PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =========================================================== PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit =========================================================== !/usr/bin/php ?php / Found this after getting my inet back...

For the Oracle TNS listener attack methods of finishing-vulnerability warning-the black bar safety net

First, depending on the version, the TNS listener may be more susceptible to a variety of types of buffer overflow attacks, these attacks can be in does not provide a user ID and password to be used. For example: in oracle 9i, when a client requests a long servicename,are vulnerable to overflow...

Information disclosure

The Installation Factory installation process for IBM WebSphere Application Server WAS 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file...

IBM AIX rmsock及rmsock64工具日志文件本地权限提升漏洞

IBM AIX是一款商业性质的UNIX操作系统。 IBM AIX系统中的rmsock及rmsock64工具实现上存在漏洞，可能允许本地攻击者利用此漏洞提升自己的权限。 rmsock及rmsock64工具没有以安全的方式创建日志文件，本地攻击者可能利用此漏洞向任意系统文件添加数据，导致权限提升。 IBM AIX 6.x IBM AIX 5.x 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://aix.software.ibm.com/aix/efixes/security/rmsockfix.tar...

[SECURITY] [DSA 1679-1] New awstats packages fix cross-site scripting

------------------------------------------------------------------------ Debian Security Advisory DSA-1679-1 [email protected] http://www.debian.org/security/ Florian Weimer December 03, 2008 http://www.debian.org/security/faq -...

DSA-1679-1 awstats - cross-site scripting

Bulletin has no description...

UBUNTU-CVE-2008-5150

sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-..log temporary file...

DEBIAN-CVE-2008-4952

emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.log temporary file...

DEBIAN-CVE-2008-4947

dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file...

Protection bypass and crossite scripting in Sonicwall SOHO

It's possible to access banned site and to insert javascript into log file by using URL javascript injection...

PHP168 whole Station system of 0DAY-vulnerability warning-the black bar safety net

The first description under this hole is in the other places to see, just he did not say very clearly, a lot of the vegetable dishes are Do not understand, I take it I first posted it in! This hole is actually the use of the program coding vulnerabilities, download the configuration and the login...

Gentoo Security Advisory GLSA 200609-12 (mailman)

The remote host is missing updates announced in advisory GLSA 200609-12. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200609-12 (mailman)

The remote host is missing updates announced in advisory GLSA 200609-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Invision Power Board <= 2.3.5 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== Invision Power Board = 2.3.5 Remote SQL Injection Exploit ========================================================== ?php errorreportingEALL;...

FreeBSD Ports: nwclient

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cross site scripting

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

CVE-2007-5496

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

CVE-2007-5496

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

CVE-2007-5496

CVE-2007-5496 is a cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5. An unescaped HTML/JS path could be triggered by crafted (1) file or (2) process name, causing an AVC log entry to be inserted into the HTML document composition for sealert. Public disclosures reference the issue...

setroubleshoot insecure logging

sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file...