CVE-2006-4035

SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

DSA-1134-1 mozilla-thunderbird - several vulnerabilities

Bulletin has no description...

CVE-2006-3950

SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...

Invision Power Board 2.1 <= 2.1.6 sql injection

RST/GHC advisory41 Product: Invision Power Board Version: 2.1 = 2.1.6 Vendor: INVISION Power Service URL: http://www.invisionpower.com VULNERABILITY CLASS: SQL injection Product Description Invision Power Board, an award-winning scaleable bulletin board system, written in PHP, uses SQL database...

Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection

According to its banner, the installation of Invision Power Board on the remote host reportedly fails to sanitize input to the 'CLIENTIP' HTTP request header before using it in database queries. An unauthenticated attacker may be able to leverage this issue to disclose sensitive information, modi...

DSA-1120 mozilla-firefox - several vulnerabilities

Bulletin has no description...

[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1118-1 [email protected] http://www.debian.org/security/ Martin Schulze July 22nd, 2006 http://www.debian.org/security/faq -...

CVE-2006-3775

SQL injection vulnerability in the init function in classsession.php in MyBB aka MyBulletinBoard 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header $SERVER'HTTPCLIENTIP' variable, as utilized by index.php...

MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= MyBulletinBoard MyBB = 1.1.5 CLIENT-IP SQL Injection Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...

MyBulletinBoard (MyBB) 1.1.5 - CLIENT-IP SQL Injection

MyBulletinBoard MyBB 1.1.5 - CLIENT-IP SQL Injection !/usr/bin/php -q -d shortopentag=on ? echo "MyBulletinBoard MyBB = 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork, version specific:...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...

Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability

Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a...

Integer overflow

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

GLSA-200605-07 : Nagios: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200605-07 Nagios: Buffer overflow Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact : A buffer overflow in Nagios CGI scripts...

Cross site scripting

Cross-site scripting XSS vulnerability in PassMasterFlex and PassMasterFlexPlus PassMasterFlex+ 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 password, or 3 User-Agent HTTP header in the Hack Log...

CVE-2006-2340

Cross-site scripting XSS vulnerability in PassMasterFlex and PassMasterFlexPlus PassMasterFlex+ 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 password, or 3 User-Agent HTTP header in the Hack Log...

[Full-disclosure] [ GLSA 200605-07 ] Nagios: Buffer overflow

Gentoo Linux Security Advisory GLSA 200605-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...