1196 matches found
Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts
Advisory: cPanel/Fantastico/mysql local vulnerability Date: 5/19/04 By: Michael Curtis email at curto dot us System: Redhat Enterprise 3 ES / cPanel 9.3.0-R5 most likely all redhat versions with all cpanel versions Severity: High, full compromise of local databases, password retrieval Background:...
SurgeLDAP 1.0 - Web Administration Authentication Bypass
source: https://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. It has been reported that the SurgeLDAP web administration application...
CVE-2003-0943
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via 1 waecho, 2 Web SQL Interface websql, or 3 Web Database Manager webdbm...
SLocate 2.6 - User-Supplied Database Heap Overflow
SLocate 2.6 - User-Supplied Database Heap Overflow // source: https://www.securityfocus.com/bid/8780/info It has been reported that a local off-by-one heap overflow exists in the handling of user-supplied databases by slocate. Because of this, an attacker may be able to gain elevated privileges...
SLocate 2.6 - User-Supplied Database Heap Overflow
// source: https://www.securityfocus.com/bid/8780/info It has been reported that a local off-by-one heap overflow exists in the handling of user-supplied databases by slocate. Because of this, an attacker may be able to gain elevated privileges. include define CODEDPATH 0x080520 define DATABASE...
GOnicus System Administrator php injection
I. BACKGROUND The GOnicus System Administrator is a PHP based administration tool for managing accounts/systems in LDAP databases. Project homepage : http://www.gonicus.de II. DESCRIPTION A remote attacker can inject into GOsa arbitrary PHP code that executes under the privileges of the underlyin...
Advisory: Lawson Financials RDBMS Insecurity
+-----------------------------------------------------------------------+ | Advisory: lawson001 | | Authors: John Eisenschmidt [email protected] | | George Lewis [email protected] | | Release Date: December 02, 2002 | | Vendor: Lawson | | Application: Financials possibly others | | Affected...
CVE-2001-0954
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service block access to databases that have not been previously accessed via a URL that includes the . dot directory...
CVE-2001-0954
The provided sources confirm a Denial of Service flaw in IBM Lotus Domino (Lotus Domino 5.0.5/5.0.8 and possibly other versions), triggered by a crafted web request that includes a "/./" path segment in the URL. The vulnerability is advisory-listed as CVE-2001-0954 and is exploited by a remote at...
Lotus Domino Web server vulnerability
Tested on : ----------- LOTUS DOMINO 5.0.5 french and LOTUS DOMINO 5.0.8 french with http service running. OS : Windows NT 4.0 sp4 Description : ------------- With a particular craft URL, an anonymous users can lock the databases accesses. Result : Any notes users even the administrators and the...
Lotus Notes: File attachments may be extracted regardless of document security
Hello, This is my first post to the list. I'll try to get this right. The short version is that file attachments and other objects may be extracted from Notes databases regardless of any author or reader fields on the documents the objects are attached to. This goes back to the structure of Notes...
CVE-2001-0608
HP architected interface facility AIF as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program...
Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases
Overview FileMaker may expose data inadvertently. Description FileMaker Web Companion prior to version 5.0v4 permits unauthorized access to data even if the database manager believes that data is protected by Field Level Security. --- Impact Attackers can read information, including items such as...
Libc locale - Local Privilege Escalation (2)
/ source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...
coldfusion.fixes.txt
Date: Mon, 24 May 1999 15:00:52 -0700 From: [email protected] To: [email protected] Subject: New Allaire Security Zone Bulletins and KB Articles Dear ColdFusion Customer- Several new security issues that may affect ColdFusion customers have come to our attention recently. Please visit the...
Security update 1970-01-01
...