CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

PostgreSQL Multiple Vulnerabilities

Binary data 5170.prm...

Moderate: Red Hat Security Advisory: rhpki-ra security update

An updated rhpki-ra package that fixes one security issue is now available for Red Hat Certificate System 7.3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Red Hat registration authority is an optional Red Hat Certificate System subsyste...

ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution

Name: ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability Release Date: 10 March 2008 Discover: Pranav Joshi Vendor: ZyXEL Products Affected: ZyWALL Status on other affected products & firmwares pending from vendor’s end CVE-2008-1160 BID 28184 --------------------------- Technical Details...

CVE-2008-0996

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials...

Cross site request forgery (csrf)

HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...

PortalApp40.txt

Title: PortalApp 4.0 Multiple vulnerabilities Discovered By: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v3 4t yahoodotcom Tehran - Iran Vendor: http://www.portalapp.com Vulnerable Version: 4.0, prior versions maybe vulnerable Remote Exploit: Yes Dork: "Copyright @2007 Iatek LLC" Fix: Not Availabl...

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php...

CVE-2003-1095

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...

HRG009.txt

HRG - Hackerlounge Research Group Release: HRG009 Monday 03/01/05 Software PBLang 4.63 delpm.php authentication problem The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: PBLang 4.63 and...

CVE-2005-0631

delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters...

Software PBLang 4.63 delpm.php authentication vulnerability

HRG - Hackerlounge Research Group Release: HRG009 Monday 03/01/05 Software PBLang 4.63 delpm.php authentication problem The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: PBLang 4.63 and...

CVE-2004-1097

Format string vulnerability in the cherokeeloggerncsawritestring function in Cherokee 0.4.17 and earlier, when authenticating via authpam, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via format string specifiers in the URL...

CVE-2004-2458

Open WebMail 2.30 and earlier, when usesyshomedir is disabled or createsyshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories...

CVE-2004-2616

The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message...

CVE-2005-0068

The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using 1 blind connection-reset attacks with forged...

CVE-2002-1367

Common Unix Printing System CUPS 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need...

Oracle 9iAS Administrative Web Interface Authentication Weakness

Binary data 1894.prm...

Courier-imap debugging format string

Pre-authentication format string bug in debugging function...

wpquiz.txt

Ok so here is what I found Authors website wireplastik.com currently down php script I found exploit in wpquiz version 2.60b8 also tested on 2.60b 1-7 Exploit: by default wpquiz comes with a folder called extras. This folder is not password protected nor does it require any sort of authentication...