1091 matches found
Gentoo Security Advisory GLSA 200507-06 (Tikiwiki)
The remote host is missing updates announced in advisory GLSA 200507-06. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: python, python23, python22, python-devel
The remote host is missing an update to the system as announced in the referenced advisory. VID 6afa87d3-764b-11d9-b0e7-0000e249a0a2 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Wordpress XML-RPC接口非授权操作漏洞
BUGTRAQ ID: 27669 CVECAN ID: CVE-2008-0664 WordPress是一款免费的论坛Blog系统。 如果启用了注册的话,WordPress的XML-RPC实现(xmlrpc.php)就无法对页面所设置的posttype执行检查,这允许远程攻击者向论坛提交恶意请求更改编辑其他用户的张贴。 WordPress 2.3.2 临时解决方法: 禁止创建帐号,或临时删除xmlrpc.php文件。 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1601-1)以及相应补丁: DSA-1601-1:New wordpress...
DSA-1601-1 wordpress - several vulnerabilities
Bulletin has no description...
Crysis games server DoS
NULL pointer dereference on oversized request to HTTP/XML-RPC interface...
NULL pointer in the HTTP/XML-RPC service of Crysis 1.21
Luigi Auriemma Application: Crysis http://www.ea.com/crysis/home.jsp Versions: = 1.21 1.1.1.6156 showed as gamever Platforms: Windows Bug: NULL pointer in the HTTP/XML-RPC service Exploitation: remote, versus server Date: 16 Jun 2008 Author: Luigi Auriemma e-mail: [email protected] web:...
Debian DSA-1597-2 : mt-daapd - multiple vulnerabilities
Three vulnerabilities have been discovered in the mt-daapd DAAP audio server also known as the Firefly Media Server. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-5824 Insufficient validation and bounds checking of the Authorization: HTTP...
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...
DSA-1597-1 mt-daapd - several vulnerabilities
Bulletin has no description...
GLSA-200805-21 : Roundup: Permission bypass
The remote host is affected by the vulnerability described in GLSA-200805-21 Roundup: Permission bypass Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions CVE-2008-1475. Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecifi...
Roundup: Permission bypass
Background Roundup is an issue-tracking system with command-line, web and e-mail interfaces. Description Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions CVE-2008-1475. Furthermore, Roland Meister discovered multiple vulnerabilities caused by...
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check...
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check...
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check...
CVE-2008-2104
The CVE-2008-2104 entry concerns Bugzilla 3.1.3’s WebService: remote authenticated users lacking canconfirm privileges can create NEW or ASSIGNED bug entries via XML-RPC, bypassing the canconfirm check. The connected documents confirm the affected product/version and the bypass directly enabling ...
Code injection
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors...
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors...
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors...
CVE-2008-1533
CVE-2008-1533 affects Joomla! 1.5 via the XML-RPC Blogger API plugin. The vulnerability allows remote attackers to perform unauthorized article operations on articles through unknown vectors. The public description lacks concrete exploit details or affected versions beyond Joomla! 1.5 and the plu...
CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...