[SA17943] Lyris ListManager Multiple Vulnerabilities

TITLE: Lyris ListManager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17943 VERIFY ADVISORY: http://secunia.com/advisories/17943/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information, Privilege escalation WHERE: From remote SOFTWARE: Lyris ListManager 7.x...

TYPO3 Security Bulletin

Situations are imaginable where sensitive information gets stored in the fileadmin/temp/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information. Component Type: Core Affected Components: File Editor in Install Tool Versions: TYPO3 3.8...

Rich Media E-Commerce Stores Sensitive Information Insecurely

A security vulnerability in Rich Media SPDX-FileCopyrightText: 2002 SecurITeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10874";...

Tripwire for Webpages Detection

We detected the remote web server as running Tripwire for web pages under the Apache web server. This software allows attackers to gather sensitive information about your server configuration. OpenVAS Vulnerability Test $Id: tripwirewebpage.nasl 8023 2017-12-07 08:36:26Z teissa $ Description:...

SilverStream directory listing

SilverStream directory listings are enabled. An attacker may use this problem to gain more knowledge on this server and possibly to get files you would want to hide. Reference : http://online.securityfocus.com/archive/101/144786 OpenVAS Vulnerability Test $Id: silverstreamdirlisting.nasl 8023...

Hidden WWW server name

It seems that your web server tries to hide its version or name, which is a good thing. However, using a special crafted request, OpenVAS was able to discover it. OpenVAS Vulnerability Test $Id: wwwservername.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Hidden WWW server name Authors:...

Tripwire for Webpages Detection (HTTP)

We detected the remote web server is running Tripwire for Webpages under the Apache HTTP Server. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

'printenv' CGI Information Disclosure Vulnerability

The SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10188";...

DefaultNav checker

This plugin checks for DefaultNav vulnerabilities on the remote web server See the references for more information. SPDX-FileCopyrightText: 2005 Net-Square Solutions Pvt Ltd. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2005-4196

Name of the Vulnerable Software and Affected Versions Solaris Management Console SMC versions 8 through 10 Description The default configuration of the web server for the Solaris Management Console enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information...

[UNIX] MAXdev MD-Pro Multiple Vulnerabilities (Code Execution, Path Disclosure and CSS)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Webmin, Usermin: Remote code execution through PAM authentication

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails. Description Keigo Yamazaki discovered that the...

CVE-2005-0690

Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command...

Movable Type mt.cfg Information Disclosure

The remote host is running Movable Type. The file 'mt.cfg' is publicly accessible, and contains information that should not be exposed. %NASLMINLEVEL 70300 This script was written by Rich Walchuck rich.walchuck at gmail.com See the Nessus Scripts License for details Changes by Tenable: -...

DEBIAN-CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg'Servers' variables...

CVE-2004-2588

Intentional information leak in phpinfo.php in XMB aka extreme message board 1.9 beta aka Nexus beta allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application...

MailPost discloses sensitive system information when operating in debug mode

Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...

GLSA-200406-05 : Apache: Buffer overflow in mod_ssl

The remote host is affected by the vulnerability described in GLSA-200406-05 Apache: Buffer overflow in modssl A bug in the function sslutiluuencodebinary in sslutil.c may lead to a remote buffer overflow on a server configured to use FakeBasicAuth that will trust a client certificate with an...

Compulsive Media CNU5 - News.mdb Database Disclosure

Compulsive Media CNU5 - News.mdb Database Disclosure source: https://www.securityfocus.com/bid/11004/info CNU5 is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file 'news.mdb' and gain access to sensitive information including...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...