678 matches found
[waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5
waraxe-2007-SA051 - Sql Injection in 2z Project 0.9.5 ==================================================================== Author: Janek Vind "waraxe" Date: 23. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-51.html Target software description: Vulnerable: 2z Project 0.9.5...
waraxe-2007-SA051.txt
waraxe-2007-SA051 - Sql Injection in 2z Project 0.9.5 ==================================================================== Author: Janek Vind "waraxe" Date: 23. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-51.html Target software description: Vulnerable: 2z Project 0.9.5...
PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability
No description provided by source. \ /\ / | \ | / // / | | \ \ Y / | / / \ /\| /\ / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...
PMB Services 3.0.13 - Multiple Remote File Inclusions
PMB Services 3.0.13 - Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File...
PMB Services 3.0.13 - Multiple Remote File Inclusions
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...
CVE-2006-6948
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database...
CVE-2006-6948
The CVE affects MyODBC Japanese Conversion Edition (Windows) versions 3.51.06, 2.50.29, and 2.50.25. A remote attacker can trigger a denial-of-service condition on a vulnerable MySQL server by sending a specific string in a response. The core vulnerability description does not specify the exact r...
CVE-2006-6948
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database...
CVE-2006-4578
export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information...
timberwolf122-xss.txt
-=--------------------ADVISORY-------------------=- TimberWolf 1.2.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: TimberWolf -=+ Version: 1.2.2 -=+ Vendor's URL: http://cms.gamezrule.org/index.php -=+ Platform: Windows\Linux\Unix -=+ Bug...
XeoPort <= 0.81 SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: XeoPort = 0.81 SQL Injection Vulnerability Release Date: 10/12/2006 Last Modified: 10/12/2006 Author: Tamriel tamriel at gmx dot net Application: XeoPort = 0.81 Risk: Moderate Vendor Status: not contacted Vendor Site: www.xeoman.com |...
[Full-disclosure] [vuln.sg] Cybozu Garoon 2 SQL Injection Vulnerabilities
vuln.sg Vulnerability Research Advisory Cybozu Garoon 2 SQL Injection Vulnerabilities by Tan Chew Keong Release Date: 2006-08-28 Summary ------- Some SQL injection vulnerabilities have been found in Cybozu Garoon 2. When exploited by a logon user, the vulnerabilities allow manipulation of SQL...
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
--------------------------------------------------------------------------------------- miniBloggie 1.0 fname Remote File Inclusion --------------------------------------------------------------------------------------- Author : Sh3ll Date : 2006/05/01 HomePage : http://www.sh3ll.ir Contact :...
[Full-disclosure] CounterChaos <= 0.48c SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: CounterChaos = 0.48c SQL Injection Vulnerability Release Date: 2006/08/04 Last Modified: 2006/08/03 Author: Tamriel tamriel at gmx dot net Application: CounterChaos = 0.48c Risk: Moderate Vendor Status: not contacted Vendor Site:...
dnGuestbook <= 2.0 Remote SQL Injection Vulnerabilities
No description provided by source. / | | | | | SECURITY ADVISORY | | | | | /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ advisory: dnGuestbook = v2.0 remote sql injection vulnerability release: 2006-04-08 author: snatcher snatcher at gmx.ch country: switzerland |+| application: dnGuestbook =...
Design/Logic Flaw
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
CVE-2006-1210
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
BuHa-7.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 7 | Feb 14th, 2006 | --------------------------------------------------- | Vendor | Mantis BT | | URL | http://www.mantisbt.org/ | | Version | /manageuserpage.php: GET:...
[Full-disclosure] Password disclosure and remote access in Netcool/NeuSecure Security information management platform
Multiple security information disclosure paths and remote access Netcool/NeuSecure Security information management platform . Cleartext-storage of passwords in the configuration file Cleartext reporting of user password in the log Default backend Mysql database user and remote access. Laxed...
DBeSession102.txt
GulfTech Security Research February 11, 2006 Vendor : Lawrence Osiris URL : http://www.phpclasses.org/browse/package/1624.html Version : DBeSession 1.0.2 Risk : SQL Injection Description: DBeSession is a feature-packed PHP class that stores the session data in a MySQL database rather than files. ...