WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure

| | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | WebBiscuits Modules Controller = 1.1 RFI/RFD Multiple Remote Vulnerabilities Script : http://webbiscuits.com/download/all11.zip I- Remote File Inclusion Vulnerability...

Null pointer dereference

The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service NULL pointer dereference and child process crash via crafted HTTP headers, related to the "error handling mechanism."...

Buffer overflow

Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors...

CVE-2008-4403

CVE-2008-4403 affects Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. The CGI server modules can be exploited remotely to trigger a denial of service via crafted HTTP headers, caused by a NULL pointer dereference in the error handling mechanism. The availab...

CentOS 3 / 4 / 5 : wireshark (CESA-2008:0890)

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was...

Moderate: Red Hat Security Advisory: wireshark security update

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was...

CVE-2008-4337

Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...

CVE-2008-4337

Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...

FreeBSD : lighttpd -- multiple vulnerabilities (fb911e31-8ceb-11dd-bb29-000c6e274733)

Lighttpd seurity announcement : lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are us...

Gentoo Security Advisory GLSA 200509-05 (net-snmp)

The remote host is missing updates announced in advisory GLSA 200509-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200509-05 (net-snmp)

The remote host is missing updates announced in advisory GLSA 200509-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200311-01 (kdebase)

The remote host is missing updates announced in advisory GLSA 200311-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4155

Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. dot dot in the 1 module or 2 action parameter in a www/index.php; the 3 module, 4 ssmodule, or 5 ssaction parameter in b modules/Module/index.php or c...

Kasseler CMS 1.1.0/1.2.0 Lite Remote SQL Injection Vulnerabilities

No description provided by source. Kasseler CMS 1.1.0, 1.2.0 Lite SQL Injection Author: !DoktOR! Date found: 13.09.08 Product: Kasseler CMS Version: 1.1.0, 1.2.4 URL: www.kasseler-cms.net Vulnerability Class: SQL Injection...

drupal-xss.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date: Sept 12, 2008 Security risk: medium Exploitable from: Remote Vulnerability: Cross site scripting Description Drupal is a robust content management system CMS that provides extensibility through hundreds of third party modules. While the security...

K-Rate (SQL/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ================================================ K-Rate SQL/XSS Multiple Remote Vulnerabilities ================================================ ================================================================================ || K-Rate...

Directory traversal

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 includes/eventsapplicationtop.php; 2 english/account.php, 3 french/account.php, a...

CVE-2008-3575

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgsLanguage parameter, a different vector than CVE-2006-4477 and CVE-2004-0132...

Design/Logic Flaw

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."...

/etc/pam.d/su is wrong in RHEL-4.6

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a 1 locked or 2 expired account by entering the account name on the command line, related to improper use of the pamsucceedif.so module...