phpGroupWare Multiple Vulnerabilities

phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it. Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit...

Miniwebsvr 0.0.10 Directory Traversal

miniwebsvr v0.0.10 Directory Traversal/Listing Exploits Found By: DrIDE Date: May 12, 2010 Download: http://sourceforge.net/projects/miniwebsvr/ Tested on: Windows 7 - Description - miniwebsvr v0.0.10 is a Windows based HTTP server. This is the latest version of the application available...

[SECURITY] Fedora 12 Update: mod_auth_shadow-2.2-8.fc12

When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". modauthshadow addresses this difficulty by opening a pipe to an suid root...

[SECURITY] Fedora 11 Update: mod_auth_shadow-2.2-8.fc11

When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". modauthshadow addresses this difficulty by opening a pipe to an suid root...

Mereo Directory Traversal Vulnerability

Mereo is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further...

ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability

ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-084 May 11, 2010 -- CVE ID: CVE-2010-1553 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager -...

Mereo <= 1.9.1 Directory Traversal Vulnerability - Active Check

Mereo is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

REZERVI Belegungsplan und Gästedatenbank 'include/mail.inc.php' Remote File Include Vulnerability

UTILO REZERVI Belegungsplan und Gästedatenbank is prone to a remote file-include vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...

HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovetdemandpoll.exe process. This process can be started by invoking the...

HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf with...

HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid Hostname...

HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid iCount POST...

HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge...

MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability

MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability May 10th, 2010 A preauth plugin configuration injection vulnerability was discovered in the WYSIWYG editor Xinha that allows e.g. uploading arbitrary PHP files to the webserver. Affected versions Affected is Xinha = 0.96 Be...

Mereo 1.9.1 - Directory Traversal

Mereo 1.9.1 - Directory Traversal source: https://www.securityfocus.com/bid/40053/info Mereo is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files and directories...

Mereo 1.9.1 - Directory Traversal

source: https://www.securityfocus.com/bid/40053/info Mereo is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver...

Gallo 'gfw_smarty.php' Remote File Include Vulnerability

Gallo is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a...

osCommerce Local File Include and HTML Injection Vulnerabilities

osCommerce is prone to a local file-include vulnerability and an HTML- injection vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to execute local files within the context of t...

osCommerce Local File Include and HTML Injection Vulnerabilities

osCommerce is prone to a local file-include vulnerability and an HTML- injection vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CF Image Hosting Script 1.1 - &#039;upload.php&#039; Arbitrary File Upload

source: https://www.securityfocus.com/bid/39870/info CF Image Hosting Script is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver...