CVE-2012-0831

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

Information disclosure

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors...

CVE-2011-4143

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors...

CVE-2011-4143

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors...

CVE-2011-4143

Summary of CVE-2011-4143 : Affected product is RSA enVision 4.x (4.0 SP4 P5 and 4.1 before P3). The issue is an environmental variable information disclosure vulnerability that could allow an unauthenticated, remote attacker to obtain sensitive details about the environment variables in the web s...

Webcalendar 1.2.4 Cross Site Scripting

Exploit Title: Webcalendar 1.2.4 'location' XSS Date: 01/11/12 Author: G13 Software Link: https://sourceforge.net/projects/webcalendar/?source=directory Version: 1.2.5 Category: webapps php Vulnerability There is no sanitation on the input of the location variable. This allows malicious scripts t...

Winn Guestbook v2.4.8c Stored XSS

Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation on the input of the name variable. This allows maliciou...

CVE-2011-1710

Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service service crash or possibly execute arbitrary code via crafted header length variables...

DIY-CMS blog mod SQL Injection

Exploit for php platform in category web applications Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: email protected Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG:...

DIY-CMS blog mod - SQL Injection

DIY-CMS blog mod - SQL Injection Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG:...

DIY-CMS Blog Mod SQL Injection

Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG: http://127.0.0.1/diy-cms/mod.php?mod=blog&modfile=tags&tag=features&start=sqli...

Debian DSA-2348-1 : systemtap - several vulnerabilities

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux : - CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. - CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun cou...

DEDECMS global variable overwrite vulnerability science-vulnerability warning-the black bar safety net

DEDECMS global variable overwrite vulnerability was first wolves security team 0 9 published in the official soften up until now didn't repair the vulnerability, and now covers substantially DEDECMS full version. Personal guess is not the official deliberately left the back door. The following...

DEBIAN-CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

DEBIAN-CVE-2011-4063

chansip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service daemon crash via a malformed request...

Simple Free PHP Forum Script - SQL Injection

Exploit Title: Simple Free PHP Forum Script 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1 wget "http://127.0.0.1/forum/index.php?show=cat&id=1' AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1" -------------- Vurnerable Code -------------- Line 150 of...

Simple Free PHP Forum Script - SQL Injection

Simple Free PHP Forum Script - SQL Injection Exploit Title: Simple Free PHP Forum Script 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1 wget "http://127.0.0.1/forum/index.php?show=cat&id=1' AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1" --------------...