WebKit XML External Entity Information Disclosure Vulnerability

Exploit for unknown platform in category remote exploits =============================================================== WebKit XML External Entity Information Disclosure Vulnerability =============================================================== Title: WebKit XML External Entity Information...

openSUSE 10 Security Update : open-iscsi (open-iscsi-6454)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files CVE-2009-1297 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

SuSE9 Security Update : qpopper (YOU Patch Number 10045)

Qpopper was handling user files while running as root. Qpopper could also be tricked into overwriting system files. CVE-2005-1151 and CVE-2005-1152 have been assigned to these issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE Security Update : open-iscsi (open-iscsi-1238)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files CVE-2009-1297 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

XOOPS 2.3.3 - .htaccess Remote File Disclosure

XOOPS 2.3.3 - .htaccess Remote File Disclosure ======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca "daath" De...

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)

This host is missing a critical security update according to Microsoft Bulletin MS09-025. OpenVAS Vulnerability Test $Id: secpodms09-025.nasl 5934 2017-04-11 12:28:28Z antu123 $ Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege 968537 Authors: Antu Sanadi Updated By: Madhuri D ...

Unrestricted file upload

Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files aka Manage Files request to the default URI, then accessing the file via a direct request...

CVE-2009-1615

Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files aka Manage Files request to the default URI, then accessing the file via a direct request...

ClamAV 'clamav-milter' Initscript文件权限漏洞

Bugraq ID: 34818 CNCAN ID：CNCAN-2009050603 ClamAV是一款基于unix下的反病毒应用程序。 ClamAV 'clamav-milter' Initscript文件权限设置存在问题，本地攻击者可以利用漏洞进行拒绝服务攻击。 攻击者可以利用漏洞修改部分目录下的文件，导致影响系统完整性并对系统进行进一步攻击。 Clam Anti-Virus ClamAV 0.95.1 厂商解决方案 Ubuntu系统用户可参考如下升级程序： Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu...

Joomla Component com_bookjoomlas SQL Injection Vulnerability

Salvatore "drosophila" Fresta + Application: Joomla Component combookjoomlas + Version: 0.1 + Website: http://www.alikonweb.it + Bugs: A SQL Injection + Exploitation: Remote + Dork: inurl:"index.php?option=combookjoomlas" + Date: 06 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author...

Debian Security Advisory DSA 1761-1 (moodle)

The remote host is missing an update to moodle announced via advisory DSA 1761-1. OpenVAS Vulnerability Test $Id: deb17611.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1761-1 moodle Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian DSA-1761-1 : moodle - missing input sanitization

Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the...

DSA-1761-1 moodle - file disclosure

Bulletin has no description...

[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1761-1 [email protected] http://www.debian.org/security/ Nico Golde April 3rd, 2009 http://www.debian.org/security/faq -...

Default credentials

Cisco Application Networking Manager ANM before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files...

Enomaly ECP多个安全漏洞

BUGTRAQ ID: 33544 CVECAN ID: CVE-2008-4990,CVE-2009-0390 Enomaly ECP（之前名为Enomalism）是用于管理虚拟机的软件。 ECP的enomalism2.sh中存在多个安全漏洞，本地攻击者可以通过符号链接攻击以root用户权限覆盖任意系统文件、向kill命令注入参数以终止任意进程或向进程发送信号，或导致虚拟机无法启动。 Enomaly Elastic Computing Platform 2.1 临时解决方法： 将PIDFILE从/tmp/enomalism2.pid更改为/var/run/enomalism2.pid。...

BlogWrite 0.91 - Remote File Disclosure / SQL Injection

!/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS | |----------------------------------------------------------------------------------------------------------------------------------|...

Thyme 1.3 Local File Inclusion

| Theme Local File Inclusion / Registerglobals: off | | Version: = 1.3 | | Dork: Thyme 1. © 2006 eXtrovert Software LLC. All rights reserved | | Founded by: cheverokatgmail.com | -------------------------------------------------------------------------------------- Intro: See info...

A special was hanging Iframe Trojan solutions-vulnerability warning-the black bar safety net

Hack Eye On! http://www.hackeye.com/ : Not IIS mapping changes, also is not an ARP virus,and the page file source code there is no iframe code solution Today visit one of the company's website, and suddenly found the page display not, right key to view the HTML code, find the iframe a website of...

Fedora 9 : initscripts-8.76.3-1 (2008-7667)

This update fixes an issue CVE-2008-3524 where a malicious user could cause system files to be removed on startup. It also fixes a bug when running on pre- Fedora-9 kernels, and cleans up some extraneous error messages. Note that Tenable Network Security has extracted the preceding description...