[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory 1362-2 [email protected] http://www.debian.org/security/ Steve Kemp October 7th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

Cart32 6.x - GetImage Arbitrary File Download

Cart32 6.x - GetImage Arbitrary File Download source: https://www.securityfocus.com/bid/25928/info Cart32 is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files...

Cart32 6.x - GetImage Arbitrary File Download

source: https://www.securityfocus.com/bid/25928/info Cart32 is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the webserver process...

PHP-Nuke Dance Music Module - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/25806/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the...

XCMS 1.1/1.7 - 'Password' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of...

[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval

waraxe-2007-SA052 - dBlog CMS Open Source database retrieval ==================================================================== Author: Janek Vind "waraxe" Date: 19. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-52.html Target software description:...

Coppermine Photo Gallery 1.4.12 - referer Cross-Site Scripting

Coppermine Photo Gallery 1.4.12 - referer Cross-Site Scripting source: https://www.securityfocus.com/bid/25698/info Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. Attackers can exploit these issues to steal cookie-based authentication credentials...

Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution

Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue...

Coppermine Photo Gallery 1.4.12 - log Local File Inclusion

Coppermine Photo Gallery 1.4.12 - log Local File Inclusion source: https://www.securityfocus.com/bid/25698/info Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. Attackers can exploit these issues to steal cookie-based authentication credentials,...

Boa webserver Intersil extension (multiple wireless access points) buffer overflow

Buffer overflow in HTTP Basic authentication allows to access device without password...

Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25698/info Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within...

Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion

source: https://www.securityfocus.com/bid/25698/info Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within...

Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution

source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd'...

SisfoKampus - dwoprn.php Arbitrary File Download

SisfoKampus - dwoprn.php Arbitrary File Download source: https://www.securityfocus.com/bid/25617/info Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download...

SisfoKampus - 'dwoprn.php' Arbitrary File Download

source: https://www.securityfocus.com/bid/25617/info Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the webserver...

Claroline 1.x - adminadvancedUserSearch.php?action Cross-Site Scripting

Claroline 1.x - adminadvancedUserSearch.php?action Cross-Site Scripting source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script...

Claroline 1.x - incliblanguage.lib.php?language Traversal Local File Inclusion

Claroline 1.x - incliblanguage.lib.php?language Traversal Local File Inclusion source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local...

Claroline 1.x - admincampusProblem.php?view Cross-Site Scripting

Claroline 1.x - admincampusProblem.php?view Cross-Site Scripting source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in...

Claroline 1.x - adminadminusers.php?dir Cross-Site Scripting

Claroline 1.x - adminadminusers.php?dir Cross-Site Scripting source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the...

Claroline 1.x - '/inc/lib/language.lib.php?language' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which m...