CVE-2008-6673

CVE-2008-6673 affects QuickerSite 1.8.5. The issue is an improper access restriction on admin functionality, allowing remote attackers to perform admin actions via unauthenticated requests: (1) change the admin password through cSaveAdminPW, (2) modify site information such as the contact address...

Flash drive/CD autoplay command execution

Added: 04/07/2009 Background This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it...

New vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Information Leakage, Insufficient Anti-automation и Insufficient Authentication уязвимостях в Power Phlogger. Information Leakage: В скрипте счётчика pphlogger.js, или в коде вызова скрипта с сервера системы в параметре id, на сайте...

CVE-2009-0787

The ecryptfswritemetadatatocontents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory...

Vulnerabilities in Invision Power Board

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality та Insufficient Anti-automation уязвимостях в форумном движке Invision Power Board. Abuse of Functionality: Мне уже давно была известна возможность определения логинов на форуме - имя пользователя на форуме есть одновременно...

Should Microsoft be in the security business?

Gartner security analyst Neil MacDonald thinks there are five levels to the discussion gartner.com about whether Microsoft should be in the security business. They include secure coding obviously, secure functionality in the platform at no cost of course, add-on security products at a fee maybe a...

Microsoft spars with researcher over security patch

One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security. According to Tyler Reguly, a senior security engineer at...

New vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Abuse of Functionality та Denial of Service уязвимостях в Power Phlogger. Abuse of Functionality: Уязвимость в системе восстановления создания нового пароля http://site/dspNewPw.php. Зная "Имя пользователя" или "e-mail" id, который есть...

A common situation is back to execute the xp_cmdshell-vulnerability warning-the black bar safety net

Common case resume execution of xpcmdshell. 1 could not find stored procedure'master..xpcmdshell'. Recovery method: query separator connected, The first step to perform:EXEC spaddextendedproc xpcmdshell,@dllname ='xplog70.dll'declare @o int The second step execution:spaddextendedproc 'xpcmdshell'...

Fedora Update for xfce4-places-plugin FEDORA-2007-4368

Check for the Version of xfce4-places-plugin OpenVAS Vulnerability Test Fedora Update for xfce4-places-plugin FEDORA-2007-4368 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

cryptsetup functionality problem

It's impossible to delete keyslot while using key from same keyslot...

Unfixed XSS vulnerability at www.rtsbanana.com

Security researcher Skyr3x, has submitted on 02/07/2009 a cross-site-scripting XSS vulnerability affecting www.rtsbanana.com, which at the time of submission ranked 6923737 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/12/2011. It is...

CVE-2008-6015

Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 keywords and 2 cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

SuSE Security Advisory SUSE-SA:2009:004 (kernel)

The remote host is missing updates announced in advisory SUSE-SA:2009:004. OpenVAS Vulnerability Test $Id: susesa2009004.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:004 kernel Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

New vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Insufficient Anti-automation, Abuse of Functionality и Information Leakage уязвимостях в Power Phlogger. Insufficient Anti-automation: На странице регистрации http://site/dspSignup.php нет защиты от автоматизированных запросов капчи. Abuse o...

New vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting и Abuse of Functionality уязвимостях в Power Phlogger. XSS: Это reflected и persistent XSS. http://site/edCss.php?action=create+new&fields5Bcss5D=3Cscript3Ealertdocument.cookie3C/script3E Код в дальнейшем исполняется при...

[SECURITY] Fedora 10 Update: drupal-views-6.x.2.2-1.fc10

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

CVE-2008-5686

IBM Tivoli Provisioning Manager TPM before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as...

CVE-2008-5676

Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...

[SECURITY] Fedora 9 Update: syslog-ng-2.0.10-1.fc9

syslog-ng, as the name shows, is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new...