618 matches found
CVE-2004-0983
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...
SugarSales Multiple Module Traversal Arbitrary File Access
The remote version of this software has a vulnerability that may allow an attacker to read arbitrary files on the remote host with the privileges of the httpd user. The 'Users' module, 'Calls' module and index.php script are reported to be affected. %NASLMINLEVEL 70300 C Tenable Network Security,...
[Full-Disclosure] [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]
================================================================================ waraxe-2004-SA032 ================================================================================ Multiple security flaws in PhpNuke 6.x - 7.3...
PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting
PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information...
CVE-2004-0016
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files...
Apache 2.0.4x mod_php - File Descriptor Leakage (2)
// source: https://www.securityfocus.com/bid/9302/info Reportedly, the Apache modphp module may be prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. As a result, the attacker may pose as a legitimate server and possibly steal or manipulate...
ICQ 2003 - Webfront Guestbook Cross-Site Scripting
ICQ 2003 - Webfront Guestbook Cross-Site Scripting source: https://www.securityfocus.com/bid/8563/info It has been reported that ICQ Webfront is prone to a cross-site scripting vulnerability in the message field of the guestbook module. This issue is caused by improper sanitization of user-suppli...
pMachine 1.02.x - Search Module Cross-Site Scripting
pMachine 1.02.x - Search Module Cross-Site Scripting source: https://www.securityfocus.com/bid/7981/info Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization...
PHP-Nuke code injection in Yearly Stats at Statistics module
------- Product: PHP-Nuke Vendor: Francisco Burci Versions Vulnerable: 6.0 without patches , 6.0 with index.php and mainfile.php patches. 5.5 with patches all resting script tags No vulnerable: 6.0 with mainfile.php patch for block url tags inclusions not all . 5.5 with script tags but with the...
Apache Mod_Access_Referer 1.0.2 - Null Pointer Dereference Denial of Service
Apache ModAccessReferer 1.0.2 - Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/7375/info A vulnerability has been reported for the modaccessreferer Apache module. The problem occurs when parsing invalid HTTP referer header fields. If this vulnerability were t...
PHP-Nuke 5.5/6.0 News Module - Full Path Disclosure
source: https://www.securityfocus.com/bid/7079/info The News module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this manner to mount further attacks...
PHP-Nuke 5.5/6.0 AvantGo Module - Full Path Disclosure
source: https://www.securityfocus.com/bid/7078/info The AvantGo module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this manner to mount further attacks...
Sun Solaris priocntl(2) does not adequately validate path to kernel modules that implement lightweight process (LWP) scheduling policy
Overview The Sun Solaris priocntl2 function does not adequately validate a memory structure that specifies the name of a kernel module. As a result, a local attacker could execute arbitrary code with superuser privileges on a vulnerable system. Description The Sun Solaris priocntl2 function...
Michael Schatz Books 0.540.6 PostNuke Module - Cross-Site Scripting
Michael Schatz Books 0.540.6 PostNuke Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follo...
Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The...
Webmin 0.x - 'RPC' Privilege Escalation
source: https://www.securityfocus.com/bid/5591/info In cases where users of Webmin do not have root access on the underlying host, it may be possible to mount privilege escalation attacks on the underlying host. This normally occurs in configurations where multiple Webmin client systems have acce...
Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS
On Friday 14 December 2001 12:08, Przemyslaw Frasunek wrote: The workaround is to switch off routing and put device in bridging mode. Zyxel support has been notified, I won't release details of attack, until ZyNOS will be patched. I haven't received any response from Zyxel helpdesk so time to...
PHP < 4.0.4 IMAP Module Overflow
Binary data 1479.prm...