7008 matches found
CVE-2002-1462
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields...
ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal
source: https://www.securityfocus.com/bid/7828/info ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability. By supplying directory traversal sequences, as a URI parameter, to the 'admin.cgi' script an attacker may break out of the web root directory. Successful...
Man 1.5.1 - Catalog File Format String
Man 1.5.1 - Catalog File Format String // source: https://www.securityfocus.com/bid/7812/info A vulnerability has been reported in the man utility. The problem is said to occur due to a format string bug when handling a catalog file. As a result, an attacker may be capable of writing arbitrary...
WebChat 2.0 - users.php Cross-Site Scripting
WebChat 2.0 - users.php Cross-Site Scripting source: https://www.securityfocus.com/bid/7779/info WebChat has been reported prone to a cross-site scripting vulnerability. WebChat does not adequately filter script code from URI parameters, making it prone to cross-site scripting attacks...
CGI bugs
No description provided...
M-TECH P-Synch 6.2.5 - nph-psf.exe?css Cross-Site Scripting
M-TECH P-Synch 6.2.5 - nph-psf.exe?css Cross-Site Scripting source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running...
PHP-Nuke Denial of Service attack and more SQL Injections
------- Product: PHP-Nuke Vendor: Francisco Burzi Versions Vulnerable: Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6....
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
The remote Bugzilla bug tracking system, according to its version number, contains various flaws that may let an attacker perform cross- site scripting attacks or even delete local files provided he has an account on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date:...
HP Instant TopTools hpnst.exe CGI DoS
The remote host has the CGI 'hpnst.exe' installed. Older versions of this CGI pre 5.55 are vulnerable to a denial of service attack where the user can make the CGI request itself. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
CVE-2002-0805
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, 1 creates new directories with world-writable permissions, and 2 creates the params file with world-writable permissions, which allows local users to modify the files and execute code...
PostgreSQL < 7.2.3 Multiple Vulnerabilities
The remote PostgreSQL server, according to its version number, is vulnerable to various flaws which may allow an attacker who has the rights to query the remote database to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...
DotBr (PHP)
Informations : °°°°°°°°°°°°°° Website : http://dotbr.org Version : 0.1 Problems : - phpinfo - Informations disclosure - System commands execution PHP Code/Location : °°°°°°°°°°°°°°°°°°° foo.php3 : --------------------- ? phpinfo; ? --------------------- config.inc : - SQL password - SQL host - SQ...
Cedric Email Reader (PHP)
Version : 0.2;0.3;0.4 Website : http://www.isoca.com/ Problems :Include file local, remote Version: 0.2;0.3 File: --------------------------------- email.php3 version 0.2 ; email.php version 0.3 --------------------------------- PHP Code: ---------------------------------...
MS02-061: Microsoft SQL Server Multiple Vulnerabilities (uncredentialed check)
The remote MS SQL server is affected by several overflows that could be exploited by an attacker to gain SYSTEM access on that host. Note that a worm sapphire is exploiting these vulnerabilities in the wild. C Tenable Network Security, Inc. ping code taken from mssqlping by H D Moore MS02-061...
CUPS < 1.1.18 Multiple Vulnerabilities
The remote CUPS server seems vulnerable to various flaws buffer overflow, denial of service, privilege escalation that could allow a remote attacker to shut down this service or remotely gain the privileges of the 'lp' user. C Tenable Network Security, Inc. This script checks for CVE-2002-1368, b...
Local/remote mpg123 exploit
-----BEGIN PGP SIGNED MESSAGE----- / |/ | | | / | / | / | | | | | / / | | | || | | | || | /| | | | V / |/|//||/ |/|/||| || || "Putting the honey in honeynet since '98." Introduction: Several months ago, GOBBLES Security was recruited by the RIAA riaa.org to invent, create, and finally deploy the...
[SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit
-------------------------------------------------------------------------- Debian Security Advisory DSA 227-1 [email protected] http://www.debian.org/security/ Martin Schulze January, 13th, 2003 http://www.debian.org/security/faq -...
CGI bugs
No description provided...
N/X (PHP)
Informations : °°°°°°°°°°°°°° Website : http://nxwcms.sourceforge.net/ Version : 2002 PreRelease 1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° nx/common/cds/menu.inc.php : ----------------------------------------------------------- ... requireonce...