SCO OpenServer 5.0.x 'mana' PATH_INFO Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8618/info It has been reported that SCO OpenServer Inertnet Manager 'mana' process is prone to a privilege escalation issue allow local users to execute arbitrary code with elevated privileges. mana normally requires...

Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...

Century Software Term For Linux 6.27.869 Command Line Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/4174/info Term is a commercially available software package for Unix and Linux operating systems. It is distributed and maintained by Century Software. Under some circumstances, it may be possible for a local user to...

Amiro.CMS <= 5.4.0.0 folder disclosure

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005 Amiro.CMS root folder disclosure Objective: Amiro CMS = 5.4.0.0 Type: Disclosure of ways Threat: Medium Date Discovered: 01.07.2009 Date of...

Solaris 2.5/2.6/7.0/8 mailx -F Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2610/info Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is designed as a scalable operating system for the Intel x86 and Sun Sparc platforms, and operates on machines varying...

Advanced Image Hosting 2.2 (index.php) SQL Injection Vulnerability

No description provided by source. ========================================== Advanced Image Hosting v2.2 SQLi Vulnerability ========================================== InformatioN Title : Advanced Image Hosting v2.2 SQLi Vulnerability Author : keracker Vendor or Software Link : http://yabsoft.com...

Platform Load Sharing Facility 4/5 LSF_ENVDIR Local Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system. LSF 5.1...

Content-Builder (CMS) 0.7.5 - Multiple Include Vulnerabilities

No description provided by source. ----------------------------------------------------- Advisory id: FSA:012 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: Content-Builder CMS 0.7.5, Remote command execution Type: high Product: http://www.content-builder.de/ Patch: unavailable...

phpBB 1.x Page Header Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with the phpBB system t...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

GNU Emacs 22.1 Local Variable Handling Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26327/info Emacs is prone to a vulnerability that lets attackers execute arbitrary code. Due to a design error, the application ignores certain security settings and modifies local variables. By supplying a malicious file...

Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15375/info Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input. By modifying a text file to include local...

GNU GNATS 3.113 Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8005/info It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. An attacker can exploit this vulnerability by setting an overly long environment variable and...

NukeET 3.0/3.1 Base64 Codigo Variable Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13570/info NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web pag...

IMLib2 Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating systems and linked with...

HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit

No description provided by source. !/bin/ksh osf1tru64ps.ksh exploit Tested on OSF1 V5.1 1885 alpha ps executable - information leak Author: Andrea bunker Purificato http://rawlab.mindcreations.com the ps command also /usr/ucb/ps on HP OSF1 v5.1 Alpha, developed without an eye to security, allows...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this issue allows an attacker to gain superuser...

Uzbey: Information Disclosure (phpinfo())

URL :- https://staging.uzbey.com/phpinfo.php Description :- phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version. •Details of the PHP...

openSUSE Security Update : perl-LWP-Protocol-https (openSUSE-SU-2014:0710-1)

perl-LWP-Protocol-https was updated to prevent a possible MITM if the environment variables HTTPSCADIR or HTTPSCAFILE were set CVE-2014-3230. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : FastCGI (openSUSE-2011-102)

added FastCGI-fixdeprecatedapi.patch: bnc735882 Fixes an issue where CGI.pm received CGI variables from previous requests. CVE-2011-2766 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...