CVE-2008-6944

Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in carsimages/...

[Full-disclosure] Plume CMS Multiple SQL Injection Vulnerabilities - Security Advisory - SOS-09-006

Plume CMS Multiple SQL Injection Vulnerabilities - Security Advisory - SOS-09-006 Release Date. 12-Aug-2009 Last Update. - Vendor Notification Date. 16-Jun-2009 Product. Plume CMS Platform. Independent Affected versions. 1.2.3 verified, possibly others Severity Rating. High Impact. Manipulation o...

Plume CMS 1.2.3 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ====================================================== Plume CMS 1.2.3 Multiple SQL Injection Vulnerabilities ====================================================== Plume CMS Multiple SQL Injection Vulnerabilities - Security Advisory -...

CVE-2008-6930

Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/reimages/...

CVE-2009-2737

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...

CVE-2009-2573

Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the 1 user parameter to a index.php and b rss.php...

Deserialization of untrusted data

index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action...

CVE-2009-1021

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2009-2371

Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibl...

IBM DB2 Multiple Vulnerabilities (Windows)

The host is installed with IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodibmdb2multdosvulnwin02.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 Multiple DOS Vulnerabilities Windows Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod,...

IBM DB2 Multiple Vulnerabilities (Linux)

The host is installed with IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodibmdb2multdosvulnlin02.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 Multiple Vulnerabilities Linux Authors: Antu Sanadi Updated KB Name Antu Sanadi on 2009-12-21 Copyright:...

CVE-2009-2213

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access...

CVE-2009-2213

The CVE-2009-2213 entry involves Citrix NetScaler Access Gateway (Enterprise Edition) firmware 9.0, 8.1 and earlier. The issue is a default Security global setting: Default Authorization Action is set to Allow, which may allow remote authenticated users to bypass intended access restrictions. The...

CVE-2009-2173

The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service application hang via a crafted HTTP request to TCP port 28012...

CVE-2009-2120

Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 ids parameter to admin.php, the 2 y parameter to members.php, and other unspecified vectors. NOTE: vector 1 requires administrative access...

Sql injection

SQL injection vulnerability in writemessage.php in Yogurt 0.3, when registerglobals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter...

CVE-2009-0230

The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spoole...

CVE-2009-1826

modules/admuser.php in myGesuad 0.9.14 aka 0.9 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...

Server side request forgery (ssrf)

agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...

Microsoft IIS 6.0 WebDAV Bypass

!/usr/bin/perl -W Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit written by ka0x Advisory: http://www.milw0rm.com/exploits/8765 Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others! use IO::Socket ; my $host, $path = @ARGV ; my $port = 80 ; webserver...