159 matches found
The Django development framework multiple security vulnerabilities-vulnerability warning-the black bar safety net
Affected version: Django 1.2.5 Django 1.3 beta 1 Django 1.2.4 Django 1.2.2 Django 1.2 Vulnerability description: Django is an open source Web application framework made of Python written. Django there are multiple security vulnerabilities, allow an attacker to obtain sensitive information,...
[SECURITY] [DSA 2286-1] phpmyadmin security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...
FreeBSD : phpmyadmin -- multiple vulnerabilities (d79fc873-b5f9-11e0-89b4-001ec9578670)
The phpMyAdmin development team reports : XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loc...
DSA-2286-1 phpymadmin - several
Bulletin has no description...
Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting, Local File Inclusion, Code Execution and Session Manipulation. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...
Fedora 15 : phpMyAdmin-3.4.3.1-1.fc15 (2011-9132)
Changes for 3.4.3.1 2011-06-07 - PMASA-2011-5 Possible session manipulation in Swekey authentication http://www.phpmyadmin.net/homepage/security/PMASA-2011 -5.php - PMASA-2011-6 Possible code injection in setup script in case session variables are compromised...
Fedora 14 : phpMyAdmin-3.4.3.1-1.fc14 (2011-9144)
Changes for 3.4.3.1 2011-06-07 - PMASA-2011-5 Possible session manipulation in Swekey authentication http://www.phpmyadmin.net/homepage/security/PMASA-2011 -5.php - PMASA-2011-6 Possible code injection in setup script in case session variables are compromised...
DEBIAN-CVE-2011-2506
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...
DEBIAN-CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2011-2507
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
Possible session manipulation in Swekey authentication.
PMASA-2011-5 Announcement-ID: PMASA-2011-5 Date: 2011-07-02 Updated: 2011-07-03 Summary Possible session manipulation in Swekey authentication. Description It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other...
ACollab 1.2 SQL Injection
------------------------------------------------------------------------ Software................ACollab 1.2 Vulnerability...........SQL Injection Download................http://atutor.ca/acollab/ Release Date............1/31/2011 Tested On...............Windows Vista + XAMPP...
Trixbox langChoice PHP Local File Inclusion
$Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ -- coding: utf-8 -- require 'msf/core' class...
Новый метод атаки через Reverse-IP
Новый метод атаки через reverse-ip Хоть статья и 2009 года, но до сих пор актуальна. 0. INTRO Вобщем не буду делать большое вступление. Недавно имело место хекать сайт. Шел был успешно залит на соседний, но вот беда на сервере грамотно выставленны права. Пришлось включать голову и думать. И в...
Shop Script Pro 2.12 - SQL Injection
!/usr/bin/perl =about VENDOR Shop Script Pro 2.12 maybe other versions vulnerable too http://www.shop-script.com/ AUTHOR discovered & written by Ams ax330d doggy gmail dot com http://www.0x416d73.name/ VULN. DESCRIPTION Look in index.php at line 101. Variable $currentcurrency is set from...
Cache Plugin -Cross-site script error
Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
The version of Drupal installed on the remote host includes at least one third-party module that adds a captcha to various forms e.g. user registration that is affected by a security bypass vulnerability. A remote attacker, using a specially crafted 'editcaptcharesponse' parameter, can bypass...
The use of Session spoofing configuration the most hidden WebShell-vulnerability warning-the black bar safety net
Unknowingly“LM groups”to see the Black anti-there have been two spring and autumn, the period does not fall. Painstaking practice so long, can start playing on a trick or two. See the Black anti-second period of the DreamWeaver caused the network crisis of a text,“LM groups”the heart indescribabl...