69 matches found
McAfee SmartFilter信息泄漏漏洞
Bugraq ID: 35756 CVE ID:CVE-2009-2312 CVE-2009-2429 CNCVE ID:CNCVE-20092312 CNCVE-20092429 McAfee SmartFilter是一款网站过滤解决方案。 McAfee SmartFilter存在设计问题,本地攻击者可以利用漏洞获得敏感信息。 用于proxy服务器验证的SmartFilter user ID的用户名和明文文本密码保存在c:\Program Files\Secure Computing\Smartfilter...
Moderate: Red Hat Security Advisory: redhat-ds-base and redhat-ds-admin security and bug fix update
Updated redhat-ds-base and redhat-ds-admin packages are now available that fix security issues and various bugs. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Directory Server is an LDAPv3-compliant directory server. Multiple memory...
Firebird: Data disclosure
Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...
CVE-2003-1553
Haakon Nilsen Simple Internet Publishing System SIPS 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory...
GLSA-200708-08 : SquirrelMail G/PGP plugin: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-200708-08 SquirrelMail G/PGP plugin: Arbitrary code execution The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact : An...
Visual Events Calendar 1.1 (cfg_dir) Remote Include Vulnerability
No description provided by source. title: Visual Events Calendar v1.1 cfgdir Remote Inclusion Vulnerability Author: xoron script: Visual Events Calendar v1.1 Class : Remote cont@ct: x0r0nathotmaildotcom CODE: include $cfgdir."customizetext.php"; Exploit:...
AWStats configdir Remote Command Execution Exploit (perl code)
No description provided by source. !/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for...
CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
Security problems with TWIG webmail system
Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...