CVE-2006-3601

UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke .net nuke allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product...

CVE-2006-3601

UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke .net nuke allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product...

CVE-2006-3601

The CVE-2006-3601 entry concerns DotNetNuke (.net nuke) via a DotNetNuke add-on (BDPDT) used by DotNetNuke modules. The connected Nessus document describes a specific vulnerability in BDPDT used by multiple DotNetNuke add-ons where an ASP.NET script UploadFilePopUp.aspx allows uploading arbitrary...

DEBIAN-CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

CentOS 4 : pam (CESA-2005:805)

An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. PAM Pluggable Authentication Modules is a system security tool that allows system administrators t...

WinRAR 3.60 Beta 6 - SFX Path Stack Overflow

""" WinRAR - Stack Overflows in SelF - eXtracting Archives ====================================================== Tested Versions..: WinRAR 3.60 beta 4 Author.............: posidron An SFX SelF-eXtracting archive is an archive, merged with an executable module, which is used to extract files from...

CentOS 4 : kernel (CESA-2006:0132)

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the third regular update. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Linux kernel handles the basic...

Invision Power Board v1.3 Final SQL Injection

By:- Breeeeh [email protected] --------------------- example:- /index.php?act=Stats&CODE=SQL Injection /index.php?act=Mail&CODE=SQL Injection /index.php?act=Reg&CODE=SQL Injection...

security flaw

Heap-based buffer overflow in OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by 1 Calc, 2 Draw, 3 Impress, 4 Math, or 5 Writer, aka "File Format /...

CentOS 3 : kernel (CESA-2005:663)

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...

CVE-2006-3172

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...

CVE-2006-3173

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...

USN-302-1: Linux kernel vulnerabilities

An integer overflow was discovered in the doreplace function. A local user process with the CAPNETADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu's supported packages use this capability with any non-root user, so this only...

Content-Builder (CMS) <= 0.7.2 Multiple Include Vulnerabilities

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder = 0.7.2 Remote File Include Vulnerability $$ script site: http://www.content-builder.net/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacpe...

Content-Builder (CMS) <= 0.7.2 Multiple Include Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== Content-Builder CMS / Expl: http://www.site.com/cbpath/libraries/comment/postComment.php?pathcb=evilscripts...

Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder / Expl: http://www.site.com/cbpath/libraries/comment/postComment.php?pathcb=evilscripts http://www.site.com/cbpath/modules/archive/overview.inc.php?rel=evilscripts...

Minerva 2.0.8a Build 237 - &#039;phpbb_root_path&#039; File Inclusion

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ Minerva phpbbrootpath = 2.0.8a Build 237 Remote File Include Vulnerability $$ script site: http://sourceforge.net/projects/minerva/ $$ dork: Powered by Minerva 237 $$...

Remote file inclusion

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...

security flaw

The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service panic via certain socket calls that produce inconsistent reference counts for loadable protocol modules...