729 matches found
[RIPS] A static source code analyser for vulnerabilities in PHP scripts
RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks potentially vulnerable functions that can be tainted b...
Fedora 18 : bugzilla-4.2.3-1.fc18 (2012-13162)
This release fixes an LDAP injection problem the username entered by a user was not escaped before being used. This is CVE number CVE-2012-3981. See the security advisory for more details. http://www.bugzilla.org/security/3.6.10/ Note that Tenable Network Security has extracted the preceding...
Bugzilla < 3.6.11 / 4.0.8 / 4.2.3 / 4.3.3 Multiple Vulnerabilities
According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities : - When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to...
Fedora 16 : bugzilla-4.0.8-1.fc16 (2012-13171)
This release fixes an LDAP injection problem the username entered by a user was not escaped before being used. This is CVE number CVE-2012-3981. See the security advisory for more details. http://www.bugzilla.org/security/3.6.10/ Note that Tenable Network Security has extracted the preceding...
Fedora 17 : bugzilla-4.0.8-1.fc17 (2012-13163)
This release fixes an LDAP injection problem the username entered by a user was not escaped before being used. This is CVE number CVE-2012-3981. See the security advisory for more details. http://www.bugzilla.org/security/3.6.10/ Note that Tenable Network Security has extracted the preceding...
FreeBSD : bugzilla -- multiple vulnerabilities (6ad18fe5-f469-11e1-920d-20cf30e32f6d)
A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDA...
Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...
ldap injection in the custom atlassian authentication code
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47275. panel The custom atlassian ldap authentication code is vulnerable to ldap injection. The method which is vulnerable to...
Dolibarr ERP & CRM OS Command Injection
Exploit for php platform in category web applications Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...
Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection
Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...
SmarterTools default basic web server vulnerabilities
Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...
SmarterMail 7.3 and 7.4 Multiple Vulnerabilities
Exploit for php platform in category web applications Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS Patch: The Vendor has released SmarterMail Version 8 at URI...
SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal
To: Vuln.Lists Re: Coordinated Disclosure, SmarterMail 7.x Versions Private Note - Rewrite as you wish, vendor has acknowledged these bugs and more and issued a fix. ------------------------------ Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor:...
SmarterMail 7.37.4 - Multiple Vulnerabilities
SmarterMail 7.37.4 - Multiple Vulnerabilities Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection,...
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS Patch: The Vendor has...
Oracle Virtual Server Agent - Command Injection
Oracle Virtual Server Agent - Command Injection Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability...
SmarterMail 7.x LDAP Injection
Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...
SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability
Exploit for php platform in category web applications ======================================================= SmarterMail 7.x 7.2.3925 LDAP Injection Vulnerability ======================================================= Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author :...
SmarterMail 7.2.3925 - LDAP Injection
SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...