1853 matches found
vixie security update
CentOS Errata and Security Advisory CESA-2007:0345 Updated vixie-cron packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron...
Moderate: Red Hat Security Advisory: vixie-cron security update
Updated vixie-cron packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified...
CVE-2007-2370
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings...
CVE-2007-2370
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings...
CVE-2007-2370
CVE-2007-2370 : Concrete details across connected documents show a SQL injection in the XOOPS Jobs module (John Mordo Jobs) for XOOPS, affecting version 2.4 and earlier. The vulnerability resides in index.php (modules/jobs/index.php) where user input in the cid parameter of a jobsview action is n...
Gentoo Linux Vixie cron denial of service
Weak file permissions allows to prevent cron jobs from running via hard links...
Moderate: cups security update
1.1.22-0.rc1.9.18 - REVERTED these changes: - Applied patch from STR 1301 bug 195354. - Patch pdftops to understand 'includeifexists', and use that in the pdftops.conf file bug 188583. - Clear the printer's statemessage and statereasons after successful job completion bug 187457. - Include...
XOOPS Jobs Module index.php cid Parameter SQL Injection
The remote host is running the Jobs module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the 'cid' parameter of the 'modules/jobs/index.php' script before using it to build a database query. Regardless of...
XOOPS Module Jobs <= 2.4 (cid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: XOOPS Module Jobs = 2.4 cid Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : "inurl:/modules/jobs/" S.Page : http://www.jlmzone.com/ $$ : Free .. : ajann,Turkey use IO::Socket; if@ARGV 1 print "...
XOOPS Module Jobs 2.4 - cid SQL Injection
XOOPS Module Jobs 2.4 - cid SQL Injection !/usr/bin/perl Script Name: XOOPS Module Jobs : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id; $target =...
Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation
Xcode OpenBase 10.0.0 OSX - Symlink Privilege Escalation !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a\n"; print "\n"; exit 1; $ret = pack"l", $retval; $a,$...
Ubuntu 5.04 / 5.10 : gdm vulnerabilitiy (USN-278-1)
Marcus Meissner discovered a race condition in gdm's handling of the /.ICEauthority file permissions. A local attacker could exploit this to become the owner of an arbitrary file in the system. When getting control over automatically executed scripts like cron jobs, the attacker could eventually...
RHEL 3 : vixie-cron (RHSA-2006:0117)
An updated vixie-cron package that fixes a bug and security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified program...
DRZES Hms 3.2 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/15644/info DRZES HMS is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. Successful exploitation could result in a compromise of the application...
CVE-2002-1834
CVE-2002-1834 concerns the default configuration of Xerox DocuTech 6110 and 6115, where the web server allows remote attackers to (1) submit print jobs directly into the “print now” queue or (2) read the scanner job history. The connected sources repeat this description but do not provide additio...
GLSA-200501-30 : CUPS: Stack overflow in included Xpdf code
The remote host is affected by the vulnerability described in GLSA-200501-30 CUPS: Stack overflow in included Xpdf code The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28. Impact : This issue...
CUPS: Stack overflow in included Xpdf code
Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...
DEBIAN-CVE-2004-2687
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks...
Important: Red Hat Security Advisory: ghostscript security update
A ghostscript package fixing a command execution vulnerability is now available. GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw has been discovered in the way Ghostscript...
CVE-2002-0542
mail in OpenBSD 2.9 and 3.0 processes a tilde escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron...