Design/Logic Flaw

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which...

Combat tells the switch password hack the strategy-vulnerability and early warning-the black bar safety net

A network environment The company use solid up to 3 5 0 0 seriesspecific models is 3 5 4 8The switch, the switch above is connected to a Huawei 2 6 2 1 router, via telecommunications fiber optic Internet access. The actual situation of this station Setia 3 5 4 8 switch is the previous network...

RHEL 5 : brltty (RHSA-2010:0181)

Updated brltty packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure

MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure Bug Found & Exploited by Kingcope May 2010 The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can be accessed remotely, even accessing files on SMB shar...

MDaemon Mailer Daemon Version 11.0.1 (LATEST) Remote File Disclosure

Exploit for windows platform in category remote exploits ==================================================================== MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure ==================================================================== MDaemon Mailer Daemon Version 11.0....

The multi-mode Server-bug warning-the black bar safety net

Find the configuration file, read the web site directory under the config. asp config.php conn. asp inc directory find a high-privilege account and password For example: the root password SA password. // CH the following variables, according to the space provided of the account parameters to...

[SECURITY] Fedora 11 Update: sudo-1.7.2p6-1.fc11

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

[SECURITY] Fedora 13 Update: sudo-1.7.2p6-1.fc13

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

nss_db: Information leak due the DB_CONFIG file read from current working directory

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

Crimson Editor - Overwrite (SEH)

A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code, by tricking a user into using...

Crimson Editor - Overwrite (SEH)

Crimson Editor - Overwrite SEH A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code...

SupeSite 6.0 direct access to webshell of 0day-vulnerability warning-the black bar safety net

For me some tasteless feeling,because the vulnerability where the file is a configuration file, if the target site has been configured through this file, then we cannot exploit the vulnerability, and timely is not configured, it is also possible unsuccessful, of course, there's still a part of th...

The new cloud 4. 0 registered upload vulnerability-vulnerability warning-the black bar safety net

First download a serawebinfo Put the following configuration file is saved as xunyun. seraph url=http://localhost/users/upload. asp? action=save&ChannelID=1&sType= filefield=File1 filefield2= filename=2 0 0 9 8 1 6 2 3 5 5 4. cer;. gif filename2= local=C:\Documents and Settings\seraph\ 桌面 \1.jpg...

RHEL 5 : mysql (RHSA-2010:0109)

Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL serve...

CVE-2003-1588

Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file...

CVE-2003-1588

Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file...

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...

Mandriva Update for logcheck MDVA-2010:028 (logcheck)

Check for the Version of logcheck OpenVAS Vulnerability Test Mandriva Update for logcheck MDVA-2010:028 logcheck Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 12 Update: slim-1.3.1-9.fc12

SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...