - viewforum.php SQL Injection
PHP-Nuke 6.06.5 Forum Module - viewforum.php SQL Injection source: https://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a...
PHP-Nuke 5.6/6.x - 'banners.php' Banner Manager Password Disclosure
source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and...
Siteframe 2.2.4 - search.php Cross-Site Scripting Vulnerability
Siteframe 2.2.4 search.php Cross Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/7140/info It has been reported that Siteframe does not sufficiently filter user supplied URI parameters on Siteframe pages. As a result of this deficiency, it i...