Lanius CMS 1.2.14 - Multiple SQL Injections

newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org Location : Indonesia bug terdapat pada la-n...

CVE-2007-4100

MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/webinfos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist...

CVE-2007-4100

Removed by vendor...

ASA-2007-016: Remote crash vulnerability in Skinny channel driver

Asterisk Project Security Advisory - ASA-2007-016 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote crash vulnerability in Skinny channel | | | driver |...

Sql injection

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...

osCommerce Online Merchant v2.2 RC1 local include bug

osCommerce Online Merchant v2.2 RC1 local include bug SEVERITY: ========= Normal SOFTWARE: ========= osCommerce Online Merchant v2.2 RC1 http://oscommerce.com/ INFO: ===== osCommerce is an Open Source based online shop e-commerce solution that is available for free under the GNU General Public...

squirrel-exec.txt

SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t cat /tmp/w00t cat: /tmp/w00t: No...

MKPortal 1.1.1 reviews Gallery modules - SQL Injection

MKPortal 1.1.1 reviews Gallery modules - SQL Injection ?php / i MkPortal "reviews" and "gallery" modules SQL Injection Exploit i Vulnerable versions: MkPortal = 1.1.1 i Bug discovered by: Coloss i Exploit by: Coloss i Date: 06.07.2007 i This is priv8 not for kids Notes At this time MkPortal 1.1.1...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Design/Logic Flaw

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Print - Access bypass

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...

[SECURITY] Fedora Core 6 Update: perl-Net-DNS-0.60-1.fc6

Net::DNS is a collection of Perl modules that act as a Domain Name System DNS resolver. It allows the programmer to perform DNS queries that are beyond the capabilities of gethostbyname and gethostbyaddr. The programmer should be somewhat familiar with the format of a DNS packet and its various...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 modulekey parameter to a kb/kb.php, b quiz/runquiz.php, c quiz/quiz.php, d forum/forum.php, e forum/byname.php, and f journal/journalview.php in modules...

ProFTPD authentication bypass

There is no check data used for authentication is retrieved by the same authentication module if multiple authentication modules are configured...

CentOS 3 : pam (CESA-2007:0465)

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...

[SECURITY] Fedora Core 6 Update: pam-0.99.6.2-3.22.fc6

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

Moderate: Red Hat Security Advisory: pam security and bug fix update

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...