security flaw

Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627...

MyBloggie: Multiple XSS Vulnerabilities

=========================================================== MyBloggie: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-002, March 9, 2006 ==========================================================...

DCP Portal: Multiple XSS Vulnerabilities

=========================================================== DCP Portal: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-001, March 9, 2006 =========================================================...

TotalECommerceSQL.txt

--Security Report-- Advisory: TotalECommerce index.asp id Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 04/03/06 04:36 AM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: TotalECommerce...

textfileBB <= 1.0 Multiple XSS

ORIGIONAL: http://notlegal.ws/textfilebbmessanger.txt software: textfileBB vendors website: http://tfbb.jcink.com/ versions: = 1.0 class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: medium exploits:...

Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit (meta)

No description provided by source. Title: Limbo CMS version 1.x suffers from a remote code execution vulnerability. Name: limbocms1x.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module for...

DCI-Designs Dawaween 1.03 - 'Poems.php' SQL Injection

source: https://www.securityfocus.com/bid/16909/info Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow a remote attacker to compromise the application, access or modify dat...

Mac OS X Multiple Vulnerabilities (Security Update 2006-001)

The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apachemodphp automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication C Tenable Network...

[KAPDA::#29]Noah's classifieds multiple vulnerabilities

KAPDA New advisory Vendor: http://classifieds.phpoutsourcing.com Vulnerable: Noahs classifieds 1.3 and below classifieds component for mambo also may be affected Bug: Path Disclosure,Sql Injection,XSS,Local file inclusion,Remote code execution Exploitation: Remote with browser Exploit:available...

MySQL 4.x5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2)

MySQL 4.x5.0 Linux - User-Defined Function UDF Dynamic Library 2 / $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with...

Sql injection

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection...

dotProject Multiple Scripts Remote File Inclusion

The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject fails to sanitize input to various parameters and scripts before using it to include PHP code. Provided PHP's 'registerglobals' setting is enabled, a...

Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4).

Hi everyone! the January 23 me was done work on revealing the criticality in forum vBulltin3.0.7 - 3.5.3 and IPB2.0.0 - 2.1.4. ------------------------------------------------------------------------- The Criticality were find nearly similar nature. Later I have tested them on rest version and th...

FarsiNews 2.1 PHP Remote File Inclusion

Remote File Inclusion in FarsiNews 2.1 and below Credit: The information has been provided by Hamid Ebadi Hamid Network Security Team :[email protected]. The original article can be found at : http://hamid.ir/security Vulnerable Systems: FarsiNews 2.1 Beta 2 and below Vulnerable Code: The following...

kapda-23.txt

KAPDA::23 - The WorldsEnd.NET - Free Ping Script, written in PHP 2 vulns KAPDA New advisory Vulnerable products : The WorldsEnd.NET - Free Ping Script Vendor: http://www.theworldsend.net/ Risk: Low Vulnerabilities: Restriction Bypass Date : -------------------- Found : Aug 2005 Vendor Contacted :...

Farmers WIFE FTP Server Multiple Command Traversal Arbitrary File Creation

The remote host appears to be running Farmers WIFE, a commercial facilities, scheduling, and asset management package targeted at the media industry. The version of Farmers WIFE installed on the remote host includes an FTP server that reportedly is vulnerable to directory traversal attacks. A use...

MDKSA-2005:127-1 : mozilla-thunderbird

A number of vulnerabilities were reported and fixed in Thunderbird 1.0.5 and Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update: The native implementations of InstallTrigger and other XPInstall- related javascript objects did not properly validate that...

Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP ext/session HTTP Response Splitting Vulnerability Release Date: 2006/01/12 Last Modified: 2006/01/12 Author: Stefan Esser [email protected] Application: PHP5 = 5.1.1...

aimXSS.txt

Title: AIM Multiple Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Discovered: 26 December 2005 Published: 7 January 2006 MorX Security Research Team http://www.morx.org Service: Web Vendor: AIM.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity:...

EV0014.txt

New eVuln Advisory: TinyPHPForum Multiple Vulnerabilities --------------------Summary---------------- Software: TinyPHPForum Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/ Versions: 3.6 and earlier Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched...