umail-filewrite.txt

U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...

CVE-2008-2831

Multiple cross-site scripting XSS vulnerabilities in the delegated spam management feature in the Spam Quarantine Management SQM component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via 1 the list of blocked...

graffiti-sql.txt

Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example : http://127.0.0.1/topics.php?f=-1 union all select...

CVE-2008-1866

admin/modifconfig.php in Blog Pixel Motion aka PixelMotion does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct...

Stack overflow

Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server BEWS 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary cod...

CVE-2007-6696

Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via 1 an event description, 2 the query string to pref.php, and 3 the adv parameter to search.php. NOTE: vector 1 requires user authentication...

Altiris Deployment Solution Directory Traversal

SUMMARY Symantecs Altiris Deployment Solution is vulnerable to an elevation of privilege attack. Risk Impact Medium Remote Access | Yes ---|--- Local Access | Yes Authentication Required | Yes Exploit available | No AFFECTED PRODUCTS Affected Products Product | Version | Build | Solution...

Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange exported by TMReg.dll which is reachable through th...

Altiris Deployment Solution Elevation of Privilege

SUMMARY Symantecs Altiris Deployment Solution is vulnerable to an elevation of privilege attack. Severity Medium Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|---...

security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory]

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory : http://www.aria-security.com/forum/showthread.php?t=30 ----------------------------------------------------------- Software: CPanel Tested On CPanel 10 CPanel Network Tools PoC:...

os2a_1007.txt

PHP Event Calendar Multiple Parameter Cross Site Scripting Vulnerability OS2A ID: OS2A1007 Status: 08/20/2006 Issue Discovered 09/06/2006 Reported to the Vendor 09/09/2006 Fixed by Vendor 09/13/2006 Advisory Released Class: Cross Site Scripting Severity: Low Overview: --------- PHP Event Calendar...

Symantec Security Advisory SYM06-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Security Advisory SYM06-004 17 March 2006 Veritas Backup Exec: Application Memory Denial of Service Revision History None Severity Medium Remote Access - Yes Local Access - No Authentication Required -No Exploit publicly available - No Overvi...

Ipswitch Collaboration Suite Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite. Authentication is required to exploit this vulnerability. This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long...

Symantec Sygate Management Server: SMS Authentication Servlet SQL Injection

SUMMARY A SQL injection vulnerability in Symantec's Sygate Management Server SMS version 4.1, build 1417 and earlier could potentially allow a remote or local attacker to gain administrative privileges to the SMS server. Risk Impact High Remote Access | Yes ---|--- Local Access | Yes Authenticati...

Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow

source: https://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffe...

[SA13737] Apache Tomcat "Tomcat Manager" Cross-Site Scripting

TITLE: Apache Tomcat "Tomcat Manager" Cross-Site Scripting SECUNIA ADVISORY ID: SA13737 VERIFY ADVISORY: http://secunia.com/advisories/13737/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Apache Tomcat 5.x http://secunia.com/product/3571/ DESCRIPTION: Oliver...

CVE-2004-2622

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access...

PT-2004-3379 · Nexgen · Nexgen Ftp Server

Name of the Vulnerable Software and Affected Versions: Nexgen FTP Server versions prior to 2.2.3.23 Description: The issue allows remote authenticated users to read or list arbitrary files via specific sequences in various FTP commands, including RETR get, NLST ls, LIST ls, RNFR, or RNTO. These...

Important: Red Hat Security Advisory: samba security update

Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1 Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An...