CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

DEBIAN-CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules LKM, possibly involving the modload function...

DEBIAN-CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules LKM, possibly involving the modload function...

CVE-2004-2514

Cross-site scripting XSS vulnerability in modules/privatemessages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the 1 SUBJECT or 2 MESSAGE field...

USN-38-1: Linux kernel vulnerabilities

CAN-2004-0814: Vitaly V. Bursov discovered a Denial of Service vulnerability in the "serio" code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary...

CVE-2004-0320

Unknown vulnerability in nCipher Hardware Security Modules HSM 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands...

PhpWebSite contains multiple cross-site scripting vulnerabilities

Overview PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser. Description PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious...

Multiple Cyrus-SASL bugs

Buffer overflow in digestmda5.c and during environment parsing. User supplied modules are loaded into suid application...

Multiple Full Disclosure Path in postnuke 0.750 phoenix

CODEBUG Labs Advisory 6 Title: Multiple Full Disclosure Path in postnuke 0.750 phoenix Author: FAiN182 - [email protected] Product: Postnuke 0.750 Phoenix Type: Full disclosure path Web: http://www.mantralab.org Personal Site: http://fain182.altervista.org --- the product Postnuke is a CMS...

GLSA-200409-06 : eGroupWare: Multiple XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200409-06 eGroupWare: Multiple XSS vulnerabilities Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book, messenger and...

CVE-2004-0320

CVE-2004-0320 concerns nCipher Hardware Security Modules (HSM) versions 1.67.x–1.99.x. It describes a local-access flaw where an attacker can access secrets stored in the module’s run-time memory via certain sequences of commands. The publicly stated impact is partial confidentiality with local a...

eGroupWare 1.0 Calendar Module - 'date' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11013/info It is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. The cross-site scripting issues present themselves in the various parameters of the 'addressbook' and 'calendar' modules. It is...

CVE-2004-0663

Cross-site scripting XSS vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the 1 id parameter to the a privatemessages module; 2 search parameter to the b links and c content modules; and 3 files parameter to the gallery module...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:118)

A vulnerability was discovered in the XDM display manager that ships with XFree86. XDM does not check for successful completion of the pamsetcred call and in the case of error conditions in the installed PAM modules, XDM may grant local root access to any user with valid login credentials. It has...