CVE-2010-4869

SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter...

Pligg 1.1.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Pligg = 1.1.4 SQL injection Date: 03/23/2011 Author: Null-0x00 Software Link: http://pligg.com/ Version: = 1.1.4 Websites: zenk-security.com & hackerzvoice.net Description An SQL Injection has been found on /rsssearch.php in pli...

Pligg CMS Multiple Security Vulnerabilities

Pligg CMS is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability, a security-bypass vulnerability, and an authentication-bypass vulnerability. Attackers can exploit these issues to...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

DBHCMS Web Content Management System v1.1.4 RFI Vulnerability

No description provided by source. Securitylab.ir Application Info: Name: DBHCMS Web Content Management System Version: 1.1.4 Download: : Discoverd By: Securitylab.ir Website: http://Securitylab.ir Contacts: adminatsecuritylab.ir & [email protected] Vulnerability Info: Type: RFI Remote File...

CUPS '_cupsImageReadTIFF()'整数溢出漏洞

BUGTRAQ ID: 34571 CVE ID：CVE-2009-0163 CNCVE ID：CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。...

PT-2009-2014 · Simple Machines · Simple Machines Forum

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum SMF version 1.1.4 Description: The issue allows remote attackers to potentially execute arbitrary PHP code. This is achieved via a URL in the settingsdefault theme dir parameter to "Sources/Subs-Graphics.php" and...

GR Blog 1.1.4 Upload / Bypass

GR Blog v1.1.4 Upload/Bypass Multiple Remote Vulnerabilities Author: Jose Luis Gongora Fernandez a.k.a JosS Web: http://hack0wn.com/ // TEST ON VERSION GR Blog v1.1.4, in my localhost Download : http://sirini.net/grboard/board.php?id=grblog&articleNo=43 // + Remote File Upload:...

dovecot -- ACL plugin bypass vulnerabilities

Timo Sirainen reports in dovecot 1.1.4 release notes: ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working...

vanilla-xss.txt

GulfTech Security Research August 19, 2008 Vendor : Mark O'Sullivan URL : http://www.getvanilla.com/ Version : Vanilla alert document.cookie%3B The above example link would display the end users cookie to them. Of course this can also be used to steal the cookie data as mentioned earlier in this...

Simple Machines Forum Cross-Site Scripting Vulnerabilities Vulnerabilities

HSC Simple Machines Forum Cross-Site Scripting Vulnerabilities Vulnerabilities Simple Machines Forum allows attackers to exploiting this vulnerability by cross-site scripting and they will be able to obtain detailed information. This may help the attacker steal cookie-based authentication...

PT-2007-3710 · Getahead · Getahead Dwr

Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...

MyBB < 1.1.4 SQL Injection

Binary data 3663.prm...

CVSTrac history.c history_update function overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. OpenVAS has...

CVSTrac timeline.c timeline_page function overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the timelinepage function in timeline.c that may allow an attacker to cause a buffer overflow. An attacker, exploiting this flaw, would be potentially able t...

CVSTrac cgi.c multiple overflows

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains multiple flaws in the mprintf, vmprintf, and vxprintf functions in cgi.c . A remote attacker, exploiting this flaw, would be able to execute arbitrary code on the remote syste...

CVSTrac < 1.1.4 Malformed URI Infinite Loop DoS Vulnerability

CVSTrac is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cvstrac:cvstrac";...

CVSTrac ticket title arbitrary command execution

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to ticket titles containing a semi-colon ';' that may allow an attacker to execute arbitrary commands on the system. OpenVAS has determined the vulnerability...

CVSTrac CVSROOT/passwd arbitrary account deletion

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of CVSTRAC is vulnerable to a flaw wherein a remote attacker can overwrite a critical file, thereby giving them elevated access and potentially control over other user accounts...

CVSTrac invalid ticket DoS

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to invalid tickets that may allow an attacker to cause the application to crash. An attacker, exploiting this flaw, would be able to remotely shut down the...