Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)

Dear BugTraq Readers, It is possible to download the configuration containing usernames/passwords to this CCTV DVR which is being marketed by Swann Security suspect that it is a rebranded AVTech unit tez@tetris $ curl http://192.168.2.100/../../var/run/vynetman.cfg snipPadmin111111 the above are...

CVE-2008-6098

CVE-2008-6098 affects Bugzilla variants (e.g., Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and related versions). The vulnerability lets remote authenticated users bypass moderation to approve/disapprove quips via a direct request to quips.cgi with actio...

CVE-2009-0214

Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022...

CVE-2009-0372

Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file...

Sql injection

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...

CVE-2008-5971

CVE-2008-5971 describes a cross-site scripting (XSS) vulnerability in the profile_social.php component of the i-Net Solution Orkut Clone. The issue allows remote authenticated users to inject arbitrary web script or HTML by manipulating the id parameter. The available references from NVD/PRION/CV...

Design/Logic Flaw

Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console...

CVE-2009-0170

Technical details about CVE-2009-0170 are not publicly available in the provided connected documents. Monitor for updates from vendors and advisories to determine affected products, impact, and fixes.

Design/Logic Flaw

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2008-5452

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2008-5451

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors...

CVE-2008-5456

The CVE-2008-5456 entry describes an unspecified vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The CVSSv2 bas...

CVE-2008-4016

CVE-2008-4016 technical details are not publicly available in the provided documents. No affected products, vectors, or remediation are specified here. Monitor for updates.

Design/Logic Flaw

Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors...

CVE-2008-5857

The CVE-2008-5857 issue affects the KnowledgeTree DropDocuments plugin used before version 3.5.4a . The vulnerability allows remote authenticated users to escalate privileges to administrative level by performing a specific sequence of actions involving "browse documents" and dashboard requests ....

CVE-2008-5709

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager CM 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the 1 Set Static Routes and 2 Backup...

Code injection

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...

CVE-2008-5678

Fretwell-Downing Informatics FDI OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the 1 getsettings.ini, 2 setup.ini, and 3 text.ini files...

Design/Logic Flaw

Fretwell-Downing Informatics FDI OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the 1 getsettings.ini, 2 setup.ini, and 3 text.ini files...

CVE-2008-5678

Fretwell-Downing Informatics FDI OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the 1 getsettings.ini, 2 setup.ini, and 3 text.ini files...