Tiny Blogr 1.0.0 RC4 SQL Injection

Salvatore "drosophila" Fresta + Application: Tiny Blogr + Version: 1.0.0 rc4 + Website: http://tinyblogr.sourceforge.net + Bugs: A Authentication Bypass + Exploitation: Remote + Date: 17 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact:...

Family Connections CMS <= 1.8.2 Blind SQL Injection Vulnerability

No description provided by source. Salvatore "drosophila" Fresta + Application: Family Connections + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore...

Fedora Update for krb5 FEDORA-2007-034

Check for the Version of krb5 OpenVAS Vulnerability Test Fedora Update for krb5 FEDORA-2007-034 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Fedora Update for krb5 FEDORA-2007-409

Check for the Version of krb5 OpenVAS Vulnerability Test Fedora Update for krb5 FEDORA-2007-409 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Potential SQL injection vulnerability in Apache::AuthCAS

Some weeks ago, I sent the following message to David Castro, the author of Apache::AuthCAS. As there hasn't been any reply and the guys at ja-sig.org haven't been able or willing to look into it, perhaps there is somebody here who wants to have a closer look at this? CAS is the Central...

MD-Pro 1.0.76 - SQL Injection

MD-Pro 1.0.76 - SQL Injection !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage; if$url...

OpenSSH s/key Weakness

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2007-04-21 Affected Software: openssh propably other implementations as well Affected ...

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System Advisory ID: cisco-sa-20070412-wcs http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml Revision 1.0 For Public Release 2007 April 12 1600 UTC GMT -...

Hacking knowledge series Rookie of the tutorial of the Cookies spoofing-vulnerability warning-the black bar safety net

First, a few basic concepts Cookies deception, is in only for the user to do the Cookies the authentication of the system, by modifying Cookies of the content to obtain the appropriate user permissions to log on. （Oh, my own definition, the master don't laugh） So what is Cookies?, I'm here to giv...

MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to overflow a heap buffer by one byte

Overview Unauthenticated attacker can cause MIT krb5 Key Distribution Center KDC to overflow a heap buffer by one byte, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system which uses a trusted third party a KDC to authenticate clients and servers ...

Moderate: Red Hat Security Advisory: krb5 security update

Updated Kerberos krb5 packages that correct a buffer overflow bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Kerberos is a networked authentication system that uses a trusted third party a...

Critical: Red Hat Security Advisory: krb5 security update

Updated Kerberos krb5 packages that correct double-free and ASN.1 parsing bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. Several double-free bugs were found...

Fedora Core 2 : krb5-1.3.4-6 (2004-277)

Kerberos is a networked authentication system which uses a trusted third-party a KDC to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The...

Fedora Core 1 : krb5-1.3.4-5 (2004-276)

Kerberos is a networked authentication system which uses a trusted third-party a KDC to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The...

Mandrake Linux Security Advisory : krb5 (MDKSA-2002:057)

The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to...

ZaireWeb Solutions NewsLetter ZWS - Administrative Interface Authentication Bypass

ZaireWeb Solutions NewsLetter ZWS - Administrative Interface Authentication Bypass source: https://www.securityfocus.com/bid/10605/info Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the...

CVE-2004-0076

...

Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force

Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description:...