2869 matches found
Apple MacOS X passwd privilege escalation
Few vulnerabilities symbolic links, race conditions allow any system files editing...
[SA19048] LanSuite LanParty Intranet System "fid" SQL Injection
TITLE: LanSuite LanParty Intranet System "fid" SQL Injection SECUNIA ADVISORY ID: SA19048 VERIFY ADVISORY: http://secunia.com/advisories/19048/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: LanSuite LanParty Intranet System 2.x...
[Full-disclosure] cPanel 10 File Editing Vulnerability
In cPanel 10, the script "erredit.html," which is supposed to edit a specific set of files, can edit any file acessible by the cPanel. Example: http://www.example.com:2082/frontend/x/err/erredit.html?dir=publichtml/&file=index.php...
[SA18325] OnePlug CMS SQL Injection Vulnerabilities
TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...
CVE-2005-3537
CVE-2005-3537 affects phpBB 2 before 2.0.18, with a missing input/request validation flaw that enables remote attackers to edit private messages of other users by tampering with parameters or inputs. Public records in multiple feeds (NVD, Debian DSA, Red Hat, OpenVAS listings) confirm the vulnera...
Ad Manager Pro SQL vuln.
Ad Manager Pro SQL vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ad-manager-pro-sql-vuln.html vendor:www.phpwebscripts.com/admanagerpro/ affected version:2.0 and prior Product Description: Quality ad management system. Graphical or text-bas...
Hot Links Pro 3.x XSS vuln.
Hot Links Pro 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hl3details.shtml affected version:3.x and prior Product Description: Directory style index allows for easy...
PBLangXSS.txt
Who's got the magic stick? It sure as hell ain't 50 Cent. Excuse me for posting again within minutes but I did not properly check the other forms. In UCP.php, when editing your profile, in several fields you can inject code into the page, just as in the SendPm.php. EX: Input table: "URL"...
Geeklog 1.4.x Full Path Disclosure vuln.
Geeklog 1.4.x Full Path Disclosure vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html Vendor:http://www.geeklog.net/ affected version:1.4.0 Beta 1 and prior Product Description: Geeklog is a Web Portal...
Fantastic News "category" SQL inj.
Fantastic News "category" SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/fantastic-news-category-sql-inj.html Vendor:www.fscripts.com Product link:http://fscripts.com/free.php?id=1 affected version: 2.1.1 and prior Product description:...
Softbiz Web Host Directory Script Multiple vuln.
Softbiz Web Host Directory Script Multiple vuln. Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/web-host-directory-script-multiple.html Vendor:www.softbizscripts.com Product link:http://www.softbizscripts.com/web-hosting-directory-script.php...
Vote Caster 3.x SQL Inj. Vuln.
Vote Caster 3.x SQL Inj. Vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html Vendor:http://www.comdevweb.com/ Product link:http://www.comdevweb.com/votecaster.php affected version: 3.1 and prior. Vuln. Description:...
almondClassifieds.txt
A vulnerability discovered in Almond Classifeds http://www.almondsoft.com/alcl.html vulnerability is due omit check of password in "editform" user can edit any add in the classifieds if we post new add we can edit our add in the "editform" section there are 2 hidden fields: by changing the number...
Баг в vBulletin 3.x
Здравствуйте. Проверялись версии 3.0.3 и 3.0.9 Поле профиля Статус воспринимает опасные html-тэги по умолчанию эта опция включена и может использоваться для выполнения атак типа XSS а также некоторых других корыстных целях теми, кто может менять свой статус по умолчанию администрация, начиная от...
Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution
Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution software: site: http://www.digital-scribe.org/ description: "Teachers have full control through a web-based interface. Designed for easy installation and even easier use, the Digital Scribe has been used in thousands of...
[SA16353] PHPLite Calendar Express Two Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SA15818] Dynamic Biz Website Builder Admin Login SQL Injection
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2005-1817
Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...
CVE-2005-1817
Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...