CVE-2006-6302

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containi...

WikyBlog Local File Inclusion Exploit

No description provided by source. r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com WikyBlog Local File Inclusion Exploit Software: WikyBlog 1.3 Vendor: http://www.wikyblog.com/ Released: 2006/12/01 Discovered & Exploit By:...

CVE-2006-6229

Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file...

CVE-2006-6229

The CVE-2006-6229 entry affects Codewalkers ltwCalendar (aka PHP Event Calendar) prior to 4.2.1. The underlying issue is that failed login attempts are logged, which could allow an attacker to infer correct passwords from the log file. The available records specify the affected software and the v...

CVE-2006-6229

Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file...

CVE-2006-6182

The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file...

CVE-2006-6182

The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file...

CVE-2006-4396

The Apple Type Services ATS server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack...

CVE-2006-6047

Etomite 0.6.1.2 is affected by a directory traversal vulnerability in manager/index.php. Remote authenticated administrators can include and execute arbitrary local files by supplying a .. in the f parameter, demonstrated by injecting PHP sequences into an Apache log file that index.php then incl...

Etomite CMS 0.6.1.2 - managerindex.php Local File Inclusion

Etomite CMS 0.6.1.2 - managerindex.php Local File Inclusion !/usr/bin/perl -w Etomite CMS Remote Command Execution Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: Input passed to the 'f' parameter in "/manager/index.php" isn't properly verified before...

Xcode OpenBase <= 10.0.0 (symlink) Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom = ftp://www.openbase.com/pub/OpenBase10.0 vulnerable ? Create a new file anywhere on the filesystem with rw-rw-rw privs. Sorry you can NOT overwrite existing files. Writin...

CVE-2006-5733

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...

CVE-2006-5263

The CVE-2006-5263 issue affects phpMyAgenda 3.1 and earlier, where a directory traversal vulnerability in templates/header.php3 allows remote attackers to include and execute arbitrary local files by passing a .. in the language parameter (example using an Apache log file that contains PHP code)....

CVE-2006-4991

RSA Keon Certificate Authority KeonCA Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority CA activities by modifying CA auditor logs without detection by 1 modifying or deleting a and its signature from the XML log in a way that is not detected by the...

GLSA-200609-12 : Mailman: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200609-12 Mailman: Multiple vulnerabilities Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact : An...

Alstrasoft e-Friends 4.85 - Remote Command Execution

Alstrasoft e-Friends 4.85 - Remote Command Execution !/usr/bin/perl AlstraSoft Efriends 4.85 Remote Command Execution Exploit Site : http://www.alstrasoft.com/efriends.htm Coded by Kw3RLn from Romanian Security Team a.K.A http://RST-CREW.NET Contact: [email protected] or [email protected] P...

Mailman 2.1.x - Multiple Input Validation Vulnerabilities

Mailman 2.1.x - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/20021/info Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and...

Mailman 2.1.x - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/20021/info Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability. A successful exploit of...

CVE-2006-4676

The CVE-2006-4676 entry concerns TIBCO Rendezvous (RendezVous) 7.4.11 and earlier, where log files rvrd.db store usernames and passwords base64-encoded. Local users could decode these logs to obtain sensitive credentials. The available sources confirm the vulnerable component and the basic flaw (...

CVE-2006-4676

TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file...