MIT Kerberos 5 GSS-API library DoS

NULL pointer dereference in server side code...

RedHat Security Advisory RHSA-2009:1066

The remote host is missing updates announced in advisory RHSA-2009:1066. A server-side code injection flaw was found in the SquirrelMail mapypalias function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service NIS server via the mapypalias...

squirrelmail security update

1.4.8-5.0.1.el53.7 - Remove Redhat splash screen images 1.4.8-5.7 - fix broken patch for CVE-2009-1579 1.4.8-5.6 - fix broken patch for CVE-2009-1579 1.4.8-5.5 - don't ship patch backup files 1.4.8-5.4 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 : Server-side code...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. OpenVAS Vulnerability Test $Id: mdksa2009110.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:110 squirrelmail Authors: Thomas Reinke Copyright: Copyright c 20...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

openSUSE 10 Security Update : squirrelmail (squirrelmail-6242)

Multiple vulnerabilities have been fixed in SquirrelMail: an XSS and input sanitization bug both CVE-2009-1578, a server-side code execution CVE-2009-1579, a login session hijacking bug CVE-2009-1580 and another bug that allowed phishing and XSS attacks CVE-2009-1581. %NASLMINLEVEL 70300 C Tenabl...

terracotta-lfidownload.txt

Its been awhile since I've posted something, so lets get to the goods. Terracotta is a an open source CMS from http://sourceforge.net/projects/terracotta/ First up, we have Full path disclosure vulnerabilities in the GET'd variable 'File'. Specify something other than whats in the list and we get...

Terracotta Personal Edition Multiple vulnerabilities

Its been awhile since I've posted something, so lets get to the goods. Terracotta is a an open source CMS from http://sourceforge.net/projects/terracotta/ First up, we have Full path disclosure vulnerabilities in the GET'd variable 'File'. Specify something other than whats in the list and we get...

PT-2007-3439 · Openconcept · Openconcept Back-End Cms

Name of the Vulnerable Software and Affected Versions: OpenConcept Back-End CMS version 0.4.7 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the includes path parameter to various PHP files, including "click.php" and "pollcollector.php" in the htdocs...

BandSite CMS 1.1 - 'bio_content.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

BandSite CMS 1.1 - mp3_content.php Cross-Site Scripting

BandSite CMS 1.1 - mp3content.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access...

BandSite CMS 1.1 - 'shows_content.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage...

MySource 2.14 - mime.php?PEAR_PATH Remote File Inclusion

MySource 2.14 - mime.php?PEARPATH Remote File Inclusion source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

PMachine Pro 2.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/12597/info PMachine Pro is reported prone to a remote file include vulnerability. This issue affects the 'mailautocheck.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileg...

Mambo Open Source Multiple Input Validation Vulnerabilities

Description Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may leverage these issues to execute arbitrary server-side script code on an...