asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. =========================================================================================== o asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download :...

Wordpress MU < 1.3.2 active_plugins option Code Execution Exploit

No description provided by source. ?php / WordPress MU blog's options overwrite Credits : Alexander Concha alex at buayacorp dot com Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to...

Design/Logic Flaw

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...

CVE-2007-1533

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...

CVE-2007-1533

CVE-2007-1533 affects the Teredo implementation in Microsoft Windows Vista. The issue: the Teredo nonce is reused across different UDP ports within a solicitation session, enabling remote attackers to brute-force and spoof the nonce. Documents describe a network-exposed impact (remote spoofing po...

CVE-2007-1533

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...

Cross site scripting

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

CVE-2007-1049

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

httpd mod_digest nonce not verified

moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret...

Moderate: Red Hat Security Advisory: apache, mod_ssl security update

Updated apache and modssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The modssl module provides strong...

GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200405-22 Apache 1.3: Multiple vulnerabilities On 64-bit big-endian platforms, modaccess does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses...

Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)

Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its...

Apache 1.3: Multiple vulnerabilities

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description On...

CVE-2003-0987

moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret...

CVE-2003-0987

moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret...

CVE-2003-0987

CVE-2003-0987 affects Apache’s mod_digest prior to 1.3.31, where nonce verification using an AuthNonce secret can enable a replay attack. Affected component: mod_digest in the Apache HTTP Server. Root cause: improper nonce validation allows interception and replay of Digest authentication sequenc...

CVE-2004-1082

moddigestapple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials...

Immunity Canvas: WPTOUCH_NONCE

Name| wptouchnonce ---|--- CVE| CWE-434 Exploit Pack| CANVAS Description| WPTouch Nonce Notes| CVE Name: CWE-434 VENDOR: BraveNewCode Changelog: https://wordpress.org/plugins/wptouch/changelog/ Notes: Vulnerable versions are 3.x = 3.4.2 This is a post authentication shell upload vulnerability in ...