pam security update

0.99.6.2-6.2 - fix insecure dropping of priviledges in pamxauth and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

eoCMS <= 0.9.04 LFI Vulnerability

eoCMS is prone to multiple input-validation vulnerabilities, including: - HTML injection - SQL injection - Multiple local file include LFI Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit...

PhreeBooks <= 2.1 Multiple Vulnerabilities - Active Check

PhreeBooks is prone to multiple input validation vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AdaptCMS 'init.php' Remote File Include Vulnerability

AdaptCMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OrangeHRM <= 2.6.1 'uri' Parameter LFI Vulnerability

OrangeHRM is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

BSA-005 Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problem: CVE-2010-3433 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before...

CVE-2010-3781

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433...

CVE-2010-3433

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

CVE-2010-3433

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

Uebimiau Webmail 'stage' Parameter Local File Include Vulnerability

Uebimiau Webmail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This ma...

AD-EDIT2 vulnerable to cross-site scripting

Overview AD-EDIT2 contains a cross-site scripting vulnerability. AD-EDIT2 is a Contents Management System CMS software. AD-EDIT2 contains a cross-site scripting vulnerability. Seiei Higa of IT College Okinawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

VisualSite CMS v1.3 Multiple Vulnerabilities

Exploit for asp platform in category web applications ============================================ VisualSite CMS v1.3 Multiple Vulnerabilities ============================================ Affected Version : VisualSite 1.3 Discovery : www.abysssec.com Download Links :...

LeadTools ActiveX common dialogs 16.5 - Multiple Vulnerabilities

LeadTools ActiveX common dialogs 16.5 - Multiple Vulnerabilities LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities Vendor: LEAD Technologies, Inc. Product Web Page: http://www.leadtools.com Affected version: 16.5.0.2 Summary: With LEADTOOLS you can control any scanner, digital...

TCMS - Multiple Input Validation Vulnerabilities

TCMS - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/42766/info TCMS is prone to multiple input-validation vulnerabilities, including a local file-include vulnerability, a local file-disclosure vulnerability, multiple SQL-injection vulnerabilities, and multip...

123 Flash Chat 7.8 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/42478/info 123 Flash Chat is prone to multiple security vulnerabilities. These vulnerabilities include a cross-site scripting vulnerability, multiple information-disclosure vulnerabilities, and a directory-traversal vulnerability. An attacker can exploit...

Microsoft Internet Explorer 8 - toStaticHTML() HTML Sanitization Bypass

Microsoft Internet Explorer 8 - toStaticHTML HTML Sanitization Bypass source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can...

phpMyAdmin 3.3.5 XSS Vulnerability

Exploit for php platform in category web applications ================================== phpMyAdmin 3.3.5 XSS Vulnerability ================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...

Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/42445/info Mystic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Whizzy CMS <= 10.02 LFI Vulnerability

Whizzy CMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Social Media - &#039;index.php&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/42009/info Social Media is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in...