20 matches found
EUVD-2006-6241
Malware in sbrugna...
EUVD-2006-6239
Malware in sbrugna...
EUVD-2006-6240
Malware in sbrugna...
06-alternC-095.txt
ground418 security advisory Date: 28-11-2006 Subject: Multiple Vulnerabilities in AlternC version 0.9.5 and below. Author: Vincent Audet Ménard Original File: http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt Related Files: http://dev.alternc.org/trac/alternc/changeset/1737...
CVE-2006-6259
Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...
CVE-2006-6256
Cross-site scripting XSS vulnerability in the file manager in admin/bromain.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name...
CVE-2006-6257
The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...
CVE-2006-6256
Cross-site scripting XSS vulnerability in the file manager in admin/bromain.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name...
CVE-2006-6258
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...
CVE-2006-6259
Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...
CVE-2006-6257
The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...
CVE-2006-6258
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...
CVE-2006-6259
Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...
CVE-2006-6258
Affected software: AlternC 0.9.5 and earlier. Issue: the phpmyadmin subsystem transmits the SQL password in cleartext in a cookie, allowing potential exposure through network sniffing or a cross-site scripting (XSS) attack. Consequences: complete confidentiality and integrity impacts (per CVSS). ...
CVE-2006-6258
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...
CVE-2006-6257
The CVE-2006-6257 issue affects AlternC 0.9.5 and earlier, where PHP warning messages disclose sensitive path information when folder names include JavaScript-like strings. The root cause is information leakage via warning output, enabling remote attackers to learn partial path details. Impact is...
CVE-2006-6259
CVE-2006-6259 affects AlternC up to version 0.9.5 (and earlier). The vulnerability classes are directory traversal in two files: class/functions.php (create name) and class/m_bro.php (web root) that permit remote attackers to (1) create arbitrary files/directories via .. in the create name field ...
CVE-2006-6256
Cross-site scripting XSS vulnerability in the file manager in admin/bromain.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name...
CVE-2006-6257
The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...
Multiple Vulnerabilities in AlternC version 0.9.5
ground418 security advisory Date: 28-11-2006 Subject: Multiple Vulnerabilities in AlternC version 0.9.5 and below. Author: Vincent Audet Mnard [email protected] Original File: http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt Related Files:...