764 matches found
NinkoBB 1.3RC5 Cross Site Request Forgery
Title: NinkoBB CSRF Vulnerability Author: ADEO Security Published: 30/06/2010 Version: 1.3RC5 Possible all versions Vendor: http://ninkobb.com Download: http://ninkobb.com/releases/?NinkoBB-1.3RC5.zip Description: "NinkoBB is an open source forum script written in the PHP language and uses a MySQ...
[SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-2057-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 07, 2010 http://www.debian.org/security/faq -...
Webiz SQL Injection / SHELL Upload Vulnerability
Exploit for php platform in category web applications ================================================ Webiz SQL Injection / SHELL Upload Vulnerability ================================================ ============================================================================ INFORMATIONS...
[SECURITY] Fedora 13 Update: cacti-0.8.7f-1.fc13
Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also...
MySQL COM_FIELD_LIST命令远程溢出漏洞
BUGTRAQ ID: 40106 CVE ID: CVE-2010-1850 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 远程攻击者可以通过向MySQL数据库提交包含有超长表格名称参数的COMFIELDLIST命令触发缓冲区溢出,导致执行任意代码。 MySQL 5.1/5.0 厂商补丁: Oracle ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://bugs.mysql.com/bug.php?id=53237...
CVE-2010-1865
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the IP address to the csgetip function in generate.php in the Captcha module, or 2 the semail parameter to the cssqlselect function in the MySQL database driver...
Sql injection
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the IP address to the csgetip function in generate.php in the Captcha module, or 2 the semail parameter to the cssqlselect function in the MySQL database driver...
CVE-2010-1865
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the IP address to the csgetip function in generate.php in the Captcha module, or 2 the semail parameter to the cssqlselect function in the MySQL database driver...
Advanced Poll Script SQL Injection / Cross Site Scripting
Exploit Title: XSS and Authentication bypass in Advanced Poll Script Date: 26-apr-2010 Author: Sid3^effects Software Link: N/a CVE : Code : XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects Description : Advanced Poll is a polling system with...
2DayBiz Advanced Poll Script - Cross-Site Scripting Authentication Bypass
2DayBiz Advanced Poll Script - Cross-Site Scripting Authentication Bypass XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects Description : Advanced Poll is a polling system with powerful administration tool supports both text file and MySQL...
2DayBiz Advanced Poll Script - Cross-Site Scripting / Authentication Bypass
XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects Description : Advanced Poll is a polling system with powerful administration tool supports both text file and MySQL database. Its features include multiple polls, unlimited options, IP-Logging...
2daybiz Advanced Poll Script XSS and Authentication Bypass
Exploit for php platform in category web applications ========================================================== 2daybiz Advanced Poll Script XSS and Authentication Bypass ========================================================== Description : Advanced Poll is a polling system with powerful...
CentOS Update for mysql CESA-2010:0110 centos4 i386
Check for the Version of mysql OpenVAS Vulnerability Test CentOS Update for mysql CESA-2010:0110 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
[SECURITY] Fedora 11 Update: roundcubemail-0.3.1-2.fc11
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
mysql hash password cracking method-vulnerability warning-the black bar safety net
the mysql user name and password stored in mysql database user table, locate the MySQL\data\mysql\directory of the user. MYD user. MYI user. frm three files, copy to your own mysql database directory, you can view the user's hash. Used sql statements to extract the hash is as follows: use mysql;...
[SECURITY] Fedora 12 Update: cacti-0.8.7e-3.fc12
Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also...
[SECURITY] Fedora 11 Update: cacti-0.8.7e-3.fc11
Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also...
WordPress Installations Under Brute-Force Attack
There is an ongoing attack against some WordPress implementations that is trying to brute-force the passwords for the administrator accounts on the installations. The attack is being driven by an automated PHP script that tries thousands of possible passwords. The SANS Internet Storm Center has...
mysql security update
CentOS Errata and Security Advisory CESA-2009:1289 Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user,...
Empire CMS message Board vulnerability-vulnerability warning-the black bar safety net
Dark gray dropped out of the 0day. Find used Empire CMS station,the site behind a directly applied:e/tool/gbook/? bid=1 For example: www.xxx.com/e/tool/gbook/?bid=1 Out is Empire CMS the guestbook,in the name of writing:缞\ Contact email at: ,1,1,1,select concatusername,0x5f,password,0x5f,rnd from...