6325 matches found
Sql injection
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
eLinks SQL Injection / XSS / LFI
===================================================================== eLinks Vulnerabilities blind sql inj / xss / LFI by Inj3ct0r.com ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...
[SECURITY] Fedora 11 Update: farsight2-0.0.14-1.fc11
farsight2 is a collection of GStreamer modules and libraries for videoconferencing...
Code injection
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
CVE-2008-6954
CVE-2008-6954 affects CobblerWeb in Cobbler before 1.2.9, where the Cheetah template engine can execute Python statements embedded in kickstart templates. This enables remote authenticated users to run arbitrary Python code in cobblerd, effectively compromising the server. The vulnerability stems...
Rootkit techniques the main principle of explanation-vulnerability warning-the black bar safety net
Article author: hackisle rootkit main categories: Application-level-kernel-the hardware level Early rootkits mainly for application-level rootkits application-level rootkits mainly by replacing the login, ps, ls, netstat and other system tools, or modify. rhosts etc system configuration files, et...
OpenSC: Multiple vulnerabilities
Background OpenSC provides a set of libraries and utilities to access smart cards. Description Multiple vulnerabilities were found in OpenSC: b.badrignans discovered that OpenSC incorrectly initialises private data objects CVE-2009-0368. Miquel Comas Marti discovered that src/tools/pkcs11-tool.c ...
python, tkinter security update
CentOS Errata and Security Advisory CESA-2009:1176 Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive...
[SECURITY] [DSA 1846-1] New kvm packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1846-1 [email protected] http://www.debian.org/security/ Dann Frazier July 28, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
Gentoo Security Advisory GLSA 200907-08 (rt2400 rt2500 rt2570 rt61 ralink-rt61)
The remote host is missing updates announced in advisory GLSA 200907-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200907-08 (rt2400 rt2500 rt2570 rt61 ralink-rt61)
The remote host is missing updates announced in advisory GLSA 200907-08. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
DSA-1846-1 kvm - denial of service
Bulletin has no description...
python: Multiple integer overflows in python core
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the 1 stringobject, 2 unicodeobject, 3 bufferobject, 4 longobject, 5 tupleobject, 6 stropmodule, 7 gcmodule, and 8 mmapmodule modules. NOTE: The expandtabs...
python: Multiple integer overflows discovered by Google
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...
python: Multiple integer overflows discovered by Google
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...
python: Multiple integer overflows in python core
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the 1 stringobject, 2 unicodeobject, 3 bufferobject, 4 longobject, 5 tupleobject, 6 stropmodule, 7 gcmodule, and 8 mmapmodule modules. NOTE: The expandtabs...
openSUSE Security Update : gtk2 (gtk2-583)
A SUSE specific patch to GTK2 accidentally added a relative search path for gtk modules therefore allowed local attackers have gtk programs load modules from untrusted places CVE-2009-0848. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
GLSA-200907-08 : Multiple Ralink wireless drivers: Execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200907-08 Multiple Ralink wireless drivers: Execution of arbitrary code Aviv reported an integer overflow in multiple Ralink wireless card drivers when processing a probe request packet with a long SSID, possibly related to an...
CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009,...
Directory traversal
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009,...