CVE-2004-0033

admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command...

XtremeASP PhotoGallery 2.0 - 'Adminlogin.asp' SQL Injection

source: https://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including i...

CVE-2003-1488

The 1 verifadmin.php and 2 checkadmin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1...

CVE-2003-1356

The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors...

[SECURITY] [DSA 398-1] New conquest packages fix local conquest exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 398-1 [email protected] http://www.debian.org/security/ Martin Schulze November 10th, 2003 http://www.debian.org/security/faq -...

myServer 0.4.3 Directory Traversal Vulnerability

myServer 0.4.3 Directory Traversal Vulnerability .oO Overview Oo. myServer version 0.4.3 shows files and directories that reside outside the normal web root directory. Discovered on 2003, August, 23th Vendor: Myserver http://myserverweb.sourceforge.net/forum/portal.php MyServer is a free, powerfu...

DSA-358 linux-kernel-2.4.18 - several vulnerabilities

Bulletin has no description...

.netCART Settings.XML - Information Disclosure

.netCART Settings.XML - Information Disclosure source: https://www.securityfocus.com/bid/8210/info .netCART is a web based e-commerce and shopping cart site designed for ASP.NET. It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is...

SunOS versions of sendmail use popen to return undeliverable mail

Overview Older versions of sendmail circa 1995 incorrectly used popen to process certain arguments. Description There is a problem with the way that the older circa 1995 versions of Sun Microsystems, Inc. version of sendmail processes the -oR option. This problem has been verified as existing in...

WsMp3d 0.x - Remote Heap Overflow

WsMp3d 0.x - Remote Heap Overflow / Title: Remote Heap Corruption Overflow vulnerability in WsMp3d + Exploit: 0x82-Remote.WsMp3d.again.c bash$ ./0x82--Remote.WsMp3d.again -h 61.37.xxx.xx -t2 WsMp3 Server Heap Corruption Remote root exploit by Xpl017Elz. + Hostname: 61.37.xxx.xx + Port num: 8000 +...

CVE-2002-0567

Oracle 8i and 9i with PL/SQL package for External Procedures EXTPROC allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process...

Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (1)

Passlog Daemon 0.1 - SLParse Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/7261/info It has been reported that passlogd does not properly handle some types of input. Because of this, an attacker may be able to gain unauthorized access to hosts running the vulnerable...

AdMan 1.0.20051221 - 'ViewStatement.php' SQL Injection

source: https://www.securityfocus.com/bid/17208/info AdMan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

CVE-2002-1558

Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet...

PHP-Board 1.0 - User Password Disclosure

PHP-Board 1.0 - User Password Disclosure source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain acce...

PEEL 1.0b - Remote File Inclusion

PEEL 1.0b - Remote File Inclusion source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...

DSA-202 im - insecure temporary files

Bulletin has no description...

Lib CGI 0.1 - Include Buffer Overflow

// source: https://www.securityfocus.com/bid/6264/info Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems. It has been reported that a buffer overflow exists in the Lib CGI development library. Due to improper bounds...

Critical: Red Hat Security Advisory: : Updated kerberos packages available

A remotely exploitable stack buffer overflow has been found in the Kerberos v4 compatibility administration daemon distributed with the Red Hat Linux krb5 packages. Kerberos is a network authentication system. A stack buffer overflow has been found in the implementation of the Kerberos v4...

ATP HTTPd 0.4 - Single Byte Buffer Overflow

ATP HTTPd 0.4 - Single Byte Buffer Overflow // source: https://www.securityfocus.com/bid/5956/info ATP httpd is a lightweight HTTP server. A vulnerability has been reported in ATP httpd that may result in compromise of root access to remote attackers. It is possible to overwrite the least...