Lucene search
K

159 matches found

myhack58
myhack58
added 2011/09/21 12:0 a.m.34 views

The Django development framework multiple security vulnerabilities-vulnerability warning-the black bar safety net

Affected version: Django 1.2.5 Django 1.3 beta 1 Django 1.2.4 Django 1.2.2 Django 1.2 Vulnerability description: Django is an open source Web application framework made of Python written. Django there are multiple security vulnerabilities, allow an attacker to obtain sensitive information,...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.78 views

[SECURITY] [DSA 2286-1] phpmyadmin security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.12879EPSS
Exploits18
nessus
nessus
added 2011/07/26 12:0 a.m.38 views

FreeBSD : phpmyadmin -- multiple vulnerabilities (d79fc873-b5f9-11e0-89b4-001ec9578670)

The phpMyAdmin development team reports : XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loc...

6.8CVSS5.6AI score0.0332EPSS
Exploits0References7
osv
osv
added 2011/07/26 12:0 a.m.29 views

DSA-2286-1 phpymadmin - several

Bulletin has no description...

7.5CVSS6.6AI score0.12879EPSS
Exploits18
typo3
typo3
added 2011/07/25 12:0 a.m.15 views

Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting, Local File Inclusion, Code Execution and Session Manipulation. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...

7.1AI score
Exploits0Affected Software1
freebsd
freebsd
added 2011/07/23 12:0 a.m.39 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...

6.8CVSS6.5AI score0.0332EPSS
Exploits0References4
nessus
nessus
added 2011/07/18 12:0 a.m.13 views

Fedora 15 : phpMyAdmin-3.4.3.1-1.fc15 (2011-9132)

Changes for 3.4.3.1 2011-06-07 - PMASA-2011-5 Possible session manipulation in Swekey authentication http://www.phpmyadmin.net/homepage/security/PMASA-2011 -5.php - PMASA-2011-6 Possible code injection in setup script in case session variables are compromised...

5.5AI score
Exploits0References6
nessus
nessus
added 2011/07/18 12:0 a.m.38 views

Fedora 14 : phpMyAdmin-3.4.3.1-1.fc14 (2011-9144)

Changes for 3.4.3.1 2011-06-07 - PMASA-2011-5 Possible session manipulation in Swekey authentication http://www.phpmyadmin.net/homepage/security/PMASA-2011 -5.php - PMASA-2011-6 Possible code injection in setup script in case session variables are compromised...

7.5CVSS6AI score0.12879EPSS
Exploits18References10
osv
osv
added 2011/07/14 11:55 p.m.2 views

DEBIAN-CVE-2011-2506

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

7.5CVSS7.1AI score0.09626EPSS
Exploits14References1
osv
osv
added 2011/07/14 11:55 p.m.2 views

DEBIAN-CVE-2011-2505

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...

6.4CVSS7.1AI score0.12879EPSS
Exploits15References1
osv
osv
added 2011/07/14 11:55 p.m.9 views

CVE-2011-2507

libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...

6.6AI score
Exploits0References21
phpmyadmin
phpmyadmin
added 2011/07/02 12:0 a.m.51 views

Possible session manipulation in Swekey authentication.

PMASA-2011-5 Announcement-ID: PMASA-2011-5 Date: 2011-07-02 Updated: 2011-07-03 Summary Possible session manipulation in Swekey authentication. Description It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other...

6.4CVSS6AI score0.12879EPSS
Exploits15Affected Software1
packetstorm
packetstorm
added 2011/02/01 12:0 a.m.21 views

ACollab 1.2 SQL Injection

------------------------------------------------------------------------ Software................ACollab 1.2 Vulnerability...........SQL Injection Download................http://atutor.ca/acollab/ Release Date............1/31/2011 Tested On...............Windows Vista + XAMPP...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2010/12/11 12:0 a.m.17 views

Trixbox langChoice PHP Local File Inclusion

$Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ -- coding: utf-8 -- require 'msf/core' class...

0.1AI score
Exploits0
rdot
rdot
added 2010/07/06 12:0 a.m.25 views

Новый метод атаки через Reverse-IP

Новый метод атаки через reverse-ip Хоть статья и 2009 года, но до сих пор актуальна. 0. INTRO Вобщем не буду делать большое вступление. Недавно имело место хекать сайт. Шел был успешно залит на соседний, но вот беда на сервере грамотно выставленны права. Пришлось включать голову и думать. И в...

7.3AI score
Exploits0
exploitdb
exploitdb
added 2009/06/08 12:0 a.m.43 views

Shop Script Pro 2.12 - SQL Injection

!/usr/bin/perl =about VENDOR Shop Script Pro 2.12 maybe other versions vulnerable too http://www.shop-script.com/ AUTHOR discovered & written by Ams ax330d doggy gmail dot com http://www.0x416d73.name/ VULN. DESCRIPTION Look in index.php at line 101. Variable $currentcurrency is set from...

7.4AI score
Exploits0
atlassian
atlassian
added 2009/03/19 4:27 p.m.20 views

Cache Plugin -Cross-site script error

Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...

0.2AI score
Exploits0Affected Software1
nessus
nessus
added 2007/02/01 12:0 a.m.41 views

Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass

The version of Drupal installed on the remote host includes at least one third-party module that adds a captcha to various forms e.g. user registration that is affected by a security bypass vulnerability. A remote attacker, using a specially crafted 'editcaptcharesponse' parameter, can bypass...

5CVSS5.6AI score0.02594EPSS
Exploits0References3
myhack58
myhack58
added 2006/01/07 12:0 a.m.35 views

The use of Session spoofing configuration the most hidden WebShell-vulnerability warning-the black bar safety net

Unknowingly“LM groups”to see the Black anti-there have been two spring and autumn, the period does not fall. Painstaking practice so long, can start playing on a trick or two. See the Black anti-second period of the DreamWeaver caused the network crisis of a text,“LM groups”the heart indescribabl...

6.9AI score
Exploits0
Rows per page
Query Builder