252 matches found
Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied inp...
vBulletin 2.x - 'private.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9940/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'ptivate.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may...
Web Blog 1.1 Remote Execute Commands Bug
Product: Web Blog 1.1 Remote Execute Commands Bug Affected Versions: 1.1.5 Bug: Command Remote Execution Credits: n3rd - Lit Security Solutions LiSS Affix in irc.brasnet.org Vendor: http://leifwright.com Exploiting:...
PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/9531/info It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because...
Cherokee 0.1.x/0.2.x/0.4.x - Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/9496/info Cherokee has been reported to contain a cross-site scripting vulnerability via error pages. An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or script code, and enticing a user to follow it. The...
ZYXEL ZyWALL 10 Management Interface - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9373/info ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that...
PostNuke 0.60.7 Downloads Module - TTitle Cross-Site Scripting
PostNuke 0.60.7 Downloads Module - TTitle Cross-Site Scripting source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containi...
hwdeGUEST
Product : hwdeGUEST Version : 2.0 WebSite : http://hwde.de Problem : Admin access rus Description: ------------ var.dat: ======== ... //Your username $benutzername="hwde"; //Your password $benutzerpasswort="SOFT"; ... ========= Exploit: -------- http://somehost/guestbook/var.dat Contacts: -------...
Guestbook tr3.a
Product : Guestbook tr3.a Version : First WebSite : http://www.planetmoon.net Problem : Viewing passwords file Description: ------------ In this script passwords are in passwd.txt file In Shrot, all who want see the passwords can make it. Exploit: -------- http://somehost/gbdir/files/passwd.txt...
MyHelpDesk 20020509 - Cross-Site Scripting
MyHelpDesk 20020509 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a...
Vulnerability Details for MS02-012
On February 27 2002, Microsoft released a patch for a denial of service vulnerability in the Windows 2000 SMTP component. This vulnerability was reported to them in November 2001 though Security Focus's vuln-help list. This bug affects all Windows 2000 systems running the SMTP service that have n...
serv-u.25b.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability USSR Advisory Code: USSR-2000032 Release Date: February 04, 2000 Systems Affected: Serv-U FTP-Server v2.5b and maybe other versions. Windows 95 Windows 98 Windows Nt...