CVE-2005-2324

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to 1 results.php or 2 categorysearch.php...

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...

CVE-2005-2326

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2005-2322

Cross-site scripting XSS vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the 1 viewuserid or 2 group parameter to users.php...

cleverXSS.txt

Clever copy 'calendar.php' 'yr' variable cross site scripting vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-calendarphp-yr-variable.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and ne...

Clever Copy 2.0 - calendar.php Cross-Site Scripting

Clever Copy 2.0 - calendar.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically...

Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. An attacker may leverage this issue...

security flaw

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992...

security flaw

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992...

GlobalScape Secure FTP Server 3.0 Buffer Overflow Exploit

No description provided by source. !/usr/bin/python GlobalScape Secure FTP Server Buffer Overflow Coded by [email protected] http://www.see-security.com http://www.hackingdefined.com/exploits/Globalscape30.pdf EIP Overwrite root@muts ./globalscape-3.0-ftp.py + Evil GlobalFTP 3.0 Secure Server...

security flaw

The Vicam USB driver in Linux before 2.4.25 does not use the copyfromuser function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service...

CVE-2005-0637

CVE-2005-0637 concerns the copyout functions in locore.s (notably OpenBSD 3.5 and 3.6) which may allow an attacker to exceed certain address boundaries and modify kernel memory. The underlying issue is a boundary/offset handling in these copy routines that can bypass protection checks, leading to...

[SA14372] ArGoSoft FTP Server "SITE COPY" Shortcuts Security Issue

TITLE: ArGoSoft FTP Server "SITE COPY" Shortcuts Security Issue SECUNIA ADVISORY ID: SA14372 VERIFY ADVISORY: http://secunia.com/advisories/14372/ CRITICAL: Less critical IMPACT: Unknown WHERE: From remote SOFTWARE: ArGoSoft FTP Server 1.4.x http://secunia.com/product/2260/ DESCRIPTION: Cirpian...

Argosoft FTP server SITE COPY .lnk files directory traversal

With SITE COPY command it's possible to place .lnk file pointing outside FTP root directory...

CVE-2005-0520

ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut .LNK files in the SITE COPY command, a different vulnerability than CVE-2005-0519...

CVE-2004-1624

CVE-2004-1624 affects Carbon Copy 6.0.5257. The issue: CCW32.exe (help topic interface) launches external programs (Notepad) without dropping system privileges, and the Carbon Copy Scheduler (CCSched.exe) help button similarly spawns external processes. Root cause: failure to drop privileges when...

CVE-2004-1624

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via 1 the help topic interface in CCW32.exe, which launches Notepad, or 2 the help button in the Carbon Copy Scheduler CCSched.exe...

CVE-2004-1438

The CVE-2004-1438 issue affects the Subversion Apache module mod_authz_svn for Subversion 1.0.4-r1 and earlier. A flaw in mod_authz_svn allows remote authenticated users with write access to the repository to read unauthorized parts of the repository via the svn copy command. Impact: access to po...

CVE-2004-0891

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer...