6058 matches found
CVE-2006-4468
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the 1 mosMail, 2 JosIsValidEmail, and 3 josSpoofValue functions; 4 the lack of inclusion of globals.php in...
CVE-2006-4468
CVE-2006-4468 affects Joomla! prior to 1.0.11. The vulnerability set involves multiple input- handling weaknesses (unvalidated input) across several components: mosMail, JosIsValidEmail, josSpoofValue, missing inclusion of globals.php in administrator/index.php, Admin User Manager, and the poll m...
Dragonfly CMS 9.0.6.1 and prior XSS
HeLiOsZ - Dark End Team - Internet Security Team Dragonfly CMS 9.0.6.1 and prior XSS IRC: darkend.sytes.net darkend , http://darkend.sytes.net & http://www.darkend.org Rish : Medium Type : web applet Creator: http://www.cpgnuke.com/ Exploit: - The vuln is in the search section,it don't validate t...
osDate 1.1.7 multiple vulnerabilities
/ osDate 1.1.7 advisory / Date of written Advisory: ------------------------- July, 18 2006 Product: -------- OSdate = 1.1.7 Vendor: ------- http://tufat.com/ Description: ------------ osDate is a full fledged dating script which can be eaily integrated with phpBB and flashChat, and provides...
Improper Validation of User-mode Pointers
Improper Validation of User-mode Pointers Many of the hooks that KAV installs and even the custom system services suffer from flaws that are detrimental to the operation of the system. For instance, KAV's modified NtOpenProcess attempts to determine if a user address is valid by comparing it to t...
Authentication flaw
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...
WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
WebAlbum 2.02pl - COOKIEskin2 Remote Code Execution !/usr/bin/php -q -d shortopentag=on this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum 2004-2006 duda\r\n"; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if...
aztek40.txt
/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line: '"alertdocument.cookie -...
AZTEK forums 4.0 multiple vulnerabilities (PoC)
/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line:...
phpMyAdmin: Local file inclusion vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected...
FForm Sender 1.0 - 'Processform.php3?Name' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14324/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. This may facilitate the theft of...
SimpGB SQL Injection Vulnerability
Hi, The PHP guestbook SimpGB 1, written by Boesch IT-Consulting 2 can be exploited to gain userdata. The quote variable isn't checked carefully in simpgb/include/gbnew.inc called by guestbook.php. I wrote a proof of concept which shows a md5 hash and the username, read from the database...
Wfsection 1.07 vulnerabilities
Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...
AWStats 6.0 6.2 - configdir Remote Command Execution (C)
AWStats 6.0 6.2 - configdir Remote Command Execution C / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the us...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
Debian DSA-033-1 : analog - buffer overflow
The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form...
FreezingCold Broadboard - 'profile.asp' SQL Injection
source: https://www.securityfocus.com/bid/11250/info Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query. An attacker may...
[NGSEC-2004-7] NtRegmon, local system denial of service.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next Generation Security Technologies http://www.ngsec.com Security Advisory Title: NtRegmon, local system denial of service. ID: NGSEC-2004-7 Application: NtRegmon http://www.sysinternals.com/ntw2k/source/regmon.shtml Date: 14/Aug/2004 Status: Patche...
Sysinternals Regmon 6.11 - Local Denial of Service
Sysinternals Regmon 6.11 - Local Denial of Service // source: https://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated...
Sysinternals Regmon 6.11 - Local Denial of Service
// source: https://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel functions. Successful exploitation m...