8655 matches found
CVE-2008-0724
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts...
CVE-2008-0675
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the nodeid parameter...
CVE-2008-0724
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts...
Sql injection
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the nodeid parameter...
CVE-2008-0724
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which enables context-dependent attackers to obtain access to user accounts. Affected component: password storage in the engine; root cause: cleartext password s...
CVE-2008-0675
The CVE-2008-0675 entry describes an SQL injection in cms/index.pl of The Everything Development Engine within The Everything Development System (Pre-1.0 and earlier). The vulnerability allows remote attackers to manipulate the database via the node_id parameter. Impact details in the provided so...
CVE-2008-0675
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the nodeid parameter...
ikiwiki -- javascript insertion via uris
The ikiwiki development team reports: The htmlscrubber did not block javascript in uris. This was fixed by adding a whitelist of valid uri types, which does not include javascript. Some urls specifyable by the meta plugin could also theoretically have been used to inject javascript; this was also...
The Everything Development System - SQL Injection
Application: The Everything Development System Versions: = Pre-1.0 current version at time of release Author: sub [email protected] Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to...
The Everything Development System <= Pre-1.0 SQL Injection Vuln
Exploit for unknown platform in category web applications =============================================================== The Everything Development System = Pre-1.0 SQL Injection Vuln =============================================================== Application: The Everything Development System...
The Everything Development System Pre-1.0 - SQL Injection
Application: The Everything Development System Versions: Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information disclosure, XSS, or privilege escalation. What's more, password...
The Everything Development System Pre-1.0 - SQL Injection
The Everything Development System Pre-1.0 - SQL Injection Application: The Everything Development System Versions: Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information...
Total Video Player 1.03 - .m3u File Local Buffer Overflow
Total Video Player 1.03 - .m3u File Local Buffer Overflow /0day Total Video Player V1.03 .m3u file Local Buffer Overflow In this exploit you chose to bind a port or to spawn calc.exe. After I crafted a playlist I observed that the stack got corrupted. The corruption accured in some points,and...
Debian Security Advisory DSA 1459-1 (gforge)
The remote host is missing an update to gforge announced via advisory DSA 1459-1. OpenVAS Vulnerability Test $Id: deb14591.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1459-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
ASP database plug horse small conference-vulnerability warning-the black bar safety net
By lake2 ( http://lake2.0x54.org ) With the development of technology, ASP database plug horse also is not what fresh stuff, believe you played this. Oh, and that you have not met insert the asp code is spaces apart case? i.e. insertion of each of the characters between the There are spaces for?...
[SECURITY] Fedora 8 Update: icu-3.8-5.fc8
Tools and utilities for developing with icu...
Debian Security Advisory DSA 951-2 (trac)
The remote host is missing an update to trac announced via advisory DSA 951-2. This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. For completeness please find below the original...
Debian Security Advisory DSA 951-1 (trac)
The remote host is missing an update to trac announced via advisory DSA 951-1. Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:...
Debian Security Advisory DSA 951-1 (trac)
The remote host is missing an update to trac announced via advisory DSA 951-1. Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:...
Debian: Security Advisory (DSA-951-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...