1299 matches found
PHP-Nuke 5.6/6.x - 'banners.php' Banner Manager Password Disclosure
source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and...
WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution
Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...
WebCalendar does not adequately validate user input
Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...
AdCycle does not adequately validate user input thereby allowing for SQL injection
Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...
MakeBook 2.2 - Form Field Input Validation
source: https://www.securityfocus.com/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it...
Problems with the scripts by Solution Scripts
!/possible/exploits/by/b0iler scripts from: http://solutionscripts.com don't take anything I say too seriously in this, as it is mostly guess work. Problems with the scripts by Solution Scripts solution script's powerlist script: It seems the author doesn't check for anything when removing user's...
Entrust - getAccess
hola friends, getAccesstm is used as a single-sign-on system often used for large internet-portals. --- snip http://www.entrust.com --- Entrust GetAccesstm offers the most comprehensive solution for consistently deploying and enforcing basic and enhanced security across online applications, from...
Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure
Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2793/info Webdirectory Pro is a web application used to create a searchable directory of links developed by Cosmicperl. Webdirectory Pro contains an input validation vulnerability which may lead to...
Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read
Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...
NCM Content Management System - content.pl Input Validation
source: https://www.securityfocus.com/bid/2584/info The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources. A problem with the Content Manageme...
Caucho Technology Resin 1.21.3 - JavaBean Disclosure
Caucho Technology Resin 1.21.3 - JavaBean Disclosure source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside ...
Brian Stanback bslist.cgi 1.0 - Remote Command Execution
Brian Stanback bslist.cgi 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the...
rpc.statd vulnerable to remote root compromise via format string stack overwrite
Overview The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific informatio...
3R Soft MailStudio 2000 2.0 - Arbitrary File Access
source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI, thereby compromising the confidentiality of other users...
SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation
SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/909/info SGI's Irix operating system ships with an X11 application called 'soundplayer' which is used to play .WAV files. It is not setuid root by itself, but can inherit root privileg...
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable
source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges ...
Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal
Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal source: https://www.securityfocus.com/bid/1884/info Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in...
HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution (2)
HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution 2 HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution 2 source: https://www.securityfocus.com/bid/1749/info The 'rpc.ypupdated'...
ROS-2-1602
2.1602 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...