dynamic flash forum 1.0 beta Multiple Vulnerabilities

No description provided by source. Salvatore drosophila Fresta + Application: Dynamic Flash Forum + Version: 1.0 Beta + Website: http://df2.sourceforge.net/ + Bugs: A Information Disclosure B Authentication Bypass C Multiple SQL Injection + Exploitation: Remote + Date: 09 Apr 2009 + Discovered by...

DaLogin Multiple Vulnerabilities

No description provided by source. dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages, themes, administration panel app source: http://dalogin.sourceforge.net/ author: hc0 1 config file disclosure you can access...

PHPBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for...

openSUSE Security Update : subversion (openSUSE-SU-2013:1442-1)

This subversion update includes a security fix and several minor changes. - update to 1.7.13 bnc836245 - User-visible changes : - General - merge: fix bogus mergeinfo with conflicting file merges - diff: fix duplicated path component in '--summarize' output - raserf: ignore case when checking...

openSUSE Security Update : samba (openSUSE-SU-2013:1339-1)

"This update of samba fixed the following issues : - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections;...

Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read

Nagios Plugins checkdhcp 2.0.1 - Arbitrary Option File Read ============================================= - Release date: 15.05.2014 - Discovered by: Dawid Golunski - Severity: Moderate ============================================= I. VULNERABILITY ------------------------- checkdhcp - Nagios...

GLSA-201404-01 : CUPS: Arbitrary file read/write

The remote host is affected by the vulnerability described in GLSA-201404-01 CUPS: Arbitrary file read/write Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some dangerous directives like the logfilenames, which enable them to read ...

[Router Password Decryptor v2.0] Recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file. Currently it supports password recovery from following type of Routers/Modems Cisco Juniper DLink BSNL ...

CVE-2013-7222

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery

D-Link DSL-2750u ME1.09 - Cross-Site Request Forgery Exploit Title: D-Link DSL-2750U CSRF Vulnerability Author: khaledmohdarMysterious guy E-mail: [email protected]/khaledmohdar Category: Hardware Google Dork: N/A Vendor: http://www.dlink.com/ Firmware Version: ME1.09 Product:...

PT-2013-6248 · Cisco · Cisco Unified Communications Manager

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager affected versions not specified Description: The TFTP service allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext...

[PT-2013-46] Local File Include in Nagios Looking Glass

----------------------------------------------------------- PT-2013-46 Positive Technologies Security Advisory Local File Include in Nagios Looking Glass ----------------------------------------------------------- --- Vulnerable software Nagios Looking Glass Version: 1.1.0 beta 2 and earlier Link...

D-Link DSR Router Remote Root Shell

!/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N Firmware v1.08B44 D-Link DSR-500 and...

Moderate: Red Hat Security Advisory: luci security, bug fix, and enhancement update

Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

Oracle Linux 5 : Moderate: / aide (ELSA-2007-0539)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2007-0539 advisory. 0.13.1-2.0.4 - Added the correct new config file Related: rhbz252331 0.13.1-2.0.3 - Fixed file permissions to please release criteria Related: rhbz252331...

PT-2014-2554 · Phusion · Phusion Passenger

Name of the Vulnerable Software and Affected Versions: Phusion Passenger gem versions 3.0.0 through 3.0.20 Phusion Passenger gem versions 4.0.0 through 4.0.4 Description: The issue allows local users to cause a denial of service or gain privileges by pre-creating a temporary config file in a...

Netgear WPN824v3 Unauthorized Config Download

Netgear WPN824v3 allows for a remote party to download the configuration file unauthenticated. Title: ====== Netgear WPN824v3 Unauthorized Config Download Date: ===== 2013-06-03 Introduction: ============= The Netgear RangeMax Wireless Router model WPN824v3 allows to download the config file...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

Information disclosure

The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for 1 a configuration file, 2 a database dump, or 3 the Tomcat status context...

D-Link DSL-320B - Multiple Vulnerabilities

Device: DSL-320B Firmware Version: EUDSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/dsl-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ Access to the Config file without authentication = full...