2769 matches found
CVE-2007-3821
Cross-site request forgery CSRF vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors...
CVE-2007-2873
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service corrupt arbitrary files via a symlink attack on a file that is used by spamd...
Cisco PIX and ASA LOCAL Method Privilege Escalation Vulnerability
Cisco PIX 500 Series Security Appliances and Cisco ASA 5500 Series Adaptive Security Appliances ASA contain a vulnerability that could allow an authenticated, remote attacker to gain elevated privileges on the device. The vulnerability only exists on devices using LOCAL method for user...
PHP 5.2 - FOpen Safe_mode Restriction Bypass
PHP 5.2 - FOpen Safemode Restriction Bypass source: https://www.securityfocus.com/bid/22261/info PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible. This...
CVE-2007-0123
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations...
Unrestricted file upload
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations...
CVE-2007-0123
Technical details for CVE-2007-0123 are not publicly available in the provided connected documents. Monitor for updates from vendors and CVE databases.
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass
source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This vulnerability would be an issue in...
Debian DSA-1217-1 : linux-ftpd - programming error
Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid calls, which may fail in some PAM configurations. %NASLMINLEVEL 70300 C Tenable Network...
ColdFusion MX Remote Development Service Exploit
No description provided by source. !/usr/bin/perl RDScDump.pl By angry packet THIS IS AN UNPATCHED VULNERABILITY - THIS IS AN UNPATCHED VULNERABILITY ColdFusion 6 MX Server does several things in order to get remote dir structure so we will need to recreate these functions. This is a "almost"...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...
CVE-2006-5175
Cross-site request forgery CSRF vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors...
JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability
Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...
DSA-1150-1 shadow - programming error
Bulletin has no description...
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1146-1 [email protected] http://www.debian.org/security/ Martin Schulze August 9th, 2006 http://www.debian.org/security/faq -...
DSA-1106 ppp - programming error
Bulletin has no description...
kernel security update
CentOS Errata and Security Advisory CESA-2006:0574 Updated kernel packages that fix a privilege escalation security issue in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. Th...
Code injection
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743...
SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations
Certain -- alas, typical -- configurations of Apache allows execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you. This line references SA2006006 to lead Apache administrator...
CVE-2006-2223
Removed by vendor...